Position Type: Full Time
Location: Remote, US
Company Overview
SCS Global Services is a pioneer and leader in the field of sustainability standards and third-party certification, working across the economy in the natural resources, built environment, food and agriculture, consumer products, and climate sectors for over 40 years. As a Benefit Corporation, we are committed to socially and environmentally responsible business practices, and through the application of sound science, we are driving positive change.
Job Overview
The Security Engineer II is responsible for the design, implementation, and lifecycle ownership of assigned security controls across identity, infrastructure, network, workload, and data layers. This role operates with a high degree of autonomy in a small team environment, independently identifying gaps, proposing remediation plans with estimated effort and complexity, and executing approved work. The ideal candidate brings deep infrastructure engineering knowledge to ensure security solutions are practical, operationally sound, and aligned with business impact. This role represents a fully independent individual contributor position and is differentiated from Security Engineer I by its expectation for independent scoping, design level ownership of security control implementations, with minimal day to day oversight.
Essential Duties and Responsibilities
Design and implement security control architectures and reference implementation patterns aligned with ISO 27001:2022 and related security frameworks (CIS, NIST CSF, MITRE ATT&CK), within established organizational standards
Engineer and maintain assigned security controls across the following domains: Identity: Entra ID/Conditional Access/MFA/PAM, Endpoint: Intune/EDR/XDR (CrowdStrike), Workloads: Azure/AWS security/container security/CI/CD controls, Data: DLP/encryption/key management
Develop, maintain, and operationalize security standards, baselines, and reference architectures in partnership with IT and application stakeholders
Perform threat modeling (STRIDE) and risk assessments for new systems and material changes, translating findings into actionable security controls and remediation recommendations
Lead security discovery and integration activities for new and existing environments, including current state assessment, gap analysis, and development of prioritized remediation plans
Proactively identify security improvement opportunities, propose viable solutions, and execute approved work items to completion
Integrate and optimize security tooling, including log source onboarding, alert tuning, and workflow automation
Partner with Development and Application teams to embed security by design
Support audit and compliance activities related to ISO 27001:2022, including evidence collection and control implementation validation
Minimum Qualifications
Bachelor's Degree in computer science, information systems, or a related field, or equivalent work experience AND
6+ years of IT Experience AND
3+ years in an IT Security or Security Engineering role
Strong practical knowledge of systems and infrastructure engineering (Windows/Linux fundamentals, networking, cloud architecture, identity, and common enterprise services) to make sound security recommendations and assess operational impact
Proven ability to scope security improvements into actionable work items, estimate level of effort, and partner with infrastructure/application owners to drive implementation
Cloud security experience (Azure preferred)
Experience with scripting and infrastructure as code for security automation and control deployment (PowerShell, Terraform, ARM/Bicep) to implement at scale
Experience with a MDR/vSOC provider and integrating EDR telemetry and incident workflows (CrowdStrike preferred)
Strong understanding of Identity and Access Management (IAM) concepts and implementations
Working knowledge of industry security frameworks and standards, including ISO 27001:2022 (preferred), NIST CSF, CIS Controls, and MITRE ATT&CK, and their application to security control design
Demonstrated ownership mindset: able to work from broad direction, handle ambiguity, prioritize, and drive work to completion
Practical experience implementing security controls within Azure/M365 environments
Experience with SIEM platforms, including log onboarding, detection tuning, and workflow integration (Microsoft Sentinel preferred)
Strong analytical skills with the ability to translate security and infrastructure risk into practical technical controls
Preferred Qualifications
Microsoft Azure Security Engineer
Microsoft Azure Administrator
Microsoft Azure Architect
Certified Cloud Security Professional (CCSP)
Estimated Annual Salary
$100,000 - $130,000
Remote Work
This role will be based out of your home office, allowing flexibility to work remotely.
**Equal Employm
