Principal Security Engineer

Milwaukee, WI
Full Time
Technology Services
Experienced

Our Story:
Crisis Prevention Institute Inc. (CPI) is the worldwide leader in evidence-based de-escalation and crisis prevention training and dementia care services. Our programs teach professionals the skills to recognize, prevent, and respond to crises in the workplace. Since 1980, we’ve helped train more than 17 million people within service-oriented industries including education, health care, behavioral health, long-term care, human services, security, corporate, and retail.

At CPI, we are dedicated to changing behaviors and reducing conflict for the Care, Welfare, Safety, and Security of everyone. We believe the power of empathy, meaningful connections, personal safety, and security are the antidotes to fear and anxiety. It’s a philosophy that is central to everything we do, and traces back to our beginning.

The Role:

The Principal Security Engineer (PSE) will play a pivotal role in safeguarding our organization's digital assets. The PSE will serve as the lead cybersecurity engineer in our organization, collaborating closely with the CISO and engineering stakeholders across Technology Services. This role will interact with various business functions to secure and optimize our technology stack, driving the implementation of security best practices. The PSE will also contribute to strategic initiatives, security automation, and security metrics. This role will involve hands-on security engineering while guiding security decisions across the enterprise.

What You Get To Do Everyday:

  • Develop, mature, and own a comprehensive data governance program, including policies, procedures, and standards.
  • Collaborate with business units to ensure compliance with data privacy regulations and best practices.
  • Conduct regular security audits and assessments and ensure compliance with relevant security standards, regulations, and industry best practices.
  • Perform mature identity and access management (IAM) capabilities within CPI.
  • Develop and maintain IAM policies, procedures, and standards.
  • Automate appropriate IAM processes.
  • Work with the CISO on security strategies, architecture, and roadmaps.
  • Provide technical guidance and support to engineering teams on security best practices.
  • Improve the security posture of continuous integration and continuous delivery (CI/CD) pipelines by collaborating with DevSecOps teams to integrate security measures and ensure robust, secure delivery practices.
  • Work with the Software Engineering team to improve the security posture of development practices.
  • Identify and mitigate security risks in collaboration with various stakeholders across CPI.
  • Respond to security incidents and breaches in a timely and effective manner.
  • Develop and maintain incident response plans and processes.
  • Evaluate, select, and manage security tools and technologies to meet organizational needs.
  • Oversee the integration, operation, and performance of various security and infrastructure tools.
  • Continuously monitor and assess the 24/7 managed security service provider (MSSP) to ensure effective threat management and response.
  • Develop and refine key performance indicators (KPIs) and metrics to measure the effectiveness of security controls and initiatives.
  • Create comprehensive security reports to inform stakeholders about the organization's security posture.
  • Analyze security data to identify trends, anomalies, and potential risks.
  • Monitor, manage, and recommend improvements for infrastructure systems to ensure security, reduce complexity, and enhance operational efficiency.
  • Identify, document, and recommend security safeguards and configurations across all infrastructure systems.
  • Participate in architecture, planning, and support of infrastructure environments, focusing on security.
  • Prepare, coordinate, and execute changes to production and non-production systems while assessing business impact.
  • Investigate and implement automation or system enhancements to reduce repetitive support tickets and improve system efficiency.
  • Lead collaboration efforts between various Technology Services partners to strengthen security posture.
  • Demonstrate the ability to provide direction, shape team decisions, and inspire teamwork.
  • Actively share knowledge, mentor peers, and stay informed on industry trends to apply best practices.
  • Manage system capacity, maintainability, and security life cycle across the infrastructure.
  • Propose alternative solutions with cost analysis, estimate resources, and drive best practices within the team.
  • Identify dependencies and critical paths for technology platforms and propose risk mitigation strategies.
  • Mentor System Administrators and Service Desk teams by creating knowledge base articles, providing training, and shifting operational tickets into their queue to drive efficiency and reduce escalations.
  • Perform other position-related duties as assigned.

You Need to Have:

  • Seven years or more of experience in cybersecurity engineering, including architecture, security operations, IAM, risk management, governance, and audit reporting
  • Experience working with identity and access management systems (e.g., AAD, Ping Identity)
  • Experience working with data governance (NIST, COBIT) and privacy frameworks (GDPR, CCPA)
  • Experience working with cloud security (e.g., Azure, CSPM)
  • Experience working with cloud infrastructure (Azure, AWS)
  • Experience working with security monitoring, incident response, and log management
  • Experience developing and refining security metrics for operations and resource management
  • Knowledge of security principles, concepts, and best practices
  • Ability to troubleshoot and resolve security-related issues across cloud and on-premises environments, ensuring secure and efficient operations
  • Highly collaborative, capable of interacting and communicating effectively with peers, management, and leadership teams of varying technical levels, and acting with urgency in response to security challenges or requirements
  • Strong analytical skills, with attention to detail
  • Advanced technical writing skills and the ability to lead and communicate effectively within an enterprise environment
  • Exceptional written and verbal communication skills
  • Well-developed interpersonal skills, negotiation, writing, speaking, and listening skills
  • Strong business acumen and strategic thinking ability

We'd Love to See:

  • Security certifications (CISSP, CISM, CCSP, CRISC or CISA)
  • Microsoft certified (Azure Security Engineer Associate)
  • Experience working with cloud security posture management (CSPM)
  • Experience working with DevSecOps automated security testing (SAST, DAST), infrastructure as code (IaC), and continuous security monitoring
  • Experience developing security automation strategies, utilizing scripting languages (PowerShell, Python) and tools such as Azure Automation, or Terraform for infrastructure security
  • Experience with Advanced Data Protection (encryption at rest, in transit) and key management in cloud environments (Azure Key Vault, AWS KMS)
  • Experience implementing and managing data loss prevention (DLP) solutions across cloud and on-premises environments to protect sensitive information
  • Experience working with enterprise email security and threat protection platforms (phishing defense, URL rewriting, attachment sandboxing, and security awareness integration)
  • Experience working with data security and governance platforms for monitoring, classification, and insider threat detection across structured and unstructured data environments

What We Offer:

  • $135,000 - $145,000 annual salary
  • Annual company performance bonus
  • Comprehensive benefits package
  • 401k
  • PTO
  • Health & Wellness Days
  • Paid Volunteer Time Off
  • Continuing education and training
  • Hybrid work schedule

Crisis Prevention Institute is an Equal Opportunity Employer that does not discriminate against any applicant or employee on the basis of age, race, color, ethnicity, national origin, citizenship, religion, diversity of thoughts and beliefs, creed, sex, sexual orientation, gender, gender identity, or expression (including against any individual that is transitioning, has transitioned, or is perceived to be transitioning), marital status or civil partnership/union status, physical or mental disability, medical condition, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state, or local law. The Company will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities, and general treatment during employment.

Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Invitation for Job Applicants to Self-Identify as a U.S. Veteran
  • A “disabled veteran” is one of the following:
    • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
    • a person who was discharged or released from active duty because of a service-connected disability.
  • A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.
Veteran status


Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 04/30/2026
Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Please check one of the boxes below:

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Human Check*