Lead Security Engineer (Design, Configuration & Deployment)

Build the future, spark innovation and align your career with purpose.

McKinstry is innovating the waste and climate harm out of the built environment and creating lasting impact. Together, we're building a thriving planet.

Buildings are a leading contributor to the climate crisis, generating nearly 40% of total global energy-related carbon emissions. We're making a lasting impact on our industry and within our communities by addressing the climate, affordability and equity crises through:

• renewables and energy services
• engineering and design
• construction and facility services

To get where we're going, we need big thinkers, problem solvers and collaborative mindsets. Does that sound like you?

The Opportunity with McKinstry

We are seeking a Lead Security Engineer (Design, Configuration & Deployment), a principal-level role within our IT organization that blends hands-on engineering with executive and business engagement. Reporting to the Head of Information Security, you will design, build, and advance McKinstry's security capabilities across application development, cloud infrastructure, and enterprise systems, including AI-enabled security operations, application security, incident response, and executive-level reporting.

At McKinstry, security enables innovation. In this role, you will help shape the organization's technical security architecture and long-term security strategy while protecting the platforms that power our mission to build a more sustainable future.

This position is based in Seattle, WA and follows a hybrid schedule of three days in the office.

Key Responsibilities

Security Architecture & Engineering

• Design and implement enterprise security across applications, cloud, and infrastructure.
• Develop secure-by-design frameworks for development, infrastructure, and data platforms.
• Lead threat modeling and security design reviews for new systems.
• Build automation and tooling to strengthen operations and efficiency.

Application & DevSecOps Security

• Integrate security into CI/CD pipelines and development workflows.
• Implement and maintain SAST, DAST, and software composition analysis tools.
• Partner with engineering teams to embed secure coding practices and vulnerability remediation.

Cloud & Infrastructure Security

• Design and maintain security controls across cloud platforms and hybrid environments.
• Implement identity, network, and workload security; enforce policy via IaC tools.

Identity & Access Management

• Implement and improve identity governance, authentication, and authorization.
• Support Zero Trust and privileged access management strategies.

Security Operations & Incident Response

• Strengthen monitoring, detection, and response capabilities.
• Lead or support incident response efforts and post-incident reviews.
• Improve threat detection via automation, telemetry, and analytics.

AI & Emerging Technology Security

• Develop practices for AI/ML systems and data pipelines.
• Assess and mitigate AI risks (LLM, GenAI, model training, outputs).
• Establish guardrails for secure AI adoption across the organization.

What You Need to Succeed at McKinstry

You don't need to check every box below. We value significant relevant experience and encourage applicants who meet several - but not all - of the qualifications to also apply. All applications will be reviewed, and the most qualified candidates will be considered for next steps.

Experience & Leadership

• 12+ years in cybersecurity; 7+ in architecture, engineering, or operations leadership.
• Principal-level contributor with influence over strategy, tooling roadmaps, and risk posture.
• Experience presenting security incidents and program status to C-Suite and Board of Directors.

Application & Cloud Security

• SAST/DAST/SCA mastery (Semgrep, SonarQube, Burp Suite, OWASP ZAP, Snyk, Black Duck) with CI/CD integration.
• API security, OAuth/OIDC, container/K8s security, SBOM, and secure SDLC governance.
• Threat modeling (STRIDE, PASTA, Attack Trees); bug bounty and pen test program management.
• Cloud security (Azure, Defender for Cloud, CSPM, CWPP); Zero Trust, SASE, XDR architectures.

AI & Emerging Tech (3-5 yrs hands-on)

• AI/ML security platforms (Microsoft Security Copilot, Sentinel UEBA, Defender XDR AI, Darktrace, Vectra).
• LLM/GenAI security: NIST AI RMF, OWASP LLM Top 10, prompt injection, red-team exercises.
• Integrate AI into SOAR for automated triage, log summarization, and enrichment workflows.

Incident Response & GRC

• Command P1/P2 incidents per NIST SP 800-61/PICERL; lead tabletop exercises and post-incident reviews.
• Enterprise-scale IRP, BCP, DRP; regulatory breach notification (GDPR, CCPA, SEC).
• GRC ownership: NIST CSF, ISO 27001, SOC 2; vendor assessments; continuous compliance monitoring.

Tools & Automation

• Microsoft Security Stack: Defender, Sentinel, Entra ID, Purview.
• Network & Endpoint: Fortinet NGFW, SIEM, EDR; ZTNA/SASE; Arctic Wolf, CrowdStrike, SentinelOne.
• Automation & DevSecOps: PowerShell, Python, Bash, Terraform, Bicep, CI/CD pipelines, Docker/K8s hardening.
• Security frameworks: OWASP Top 10, MITRE ATT&CK/ATLAS, NIST CSF, ISO 27001, SOC 2.

Preferred Certifications

• CISSP * CISM * GCIA * GCIH * GCFE * OSCP * SC-100/SC-200 * CSSLP * BSCP * AZ-500 * CCSP

PeopleFirst Benefits

When it comes to the basics, we have you covered:

• Competitive pay
• 401(k) with employer match and profit-sharing plan
• Paid time off and holidays
• Comprehensive medical, prescription, dental, and vision with low or zero deductible options and low out of pocket maximums

People come first at McKinstry, and we go beyond the basic benefits with:

• Family formation benefits, including adoption and IVF assistance
• Up to 16 weeks paid parental leave
• Transgender inclusive benefits
• Commuter benefits
• Pet insurance
• "Building Good" paid community service time
• Learning and advancement opportunities via McKinstry University
• McKinstry Moves onsite gyms or reimbursement for remote workers

See benefit plan documents for complete details.

If you're driven by our vision to build a thriving planet together, McKinstry is the place to build your career.

The pay range for this position is $137,880 - $240,400 per year; however, base pay offered may vary depending on job-related knowledge, skills, and experience. Base pay information is based on market location. A bonus may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.

The McKinstry group of companies are equal opportunity employers. We are committed to providing equal employment opportunities to all employees and qualified applicants without regard to sex, gender identity, sexual orientation, age, race, color, creed, marital status, national origin, disability, veteran status, genetic information or any other basis protected by law. This policy applies to all terms and conditions of employment including, but not limited to employment, advancement, assignment, and training. This commitment to Equal Employment Opportunity is made equally as a social responsibility and as an economic and business necessity.

McKinstry is a drug-free workplace. Employment iscontingent upon successfully passing a pre-employment drug and alcohol test, complying with the requirements of the Immigration Reform and Control Act and a Confidentiality Agreement, in addition to successful outcomes of background and reference checks.

Applicants for this role will only be considered if they possess current US Work Authorization, and do not require employer-sponsored VISA support to begin or remain in this role.