Senior Security Engineer, Costa Rica

Are you ready to make an impact?

West Monroe isn't a start-up firm, but we act like one.

From day one, our people have the opportunity to make a definitive personal impact for their clients and their careers. What does this mean? It means we seek out the best of the best, and then we challenge them to make us better.

If you are looking to be a "behind the scenes" technologist, this isn't the place for you. We celebrate driven professionals who thrive in a collaborative environment. We are a team of enthusiasts who are always focused on improving our execution and our client's performance. Sound interesting? Then West Monroe Partners might be the place for you.

Think you're up to the challenge?

West Monroe Partners is currently seeking a Security Engineer to be part of the internal IT Security team. As part of the internal security team, the Security Engineer will deliver current and new security products, technologies, and processes to support West Monroe's consulting business. A successful candidate will apply IT security knowledge across a broad range of disciplines, activities, and contexts. A successful candidate will work across several disciplines within IT – compute, storage, and networking as well as applications, regardless of platform or host location, e.g., on-premise, off-premise, or cloud.

Qualifications:

Candidates must demonstrate a comprehensive understanding of security technologies and possess expertise in applying industry-standard security practices, particularly aligned with frameworks such as the NIST Cybersecurity Framework and CIS Controls. The individual should be able to provide subject matter expertise to operational teams requiring Information Security Engineering services, ensuring the effective implementation of security controls and policies.

The ideal candidate will have experience across a range of security services, including but not limited to:

• Microsoft Cloud Security Technologies (Azure AD, Microsoft Defender, Microsoft Cloud App Security, Microsoft Sentinel)
• Identity and Access Management (IAM)
• Incident Response and Event Monitoring
• Threat Detection and Management
• Third-Party Risk Management, ensuring compliance and security across vendor ecosystems
• Management of Managed Security Service Providers (MSSPs), overseeing vendor performance and ensuring adherence to security requirements

Specific skills include, but are not limited to, the ability to:

• Information Security Architecture and Configuration: Design and configure security technologies, aligning with enterprise security strategies such as Identity and Access Management (IAM), Cloud Managed Desktops, and Microsoft 365 environments.
• Subject Matter Expertise: Provide guidance and advisory services to operational teams on Information Security Engineering initiatives, driving security enhancements and compliance.
• Documentation and Knowledge Transfer: Develop and maintain comprehensive engineering documentation, including design specifications, installation guides, process diagrams, and operational runbooks. Ensure seamless knowledge transition to support teams for newly implemented or significantly modified security technologies.
• Advanced Technical Escalation: Serve as a Level 3 escalation point for complex security incidents and technical challenges, working closely with Security Operations and other IT support teams.
• Cloud and Endpoint Security Solutions: Implement security controls for Cloud Managed Desktops, Office 365, and Azure environments, ensuring alignment with industry best practices and security frameworks.
• Endpoint Privilege Management: Experience architecting and implementing privilege management solutions, including BeyondTrust or equivalent tools, to enforce least privilege access across the enterprise.
• Cross-Platform Security Solutions: Manage a combination of cloud and on-premise endpoint security tools, including Microsoft Cloud App Security for protecting Microsoft 365 components.
• Microsoft Sentinel and Log Analysis: Utilize Microsoft Sentinel for Security Information and Event Management (SIEM), monitor and analyze security logs, and generate actionable insights to improve overall security posture. Proficiency in reviewing logs for incident investigation and response, ensuring timely detection of threats and anomalies.
• Compliance with Industry Standards: Adherence to security frameworks such as NIST, CIS, and ISO 27001, ensuring that security controls meet enterprise compliance requirements.
• Third-Party Risk Management: Assess and manage the security risks of external vendors, ensuring that third-party solutions adhere to the organization's security policies and industry standards.
• Managed Security Service Provider (MSSP) Oversight: Manage third-party security vendors, including MSSPs, to ensure service levels and security requirements are met. Evaluate performance metrics, review service reports, and coordinate responses to security incidents in collaboration with external providers.

Requirements:

• 5+ years of experience in cybersecurity roles, with a focus on Incident Handling, Threat Intelligence, and Security Architecture and Design.
• Proven track record of architecting and delivering secure, large-scale Windows and cloud-based solutions in enterprise environments.
• Strong expertise in Windows Security and Azure Active Directory, with experience in configuring secure identity and access solutions.
• Hands-on experience with BeyondTrust Endpoint Privilege Management or similar endpoint security tools, as well as other privilege management solutions.
• Deep understanding of key security technologies including Firewalls, Intrusion Detection Systems (IDS), SIEM (especially Microsoft Sentinel), Data Loss Prevention (DLP), Web Application Firewalls (WAF), Advanced Malware Defense, DDoS Prevention, and Application Whitelisting.
• Ability to assess new and emerging security threats, communicate risks to relevant business units, and provide actionable recommendations.
• Strong organizational, verbal, and written communication skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders.
• Third-Party Risk Management expertise, ensuring secure interactions with vendors and external service providers.
• Managed Security Service Provider (MSSP) Management, ensuring third-party vendors meet performance and security expectations, and coordinating joint incident responses.
• Experience in log analysis for monitoring, detecting, and responding to security incidents through tools such as Microsoft Sentinel.
• Ability and willingness to travel occasionally to other West Monroe offices.

Preferences:

• Bachelor's degree in Computer Science, MIS, or equivalent experience
• Experience operating and managing Microsoft Security tools, include Cloud App Security, Windows Defender, and Azure Sentinel
• Experience with Windows Defender Advanced Threat Protection and latest Microsoft E5 Security Product set
• Security certifications that demonstrate a commitment to continued professional information security advancement are expected but not required
• Knowledge of Information Security Compliance Frameworks like NIST, CIS bencmarks are required
• Ability to read/translate IDS/IPS, syslog & firewall logs, rules, and configuration
• Project management experience preferred

West Monroe is a digital services firm that partners with companies in transformative industries to deliver quantifiable financial value. We believe that digital is a mindset and it’s something companies become, not something they do. We bring together diverse, multidisciplinary teams that use their expertise to develop and execute new ideas and ways of working.  

At West Monroe, we invest in our people and care in a big way. We are growing the next generation of leaders who lead with inclusion, enabling us to address our clients’ most complex challenges. If you’re looking for a place where you’ll feel supported, our team will help you grow. We believe that growth breeds opportunity for all. And know that when we come together, we can do what's never been done. 

Our fast-paced culture and collaborative teams bring the energy and expertise needed to make an impact and deliver beyond expectations. If you are ready to set big goals with us, join us on our journey of building what matters for our clients, our people, and our communities. 

West Monroe is an Equal Employment Opportunity Employer  
We believe in treating each employee and applicant for employment fairly and with dignity. We base our employment decisions on merit, experience, and potential, without regard to race, color, national origin, sex, sexual orientation, gender identity, marital status, age, religion, disability, veteran status, or any other characteristic prohibited by federal, state or local law. To learn more about diversity, equity and inclusion at West Monroe, visit www.westmonroe.com/inclusion. 

If you are based in California, we encourage you to read West Monroe’s Notice at Collection for California residents, provided pursuant to the California Consumer Privacy Act (CCPA) and linked here.