Staff Security Engineer

Job Title: Staff Security Engineer

We are seeking an Infrastructure Security Engineer to partner with SRE and infrastructure teams to embed security into our infrastructure deployment and operations. This role will be responsible for creating and validating secure configuration and deployment templates, building audit and detection automation, and ensuring our infrastructure is protected against evolving threats. The ideal candidate combines deep technical expertise in infrastructure technologies with security automation skills and a collaborative approach to working with engineering teams.

Key Responsibilities SRE & Infrastructure Team Collaboration

• Partner with SRE and infrastructure teams to integrate security into infrastructure workflows, deployment pipelines, and operational practices
• Create and validate secure configuration templates for Terraform, CloudFormation, Ansible, and other infrastructure automation tools
• Develop deployment templates that embed security controls by default for common infrastructure patterns (VPCs, security groups, IAM roles, compute instances)
• Review and approve infrastructure code providing security guidance and validation before production deployment
• Conduct security assessments of infrastructure designs and deployment patterns in collaboration with SRE teams
• Establish security guardrails that enable infrastructure teams to move quickly while maintaining security standards

Audit & Detection Automation

• Build automated audit systems to continuously validate infrastructure configurations against security baselines and compliance requirements
• Develop detection automation for identifying security misconfigurations, policy violations, and anomalous infrastructure changes
• Implement policy-as-code frameworks using Open Policy Agent (OPA), AWS Config Rules, Azure Policy, or Sentinel to enforce security standards
• Create automated remediation workflows for common security violations and configuration drift
• Build compliance validation automation to continuously assess infrastructure against CIS benchmarks, SOC 2, and other frameworks
• Develop security metrics and dashboards providing visibility into infrastructure security posture and trends

Security Architecture & Design

• Design and implement security architectures for hybrid and multi-cloud environments (AWS, Azure, GCP)
• Develop network security architectures including network segmentation, zero trust principles, and micro-segmentation strategies
• Build security baselines and hardening standards for servers, endpoints, containers, and cloud resources based on CIS benchmarks and industry best practices
• Design secure landing zones and account structures for cloud environments with appropriate guardrails and security controls
• Implement defense-in-depth strategies across network, host, application, and data layers
• Conduct security architecture reviews for infrastructure changes, new deployments, and technology adoption

Cloud & Infrastructure Security

• Implement and manage cloud security controls including security groups, NACLs, WAF, cloud firewalls, and encryption services
• Configure cloud security posture management (CSPM) tools to continuously assess and remediate misconfigurations
• Deploy and manage container security for Docker, Kubernetes, and container orchestration platforms
• Implement infrastructure-as-code security scanning and policy enforcement for Terraform, CloudFormation, and other IaC tools
• Secure cloud-native services including serverless functions, managed databases, object storage, and API gateways
• Manage secrets and encryption keys using vaults, KMS, and secure key management practices

Security Automation & Infrastructure as Code

• Develop and maintain security automation using Python, PowerShell, Bash, or Go for audit, detection, and remediation tasks
• Create reusable IaC security modules and templates for Terraform, CloudFormation, or Pulumi that SRE teams can leverage
• Implement IaC scanning and validation in CI/CD pipelines using tools like Checkov, Terrascan, tfsec, or custom validators
• Build security policy as code using tools like Open Policy Agent (OPA), Sentinel, AWS Config Rules, or Azure Policy
• Automate security testing of infrastructure deployments including configuration validation and compliance checks
• Collaborate with SRE teams to integrate security automation into GitOps workflows and deployment pipelines

Compliance & Governance

• Support compliance initiatives for SOC 2, ISO 27001, PCI-DSS, HIPAA, or other frameworks
• Conduct infrastructure security audits and assessments against security standards
• Document security architectures and maintain system security plans (SSPs)
• Develop runbooks and procedures for security operations and incident response
• Generate compliance reports demonstrating security control effectiveness

Collaboration & Advisory

• Work embedded with SRE teams to understand infrastructure patterns, deployment workflows, and operational needs
• Partner with infrastructure teams on architecture reviews, technology evaluations, and capacity planning with security considerations
• Provide security guidance on infrastructure projects, deployment strategies, and architectural decisions in real-time
• Train SRE and infrastructure staff on secure configuration practices, security tooling, and threat awareness
• Enable self-service security by creating documentation, runbooks, and templates that infrastructure teams can use independently
• Collaborate with peer security teams on application security, identity management, and security operations to ensure holistic coverage

Required Qualifications Experience

• 5+ years of hands-on experience in infrastructure security, network security, or systems engineering with security focus
• 3+ years working with cloud platforms (AWS, Azure, or GCP) with focus on security architecture and implementation
• Proven experience implementing security controls across hybrid environments (on-premises and cloud)
• Strong background in network security including firewalls, segmentation, VPNs, and network monitoring
• Experience with security hardening of Windows and Linux systems

Technical Skills

• Cloud Platforms: Deep knowledge of AWS, Azure, or GCP security services, IAM, networking, and security architecture
• Infrastructure as Code: Strong experience with Terraform, CloudFormation, Ansible, or similar tools including module/template development
• Policy as Code: Proficiency with Open Policy Agent (OPA), Sentinel, AWS Config Rules, Azure Policy, or similar frameworks
• Scripting & Automation: Strong skills in Python, PowerShell, Bash, or Go for building security automation and tooling
• Network Security: Expertise with firewalls (Palo Alto, Cisco, Fortinet), network segmentation, VPNs, and IDS/IPS
• Operating Systems: Strong knowledge of Windows and Linux administration, security hardening, and system internals
• Container Security: Knowledge of Docker, Kubernetes security, and container orchestration
• CI/CD Pipelines: Experience integrating security tools into GitLab CI, GitHub Actions, Jenkins, or similar platforms
• Security Tools: Hands-on experience with vulnerability scanners (Nessus, Qualys), CSPM tools (Wiz, Prisma Cloud), EDR/XDR platforms
• Monitoring & Logging: Experience with SIEM, log aggregation (Splunk, ELK), and security monitoring platforms

Knowledge & Competencies

• Security Architecture: Understanding of defense-in-depth, zero trust, and security architecture principles
• Security Frameworks: Familiarity with NIST Cybersecurity Framework, CIS Controls, MITRE ATT&CK
• Compliance: Knowledge of SOC 2, ISO 27001, PCI-DSS, HIPAA, or other regulatory frameworks
• TCP/IP & Networking: Strong understanding of networking protocols, routing, switching, and network architecture
• Threat Landscape: Current knowledge of infrastructure threats, attack vectors, and defensive techniques

Soft Skills

• Communication: Excellent ability to explain security concepts to technical and non-technical audiences
• Collaboration: Strong partnership skills to work effectively with infrastructure, operations, and development teams
• Problem-Solving: Analytical mindset with ability to troubleshoot complex security and infrastructure issues
• Project Management: Ability to manage security projects from design through implementation
• Adaptability: Flexibility to work in dynamic environments and adjust to changing priorities

Education & Certifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)

Who we are:

At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.

Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.

Job: Engineering

Job Family: TECHNOLOGY

Organization: Corporate Strategy & Technology

Schedule: FULL_TIME

Workplace Type: Hybrid

Req ID: 23017