Director of Security Engineering

St Paul, MN · Naperville, ILFull-time$137k–$206kPosted Jul 17, 2026

Job Summary: The Director of Security Engineering is responsible for leading enterprise security architecture, engineering, and exposure management programs. This role provides leadership for the technical security posture of a global Fortune 500 environment, owning the proactive side of security: architecture decisions, platform engineering, security standards enforcement, vulnerability and exposure management, and the initiatives that harden the environment before threats land.

The Director of Security Engineering leads architecture and engineering teams across endpoint, cloud, network, data protection, collaboration, and OT security while building a new Continuous Threat Exposure Management (CTEM) capability. The role combines strategic direction, platform and tooling decisions, cross-functional initiative delivery, and organizational leadership to drive measurable posture improvement across the enterprise.

What You Will Do:

Technical Security Posture and Architecture

  • Own security architecture standards, benchmarks, and compliance posture for the enterprise aligned to CIS Benchmarks, NIST CSF 2.0, and platform hardening requirements.

  • Make platform and tooling decisions across the security technology stack including endpoint, cloud, network, data protection, and collaboration security.

  • Lead security solution selection, evaluation, and implementation for new capabilities across multi-cloud, on-premises, and OT environments.

  • Guide zero-trust architecture implementation including network segmentation, conditional access enforcement, and least-privilege design patterns.

  • Drive security configuration standards and compliance across Azure, AWS, GCP, on-premises infrastructure, and industrial control system environments.

Exposure Management and CTEM

  • Stand up and operationalize the Continuous Threat Exposure Management function, directing a team of exposure analysts across infrastructure, cloud, application, and external attack surface domains.

  • Define and operationalize the CTEM cycle: discovery, prioritization (exploitability-weighted), mobilization, validation, and remediation tracking.

  • Establish and enforce vulnerability remediation SLAs with infrastructure, platform, and application teams across the enterprise.

  • Build executive-facing exposure reporting and risk quantification tied to business outcomes.

  • Drive convergence of vulnerability scanning, cloud security posture management, and attack surface management into a unified exposure view.

Engineering Operations and Platform Management

  • Oversee day-to-day security engineering including platform maintenance, incident support, approval workflows, and operational stability across the security tooling portfolio.

  • Manage the solution review and re-attestation process for enterprise technology including vendor evaluations and M&A security assessments.

  • Drive automation of manual security processes including approvals, compliance checks, and configuration auditing.

  • Partner with Observability and Automation teams on SIEM integration, security automation playbooks, and compliance dashboards.

  • Translate governance and compliance requirements from GRC into implemented technical controls, deploying and configuring security platforms to monitor and enforce policy compliance across the enterprise.

  • Oversee OT security assessments across global manufacturing sites, ensure regulatory compliance (NIS2, CFATS), and drive network segmentation programs for industrial environments.

Initiative Delivery and Cross-Functional Leadership

  • Organize and prioritize work across multiple concurrent workstreams spanning endpoint hardening, cloud exposure remediation, network benchmarking, data protection, and OT security.

  • Use modern tools including AI assistants (Claude, Copilot) to accelerate planning, analysis, documentation, and decision-making across the team.

  • Present program status, roadmaps, and investment cases to executive leadership with clarity and confidence.

  • Drive cross-functional initiatives requiring coordination across infrastructure, networking, cloud platforms, and application teams.

Organizational and People Leadership

  • Lead and develop a distributed security organization consisting of managers, architects, and engineers across multiple technical domains.

  • Build organizational clarity across architecture, engineering, and the new exposure management function.

  • Provide leadership in talent development, succession planning, coaching, performance management, and team engagement.

  • Manage staffing strategy across full-time employees, partners, and contingent resources to meet delivery needs.

  • Oversee third-party vendors and consulting partners supporting security programs and services.

Minimum Qualifications:

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline; equivalent experience may be considered.

  • 12+ years of progressive experience in cybersecurity, security architecture, security engineering, or vulnerability management.

  • 5+ years of leadership experience managing multi-team security functions at the Senior Manager or Director level.

  • Demonstrated success delivering security initiatives through teams: hardening programs, platform deployments, and posture improvements completed on schedule.

  • Experience managing 15+ person organizations including managers, architects, and engineers with varied technical specializations.

  • Experience building new functions or teams, particularly in exposure management, vulnerability operations, or CTEM disciplines.

  • Background in cross-functional program delivery, driving remediation and compliance outcomes through teams not under direct reporting authority.

Technical and Functional Qualifications:

  • Strong knowledge of cloud security architecture across Azure, AWS, and GCP including CSPM/CNAPP platforms, container security, and cloud-native controls.

  • Strong knowledge of network security including next-generation firewalls, secure web gateways, network segmentation, DNS security, and zero-trust network access.

  • Experience with endpoint security platforms (EDR), endpoint hardening, and CIS benchmark implementation at enterprise scale.

  • Knowledge of data protection platforms (DLP), data classification, insider threat programs, and unstructured data controls.

  • Strong knowledge of vulnerability and exposure management: scanning platforms, CTEM frameworks, attack surface management, exposure prioritization, and remediation SLA governance. Qualys experience strongly preferred.

  • Knowledge of OT/ICS security including network segmentation for industrial environments, asset discovery, and regulatory frameworks (NIS2).

  • Familiarity with security architecture frameworks: CIS Benchmarks (multi-platform), NIST CSF 2.0, and zero-trust architecture principles.

  • Comfort with security automation platforms (SOAR) and AI-assisted workflows for accelerating team productivity and decision-making.

Preferred Qualifications:

  • Experience in a Fortune 500, global, manufacturing, or industrial environment with complex, heterogeneous technology estates.

  • Prior experience standing up a CTEM, exposure management, or vulnerability operations function.

  • Familiarity with M&A security assessment processes and integrating acquisitions.

  • Background in OT/ICS security for manufacturing environments.

  • Familiarity with platforms such as Wiz, Zscaler, Palo Alto, Elastic, Armis, Qualys, or Swimlane.

  • Relevant certifications such as CISSP, CISM, or technical certifications in cloud security, network security, or vulnerability management.

Leadership Competencies

  • Organized and decisive leader who manages multiple concurrent workstreams and makes priority calls under competing demands.

  • Delivery-oriented with a track record of driving initiatives to completion through teams: milestones hit, SLAs enforced, projects closed.

  • Strong presenter who communicates technical security posture, risk, and investment needs to executive audiences clearly and confidently.

  • Skilled at influencing without authority, driving remediation and compliance outcomes through infrastructure, platform, and application teams.

  • Builder mentality: energized by standing up new capabilities while keeping existing operations running smoothly.

Additional Information

  • Travel up to 10% may be required for site assessments, team collaboration, and vendor engagements.
  • The role may require coordination across global teams, including off-hours support for key initiatives, escalations, or major incidents.

Annual or Hourly Compensation Range

The base salary range for this position is $137,400.00 - $206,200.00. This position is eligible for annual bonus and long-term incentives based on performance, per plan terms. Many factors are taken into consideration when determining compensation, such as experience, education, training, geography, etc. We comply with all minimum wage and overtime laws.

Benefits 

Ecolab strives to provide comprehensive and market-competitive benefits to meet the needs of our associates and their families. Click here to see our benefits. 

If you are viewing this posting on a site other than our Ecolab Career website, view our benefits at jobs.ecolab.com/working-here. 


Potential Customer Requirements Notice

To meet customer requirements and comply with local or state regulations, applicants for certain customer-facing roles may need to:

- Undergo additional background screens and/or drug/alcohol testing for customer credentialing.

 

Americans with Disabilities Act (ADA) 

Ecolab will provide reasonable accommodation (such as a qualified sign language interpreter or other personal assistance) with our application process upon request as required to comply with applicable laws. If you have a disability and require accommodation assistance in this application process, please visit the Recruiting Support link in the footer of each page of our career website.  


Our Commitment to a Culture of Inclusion & Belonging
At Ecolab, we believe the best teams are inclusive. We are on a journey to create a workplace where every associate can grow and achieve their best. We are committed to fair and equal treatment of associates and applicants and recruit, hire, promote, transfer and provide opportunities for advancement based on individual qualifications and job performance. In all matters affecting employment, compensation, benefits, working conditions, and opportunities for advancement, we will not discriminate against any associate or applicant for employment because of race, religion, color, creed, national origin, citizenship status, sex, sexual orientation, gender identity and expressions, genetic information, marital status, age, disability, or status as a covered veteran.

In addition, we are committed to furthering the principles of Equal Employment Opportunity (EEO) through Affirmative Action (AA).

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free