Principal Security Engineer

Consumers Energy is Michigan's largest energy provider, providing natural gas and/or electricity to 6.8 million of the state's 10 million residents in all 68 Lower Peninsula counties. Consumers Energy knows job number one is to keep the lights on for customers. We are committed to delivering reliable, clean, and affordable energy to our customers 24/7.

This position is not eligible for immigration sponsorship, e.g., H-1B, TN, etc. Please do not apply if you will need immigration sponsorship for a work visa now or in the future, including sponsorship for H-1B, TN, etc., now or in the future. We are unable to hire individuals with CPT, OPT, or STEM OPT for this position as the position is not eligible for participation in the H-1B lottery program and is not eligible for current or future immigration sponsorship for a work visa.

Location:
This is a hybrid (virtual/onsite) position with required onsite days on Monday, Tuesday and Thursday assigned to One Energy Plaza (Headquarters) located in Jackson, MI. The selected candidate must be within a commutable distance or willing to relocate (relocation package is available for those that qualify).

General Summary of Job Responsibilities

The Principal Security Engineer will support the organization's major security initiatives, serving as a technical expert and strategic leader. This role involves architecting, implementing and operating secure systems, designing scalable defenses, and leading response efforts to mitigate threats and risks. The ideal candidate will demonstrate mastery across one or more security domains, including infrastructure, network, identity, communication with business partners and incident response, while mentoring teams and shaping the future of our security strategy.

Essential Duties and Responsibilities

• Conduct threat modeling and risk assessments to identify vulnerabilities, recommend mitigations, and design controls to address risks effectively.
• Lead and participate in complex incident response and problem solving efforts, coordinating across teams to analyze root causes, mitigate impacts, and implement long-term solutions.
• Develop and optimize security controls by implementing technologies and process changes to ensure business objectives are met in line with security requirements.
• Architect, implement, operate and maintain comprehensive security solutions for systems, networks, and applications, ensuring they are resilient to emerging threats.
• Evaluate and deploy security tools and platforms in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management, to improve visibility, detection, and response capabilities across the organization.
• Engage, lead, and/or mentor other Security employees, including associate engineers and career engineers.
• Collaborate with cross-functional teams, including development, IT, and the business, to embed security best practices throughout the system lifecycle.
• Stay informed about emerging threats, vulnerabilities, and technologies, providing strategic recommendations to strengthen the organization's security posture.
• Automate security processes where possible, leveraging scripting and SOAR platforms to enhance efficiency and consistency in incident response and vulnerability management.
• Other non-essential duties as assigned or may be necessary

Knowledge/Skills/Abilities

• Excellent written and verbal communication skills to influence technical and non-technical stakeholders.
• Strong leadership and mentoring abilities with a focus on team development.
• Demonstrates excellent teamwork and embodies the virtues of being humble, hungry, and people smart.
• Expert-level knowledge of security architectures, and defensive strategies.
• Subject matter expertise in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management.
• Advanced troubleshooting skills with the ability to navigate complex systems and resolve critical issues efficiently.
• Strategic thinking and decision-making capabilities in high-pressure scenarios.

Education & Experience

• Bachelor's Degree in Cyber Security, Computer Science, or Information Technology and7 - 10 years in Hands-on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4-7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security…