Security Engineer

The Senior Security Engineer owns cybersecurity operations end to end, designing, implementing, and operating controls to protect systems, data, and users. The role blends hands-on technical execution with risk leadership, partnering with IT and infrastructure teams to identify, prioritize, and reduce security risk while enabling secure technology adoption. The ideal candidate is technically strong, operationally disciplined, and able to clearly communicate security risks in business terms. Responsibilities include but are not limited to the following:

• Security Operations & Incident Response
• Identity & Access Security
• Endpoint, Infrastructure & Vulnerability Security
• Cloud & SaaS Security
• Security Tooling & Automation
• Risk Management & Governance

Why Work at FEG? / About the Company FEG is an independently owned advisory firm that provides investment consulting, outsourced chief investment officer (OCIO), and research services to predominantly institutional clients^1, such as university endowments, private and public foundations, religious organizations, healthcare institutions, corporate retirement plans, and select family offices. Founded in 1988, FEG has served communities both directly and by helping our clients fulfill their missions, for over 35 years. FEG employs 140+ professionals across offices in Cincinnati, Ohio, Dallas, Texas, and Indianapolis, Indiana, with approximately $100.4 billion^2 in client assets under advisement. What You'll Do / Position Responsibilities Security Architecture & Control Engineering

• Design, implement, and evolve security controls across identity, endpoint, infrastructure, cloud, and SaaS environments
• Engineer scalable security architectures that integrate with enterprise IT and cloud platforms
• Define security patterns, reference architectures, and technical standards for secure system design

Detection & Response Engineering

• Engineer and tune detection logic across SIEM, EDR/XDR, and cloud security platforms
• Develop and maintain automated response workflows and playbooks to reduce manual intervention
• Perform deep-dive root cause analysis on incidents to improve control design and detection fidelity

Identity & Access Security Engineering

• Engineer identity security solutions including MFA, Conditional Access, Privileged Access Management (PAM), and identity protection
• Design least-privilege access models and entitlement structures across on-prem and cloud identity platforms
• Integrate identity signals into detection and response tooling

Endpoint, Infrastructure & Vulnerability Engineering

• Engineer endpoint security baselines, hardening standards, and configuration enforcement mechanisms
• Design and maintain vulnerability management workflows, including scanning, prioritization, and remediation tracking
• Partner with infrastructure teams to embed security into system builds, images, and deployment pipelines

Cloud & SaaS Security Engineering

• Engineer security controls and guardrails for cloud platforms and SaaS services
• Design posture management, configuration monitoring, and security telemetry for cloud workloads
• Enable secure onboarding of new cloud and SaaS technologies through upfront security design

Security Tooling, Automation & Integration

• Architect, deploy, and optimize security platforms such as SIEM, EDR, vulnerability management, and email security
• Build custom integrations, automation, and workflows using APIs and scripting to improve scale and reliability
• Maintain technical documentation, design artifacts, and implementation standards for security tooling

Risk Engineering & Technical Governance

• Perform technical risk assessments focused on control gaps, attack paths, and systemic weaknesses
• Translate security risk into actionable engineering remediation plans
• Contribute to security standards, technical policies, and secure-by-design guidance

Security Enablement & Advisory

• Act as a technical security advisor to IT, infrastructure, and application teams
• Review system designs and changes for security impact and provide engineering guidance
• Support security awareness through technical training and secure configuration guidance

Core Areas of Responsibility

• Security Operations (SOC) & Incident Response - Microsoft Defender + Sentinel
• Identity & Access Security - Microsoft Entra ID, Conditional Access, PIM
• Endpoint & Device Security - Intune + Defender for Endpoint
• Cloud Security Posture & Workload Protection - Azure + Defender for Cloud
• SaaS Security & Data Protection - MDCA + Purview, This job description in no way states or implies that these are the only duties to be performed by the employee occupying this position. Employees will be required to follow any other job-related instructions and to perform other job-related duties requested by their supervisor in compliance with Federal and State Laws. Requirements are representative of minimum levels of knowledge, skills and/or abilities. To perform this job successfully, the employee must possess the abilities or aptitudes to perform each duty proficiently. Continued employment remains on an "at-will" basis. ^1Institutional clients include Charitable organizations, Community Foundations, Corporate, Healthcare, Higher Education, Independent Schools, Insurance, Native American Tribes, Private Foundations, Public Funds, Religious organizations, and Taft Hartley. Nonprofit clients include Charitable organizations, Community Foundations, Healthcare (nonprofit), Higher Education, Independent Schools, Private Foundations, and Religious Organizations. ^2As of September 30, 2025, Assets under Advisement (AUA) include discretionary and non-discretionary assets of FEG and its affiliated entities. These assets are typically non-discretionary. Some asset values may not be readily available at the most recent quarter-end; therefore, the previous quarter's values were used and may be higher or lower depending on current market conditions. Of the $100.4bn in AUA, FEG's total assets under management (AUM) of $19.6bn includes discretionary of ($17.0bn) and non-discretionary AUM ($2.5bn).

• 5+ years of experience in cybersecurity, security engineering, or IT infrastructure with security responsibilities or comparable experience
• Experience with Microsoft security ecosystem (Defender, Sentinel, Entra ID)
• Scripting or automation experience (PowerShell, Python, or similar)
• Experience implementing Zero Trust or modern identity security practices
• Familiarity with security frameworks such as NIST and CIS Controls

What You'll Bring / Knowledge, Skills, and Experience

• Strong problem-solving and investigative mindset
• Ability to prioritize risks in a fast-moving environment
• Clear communicator who can translate technical issues into business impact
• Comfortable working independently and taking ownership of security outcomes
• Collaborative partner to IT, infrastructure, and engineering teams
• Listen and learn while still taking full ownership of individual scope of work.
• Prioritize effectively and decisively across complex teams and competing priorities.
• Enjoy working in and learning about the financial investment industry.

• Competitive compensation and bonus opportunities commensurate with qualifications and performance.
• Employer-paid life, Short-Term Disability and Long-Term Disability coverage plus subsidized Medical, Dental, & Vision plans.
• Wealth Benefits including 401(k) and ESOP Programs with company contributions.
• Paid Time Off (Holidays, PTO, Parental Leave)
• Flexible work options designed to support work-life balance while maintaining productivity and collaboration.
• Employee-led culture committees focused on engagement, well-being, diversity, and a positive workplace environment.
• A structured mentorship program that fosters professional growth, knowledge sharing, and leadership development through meaningful one-on-one connections.
• Tuition reimbursement for approved educational programs to support continued learning and career development.
• Reimbursement for eligible professional certifications and industry-recognized designations.
• Access to comprehensive wellness programs that support physical, mental, and overall well-being.