The Senior Cloud & Security Engineer to serve as the senior technical counterpart to the Director of Security & Technology. This role owns KPA's cloud infrastructure, security platforms, identity, automation, and technical modernization initiatives. The ideal candidate is a hands-on engineer with strong cloud and systems experience, a security-first mindset, and the ability to independently lead complex technical projects that improve KPA's security, scalability, and operational maturity.
Responsibilities:
- Own KPA's enterprise security platforms including CrowdStrike, Rapid7, Cisco Umbrella, Cisco Duo and related technologies.
- Lead vulnerability management & remediation, endpoint security, identity security, privileged access, penetration testing, and security hardening initiatives.
- Investigate and respond to complex security incidents while partnering with the IT Operations team on security and infrastructure escalations.
- Own the technical implementation and ongoing operation of infrastructure-related SOC 2 controls and security audit related requirements.
- Continuously evaluate new technologies and recommend improvements that strengthen KPA's overall security posture.
- Own Microsoft 365, Entra ID, Exchange Online, Exchange Hybrid modernization, identity architecture, and endpoint management.
- Own Azure infrastructure and AWS workloads outside the DevOps application stack. Partner with DevOps where needed as there is a natural crossover between them and this position.
- Own Cisco Meraki networking, VPN infrastructure, and cloud connectivity.
- Lead technical initiatives including cloud modernization, email domain consolidation, phone system replacement, identity modernization, and enterprise platform upgrades.
- Lead complex security and cloud projects from planning through implementation and post-change validation.
- Build automation using PowerShell, Microsoft Graph, REST APIs, and leverage AI-assisted development and automation to improve engineering efficiency and reduce manual effort.
- Produce clear technical documentation, implementation plans, rollback procedures, and operational handoffs.
- Proactively identify technical debt, security gaps, and opportunities to improve efficiency through automation and modernization.
Security Engineering
Cloud, Identity & Systems Engineering
Automation, Projects & Technical Leadership
Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience.
- 7+ years of experience in cloud infrastructure, systems engineering, security engineering, or a related senior technical role.
- Strong experience administering Microsoft 365, Entra ID, Azure, Windows Server, Exchange Online, and hybrid identity.
- Experience with enterprise security platforms such as CrowdStrike, Rapid7, Cisco Umbrella, Duo, or equivalent technologies.
- Strong understanding of identity, networking, endpoint management, vulnerability management, and Zero Trust security principles.
- Experience supporting SOC 2 or similar compliance frameworks.
- Relevant certifications such as Microsoft AZ-104, AZ-500, MS-102, SC-300, CompTIA Security+, CISSP, or equivalent certifications are preferred.
- Excellent communication, documentation, project management, and problem-solving skills.
Success Criteria:
- Work ethic that aligns with KPA's core values:
- Trust: earning trust through integrity, expertise, and acting in the client's best interest.
- Innovation: continuously seeking out ways to better serve clients.
- Excellence: holding ourselves to high standards in everything we do.
- Results: moving with purpose to deliver meaningful outcomes.
- Provides technical leadership, sound architectural recommendations, and trusted engineering expertise across cloud, infrastructure, and security initiatives.
- Successfully leads cloud modernization and technical security initiatives that improve KPA's security, scalability, and operational maturity.
- Owns and continually improves enterprise security platforms and technical security controls.
- Delivers complex technical projects with strong planning, communication, documentation, testing, and post-implementation validation.
- Reduces manual effort through automation and modern engineering practices.
- Serves as the senior escalation point for complex cloud, infrastructure, and security issues.
- Partners effectively with IT Operations and DevOps to ensure new technologies transition smoothly into day-to-day operations.
Physical Requirements:
- Working at a computer typing and view a screen - Constantly
- Stationary sitting or standing - Constantly
- Visual Recognition - Constantly
- Hearing/Listening - Occasionally
- Communicating verbally and/or in writing - Occasionally
- Travel - Seldom
Compensation:
- Annual base salary range between $110-125k commensurate with experience.
- Bonus potential of 10% annually
Skills Required
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience.
- 7+ years of experience in cloud infrastructure, systems engineering, security engineering, or related senior technical role.
- Strong experience administering Microsoft 365, Entra ID, Azure, Windows Server, Exchange Online, and hybrid identity.
- Experience with enterprise security platforms such as CrowdStrike, Rapid7, Cisco Umbrella, and Cisco Duo (or equivalents).
- Experience owning Cisco Meraki networking, VPN infrastructure, and cloud connectivity.
- Experience with Azure infrastructure and AWS workloads outside the DevOps application stack.
- Lead vulnerability management, endpoint security, identity security, privileged access, penetration testing, and security hardening initiatives.
- Experience supporting SOC 2 or similar compliance frameworks.
- Build automation using PowerShell, Microsoft Graph, and REST APIs; leverage AI-assisted development to improve efficiency.
- Strong understanding of identity, networking, endpoint management, vulnerability management, and Zero Trust security principles.
- Excellent communication, documentation, project management, and problem-solving skills.
- Relevant certifications such as Microsoft AZ-104, AZ-500, MS-102, SC-300, CompTIA Security+, CISSP (preferred).
- Experience with Exchange Hybrid modernization, email domain consolidation, and enterprise platform upgrades.
KPA Compensation & Benefits Highlights
-
Healthcare Strength — Health coverage includes medical, dental, vision, EAP/telehealth mental‑health access, life and disability insurance, plus pet insurance. Wellness initiatives such as online yoga/meditation and onsite gym access in some locations further bolster the offering.
-
Retirement Support — A 401(k) with company match is repeatedly highlighted, with some postings noting immediate vesting. Financial programs like performance bonuses and charitable‑match options complement the core retirement benefit.
-
Leave & Time Off Breadth — PTO that increases with tenure, paid and floating holidays, and paid volunteer time are consistently listed. These elements provide a broad foundation for time away from work.
KPA Insights
What We Do
KPA solutions help clients identify, remedy, and prevent workplace safety and compliance problems across their entire enterprise. The combination of KPA’s easy-to-use software platforms, consulting services, and award-winning training content helps organizations minimize risk so they can focus on what’s important—their core business. For nearly 40 years, KPA has helped 10,000+ clients achieve regulatory compliance, protect their business, and keep people safe.
Why Work With Us
Since 1986 we have been refining the core values with which we work together as a team and with our clients. Do you align with our core values of Integrity, Helpfulness, Excellence, Agility, Respectfulness, and Teamwork? It is these core values that promote our success through both organic growth and integrating acquisitions.
Gallery
KPA Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
KPA operates in a hybrid, remote-first work environment where daily office attendance is optional and teams get together in-person for collaboration.


.jpeg)





.jpeg)


