CMS Energy, Corp.
Consumers Energy is Michigan’s largest energy provider, providing natural gas and/or electricity to 6.8 million of the state’s 10 million residents in all 68 Lower Peninsula counties. Consumers Energy knows job number one is to keep the lights on for customers. We are committed to delivering reliable, clean, and affordable energy to our customers 24/7.
This position is not eligible for immigration sponsorship, e.g., H-1B, TN, etc. Please do not apply if you will need immigration sponsorship for a work visa now or in the future, including sponsorship for H-1B, TN, etc., now or in the future. We are unable to hire individuals with CPT, OPT, or STEM OPT for this position as the position is not eligible for participation in the H-1B lottery program and is not eligible for current or future immigration sponsorship for a work visa.
Location : This is a hybrid (virtual/onsite) position with required onsite days on Monday, Tuesday and Thursday assigned to One Energy Plaza (Headquarters) located in Jackson, MI. The selected candidate must be within a commutable distance or willing to relocate (relocation package is available for those that qualify).
General Summary of Job Responsibilities The Principal Security Engineer will support the organization’s major security initiatives, serving as a technical expert and strategic leader. This role involves architecting, implementing and operating secure systems, designing scalable defenses, and leading response efforts to mitigate threats and risks. The ideal candidate will demonstrate mastery across one or more security domains, including infrastructure, network, identity, communication with business partners and incident response, while mentoring teams and shaping the future of our security strategy.
Essential Duties and Responsibilities
Conduct threat modeling and risk assessments to identify vulnerabilities, recommend mitigations, and design controls to address risks effectively.
Lead and participate in complex incident response and problem solving efforts, coordinating across teams to analyze root causes, mitigate impacts, and implement long-term solutions.
Develop and optimize security controls by implementing technologies and process changes to ensure business objectives are met in line with security requirements.
Architect, implement, operate and maintain comprehensive security solutions for systems, networks, and applications, ensuring they are resilient to emerging threats.
Evaluate and deploy security tools and platforms in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management, to improve visibility, detection, and response capabilities across the organization.
Engage, lead, and/or mentor other Security employees, including associate engineers and career engineers.
Collaborate with cross‑functional teams, including development, IT, and the business, to embed security best practices throughout the system lifecycle.
Stay informed about emerging threats, vulnerabilities, and technologies, providing strategic recommendations to strengthen the organization's security posture.
Automate security processes where possible, leveraging scripting and SOAR platforms to enhance efficiency and consistency in incident response and vulnerability management.
Other non-essential duties as assigned or may be necessary
Knowledge/Skills/Abilities
Excellent written and verbal communication skills to influence technical and non-technical stakeholders.
Strong leadership and mentoring abilities with a focus on team development.
Demonstrates excellent teamwork and embodies the virtues of being humble, hungry, and people smart.
Expert‑level knowledge of security architectures, and defensive strategies.
Subject matter expertise in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management.
Advanced troubleshooting skills with the ability to navigate complex systems and resolve critical issues efficiently.
Strategic thinking and decision‑making capabilities in high‑pressure scenarios.
Education & Experience
Bachelor's Degree in Cyber Security, Computer Science, or Information Technology and7 - 10 years in Hands‑on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy.
[OR] Associate's Degree in Cyber Security, Computer Science, or Information Technology and 9 - 12 years in Hands‑on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy
[OR] High School Diploma and 11 - 14 years in Hands‑on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy
Working conditions Why should you join our team?
At Consumers Energy, we offer more than just a place to work. We foster a culture that supports career development, growth, and stability, and we take pride in offering our co‑workers excellent benefits and compensation packages. We are deliberately creating an inclusive culture that makes our diverse team of co‑workers feel valued, supported, and empowered every day. We're a company made up of thousands of people, all with different stories to share and work to do, but we stand united in our company purpose: world class performance delivering hometown service.
What we offer:
Competitive compensation packages
Medical, Dental and Vision
401k with company match
Paid parental leave
Up to 13 paid Holidays
Paid time off
Educational Assistance Program
Diversity, Equity & Inclusion:
We, at CMS Energy, value Diversity, Equity, & Inclusion. It is part of our DNA. We treat our employees with respect, we treat each other fairly and we value the opinions of others. We are passionate about building and nurturing an environment where everyone feels included. We don’t discriminate. We seek to learn about each other and better understand our unique differences. Our uniqueness makes us authentic. We create safe spaces where everyone can be who they truly are. We invite difficult conversations and uncomfortable topics. We value diverse perspectives; this is what makes us great together. We harbor an inclusive environment where employees feel empowered to share their backgrounds, experiences, and ideas. Our Employee Resource Groups, Women in Energy (WE), Minority Advisory Panel (MAP), Pride Alliance of Consumers Energy (PACE), GENERGY, capABLE, Interfaith and Veterans Advisory Panel (VAP) are key enablers to living the values of our company culture: Caring, Empowered, Deliberate, Agility, and Ownership.
All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, age, sexual orientation, gender identity or national origin.
Consumers Energy is an Equal Opportunity Employer, please review our Equal Employment Opportunity Policy, Family and Medical Leave Act, and Military Leave Allowance. CMS Energy endeavors to make https://careers.consumersenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact our team at e‑recruiting@cmsenergy.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. ACCOMMODATION NOTICE: Federal law and many state laws require employers to make accommodations to disabled applicants and employees where the accommodation does not impose an undue hardship on the employer. For those applicants seeking a position within the State of Michigan, a disabled individual needing accommodation for employment must notify the employer in writing within 182 days after the need is known or should have been known. Michigan law provides that failure of a Michigan employee to properly notify the employer will preclude any claim that the employer failed to accommodate the disabled individual. However, this does not waive an individual’s right under the Americans with Disabilities Act of 1990, as amended, which sets no time limit for requesting an accommodation nor does it require such accommodation to be in writing.
#J-18808-Ljbffr
This position is not eligible for immigration sponsorship, e.g., H-1B, TN, etc. Please do not apply if you will need immigration sponsorship for a work visa now or in the future, including sponsorship for H-1B, TN, etc., now or in the future. We are unable to hire individuals with CPT, OPT, or STEM OPT for this position as the position is not eligible for participation in the H-1B lottery program and is not eligible for current or future immigration sponsorship for a work visa.
Location : This is a hybrid (virtual/onsite) position with required onsite days on Monday, Tuesday and Thursday assigned to One Energy Plaza (Headquarters) located in Jackson, MI. The selected candidate must be within a commutable distance or willing to relocate (relocation package is available for those that qualify).
General Summary of Job Responsibilities The Principal Security Engineer will support the organization’s major security initiatives, serving as a technical expert and strategic leader. This role involves architecting, implementing and operating secure systems, designing scalable defenses, and leading response efforts to mitigate threats and risks. The ideal candidate will demonstrate mastery across one or more security domains, including infrastructure, network, identity, communication with business partners and incident response, while mentoring teams and shaping the future of our security strategy.
Essential Duties and Responsibilities
Conduct threat modeling and risk assessments to identify vulnerabilities, recommend mitigations, and design controls to address risks effectively.
Lead and participate in complex incident response and problem solving efforts, coordinating across teams to analyze root causes, mitigate impacts, and implement long-term solutions.
Develop and optimize security controls by implementing technologies and process changes to ensure business objectives are met in line with security requirements.
Architect, implement, operate and maintain comprehensive security solutions for systems, networks, and applications, ensuring they are resilient to emerging threats.
Evaluate and deploy security tools and platforms in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management, to improve visibility, detection, and response capabilities across the organization.
Engage, lead, and/or mentor other Security employees, including associate engineers and career engineers.
Collaborate with cross‑functional teams, including development, IT, and the business, to embed security best practices throughout the system lifecycle.
Stay informed about emerging threats, vulnerabilities, and technologies, providing strategic recommendations to strengthen the organization's security posture.
Automate security processes where possible, leveraging scripting and SOAR platforms to enhance efficiency and consistency in incident response and vulnerability management.
Other non-essential duties as assigned or may be necessary
Knowledge/Skills/Abilities
Excellent written and verbal communication skills to influence technical and non-technical stakeholders.
Strong leadership and mentoring abilities with a focus on team development.
Demonstrates excellent teamwork and embodies the virtues of being humble, hungry, and people smart.
Expert‑level knowledge of security architectures, and defensive strategies.
Subject matter expertise in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management.
Advanced troubleshooting skills with the ability to navigate complex systems and resolve critical issues efficiently.
Strategic thinking and decision‑making capabilities in high‑pressure scenarios.
Education & Experience
Bachelor's Degree in Cyber Security, Computer Science, or Information Technology and7 - 10 years in Hands‑on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy.
[OR] Associate's Degree in Cyber Security, Computer Science, or Information Technology and 9 - 12 years in Hands‑on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy
[OR] High School Diploma and 11 - 14 years in Hands‑on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy
Working conditions Why should you join our team?
At Consumers Energy, we offer more than just a place to work. We foster a culture that supports career development, growth, and stability, and we take pride in offering our co‑workers excellent benefits and compensation packages. We are deliberately creating an inclusive culture that makes our diverse team of co‑workers feel valued, supported, and empowered every day. We're a company made up of thousands of people, all with different stories to share and work to do, but we stand united in our company purpose: world class performance delivering hometown service.
What we offer:
Competitive compensation packages
Medical, Dental and Vision
401k with company match
Paid parental leave
Up to 13 paid Holidays
Paid time off
Educational Assistance Program
Diversity, Equity & Inclusion:
We, at CMS Energy, value Diversity, Equity, & Inclusion. It is part of our DNA. We treat our employees with respect, we treat each other fairly and we value the opinions of others. We are passionate about building and nurturing an environment where everyone feels included. We don’t discriminate. We seek to learn about each other and better understand our unique differences. Our uniqueness makes us authentic. We create safe spaces where everyone can be who they truly are. We invite difficult conversations and uncomfortable topics. We value diverse perspectives; this is what makes us great together. We harbor an inclusive environment where employees feel empowered to share their backgrounds, experiences, and ideas. Our Employee Resource Groups, Women in Energy (WE), Minority Advisory Panel (MAP), Pride Alliance of Consumers Energy (PACE), GENERGY, capABLE, Interfaith and Veterans Advisory Panel (VAP) are key enablers to living the values of our company culture: Caring, Empowered, Deliberate, Agility, and Ownership.
All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, age, sexual orientation, gender identity or national origin.
Consumers Energy is an Equal Opportunity Employer, please review our Equal Employment Opportunity Policy, Family and Medical Leave Act, and Military Leave Allowance. CMS Energy endeavors to make https://careers.consumersenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact our team at e‑recruiting@cmsenergy.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. ACCOMMODATION NOTICE: Federal law and many state laws require employers to make accommodations to disabled applicants and employees where the accommodation does not impose an undue hardship on the employer. For those applicants seeking a position within the State of Michigan, a disabled individual needing accommodation for employment must notify the employer in writing within 182 days after the need is known or should have been known. Michigan law provides that failure of a Michigan employee to properly notify the employer will preclude any claim that the employer failed to accommodate the disabled individual. However, this does not waive an individual’s right under the Americans with Disabilities Act of 1990, as amended, which sets no time limit for requesting an accommodation nor does it require such accommodation to be in writing.
#J-18808-Ljbffr