Security Lead Software Engineer

McMaster‑Carr is a leading e‑commerce company that industrial customers have trusted for more than 120 years. Our products help customers restore manufacturing lines quickly, keep operations running smoothly, and prototype the next generation of innovative products.

We earn that trust by offering the right products, making them easy to find, and delivering them fast--so customers can solve problems with speed, precision, and confidence. This role is a pathway to senior engineering management and technical leadership—your growth is determined by your impact, not by tenure.

We intentionally cultivate a culture focused on clear execution and long‑term growth. We are responsible for securing systems that endure for decades and support the company’s long-term growth. That responsibility means engineering work starts with a deep understanding of the problem and its impact, grounded in clear ownership, open communication, and direct feedback. Our teams are trusted to make thoughtful decisions about how work gets done, balancing a high bar for quality with practical execution.

Our security engineering team protects the entirety of our IT and OT infrastructure: thousands of end-user devices across multiple facilities, automation equipment in distribution facilities, network devices and servers in company data centers, and our customer-facing eCommerce experience. You’ll identify, define and lead work to reduce the risks we face as a company.

As a Lead Security Engineer, you’ll work on projects like:

• Detection, Response, and Risk Prioritization: Building and improving detection and response capabilities and assessing vulnerabilities in context-- understanding which issues pose real risk in our environment and prioritizing remediation accordingly.
• Security Engineering & Automation: Developing custom security tooling, automation, and response playbooks that improve response speed and reduce operational noise. Designing scalable, maintainable security workflows that integrate cleanly with existing engineering systems.
• Cloud & Infrastructure Security: Designing and implementing scalable cloud security controls as we migrate and modernize our infrastructure, and researching and evaluating new security solutions.
• Innovation & Emerging Technologies: Experimenting with LLM-driven workflows for security analysis and automation.

We’re looking for a hands-on security engineer who thrives in complex environments and enjoys solving challenging, ambiguous problems. Our ideal candidate will have:

• Hands-on experience in security operations, including detection, response, and vulnerability management.
• A thoughtful, analytical approach to prioritizing real-world risks.
• Experience with both offensive and defensive security techniques
• A strong foundation in network security, server administration or vulnerability management.
• Scripting ability in PowerShell or Python

• Security, Monitoring & Vulnerability Management: Splunk, Tenable, Carbon Black, Symantec, Active Directory/Entra ID, ForeScout, Proofpoint, Checkpoint, Wireshark, tcpdump
• Scripting: Python, PowerShell
• Infrastructure: Azure, Linux, Kubernetes, Cisco ACI, GitLab, VMWare, Linux
• LLMs: Copilot, OpenAI, Gemini, Claude

• 100% tuition reimbursement
• Informal and formal mentorship
• Employee resource groups

• Medical, dental, pharmacy, and vision plans with no monthly premiums
• Inclusive, all-gender benefits

• Paid parental leave for all new parents
• Adoption and surrogacy assistance
• First-time home buyer assistance
• Industry-leading company-funded retirement accounts

• Paid vacation and personal time

We are proud to be an Equal Opportunity Employer and dedicated to providing employees a workplace with reasonable accommodations and free of discrimination, harassment, and retaliation. At McMaster-Carr, we do not make employment decisions based on age, ethnicity, citizenship status, military status, gender identity and expression, race, religion, disability status, marital status, sexual orientation, or any other legally protected group.

This position is not eligible for work authorization sponsorship by McMaster-Carr.

We may collect professional, education and employment-related data, and any assessments made throughout the recruiting process, to evaluate candidacy for employment. To communicate with job applicants, we may collect applicant names, contact information, and other personal identifiers, including those outlined in the California customer records statute. Through voluntary disclosure, we may also collect protected classifications under federal or California law (e.g., race, gender, etc.). For additional details about the personal information we collect and its uses, please click here.