Lead Cybersecurity Specialist

About Legence Legence (Nasdaq: LGN) is a leading provider of engineering, consulting, installation, and maintenance services for mission-critical systems in buildings. The company specializes in designing, fabricating, and installing complex HVAC, process piping, and other mechanical, electrical, and plumbing (MEP) systems—enhancing energy efficiency, reliability, and sustainability in new and existing facilities. Legence also delivers long-term performance through strategic upgrades and holistic solutions. Serving some of the world’s most technically demanding sectors, Legence counts over 60% of the Nasdaq-100 Index among its clients.

Location: Remote, United States. Near Legence office preferred. The Lead Cybersecurity Specialist within the Legence IT Security organization will be responsible for helping advance the company’s overall security posture. This role goes beyond operational support to include architecture, risk strategy, and cross-functional leadership. This role will work with other IT pillars and team members to implement, and continuously improve security controls that protect enterprise systems, cloud environments, and data against evolving threats while aligning with business objectives and regulatory requirements. This role will provide team leadership to junior staff members About the Role We are seeking a highly skilled Lead Cybersecurity Specialist to lead a team of cyber analysts tasked with advancing Legence’s security posture and reducing risk. This role is critical to ensuring the integrity, reliability, and security of our IT systems and processes. The ideal candidate will bring deep cyber experience, the ability to develop team members, the ability to communicate with business and IT partners, and a focus in ITGC audits, tool selection, continuous improvement, and cross-functional project management. Key Responsibilities

• Cloud Security & Architecture

◦ Ensure the implementation and governance of secure cloud architectures across platforms. ◦ Continue development, enforcement, and governance of cyber security controls (including identity, access management, and workload protection). ◦ Partner with engineering teams to embed security into cloud-native development and DevOps processes (DevSecOps).

• Enterprise Risk Management

◦ Evolve the organization’s security risk management program. ◦ Conduct risk assessments, threat modeling, and control evaluations. ◦ Translate technical risks into business impact and present recommendations to senior leadership.

• Security Engineering & Automation

◦ Develop and maintain advanced automation frameworks and scripts to improve detection, response, and compliance capabilities. ◦ Lead efforts to integrate security tooling (SIEM, EDR, CSPM, etc.) into a cohesive security ecosystem.

• Threat Detection & Incident Response

◦ Oversee monitoring and detection strategies across networks, endpoints, and cloud environments. ◦ Lead incident response efforts, including triage, containment, root cause analysis, and post-incident improvements. ◦ Drive continuous improvement of detection use cases and response playbooks.

• Vulnerability Management & Offensive Security

◦ Lead vulnerability management lifecycle, including scanning, prioritization, and remediation strategies. ◦ Coordinate perform penetration testing and adversary simulations. ◦ Provide expert guidance on remediation and risk prioritization.

• Governance, Compliance & Security Strategy

◦ Support and help shape governance, risk, and compliance initiatives (e.g., NIST, ISO, SOC 2). ◦ Lead security assessments, audits, and third-party risk reviews. ◦ Contribute to long-term cybersecurity strategy, roadmap planning, and security metrics reporting.

• Leadership & Collaboration

◦ Act as a technical mentor and escalation point for junior analysts and engineers. ◦ Oversee the career development of security team members ◦ Collaborate with IT, engineering, and business stakeholders to align security initiatives with organizational goals. ◦ Stay ahead of emerging threats, technologies, and industry trends, bringing proactive recommendations to leadership. Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 5–10+ years of experience in cybersecurity, with demonstrated progression into senior or lead responsibilities.
• Deep expertise in cloud security, network security, and enterprise security architecture.
• Strong experience with security technologies such as SIEM, EDR, IDS/IPS, firewalls, and encryption.
• Proven experience in risk management, incident response, and vulnerability management.
• Proficiency in scripting or programming (e.g., Python, PowerShell, Bash) for automation and security engineering.
• Experience with security frameworks and compliance standards (e.g., NIST, ISO 27001, CIS).
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication skills, with the ability to influence technical and non-technical stakeholders.

Preferred Qualifications

• Industry certifications such as CISSP, CISM, CCSP, or GIAC.
• Experience leading security initiatives or small teams.

Compensation: $125k-$165k, depending on experience

Benefits Overview 401(k) Plan with Company Match: Currently match contributions dollar-for-dollar up to 4% of eligible pay; immediate vesting. Health & Welfare Benefits: Employer provided medical, dental, vision, prescription drug, Employee Assistance Program and accident & illness coverage. Life and Disability Insurance: Employer provided basic life insurance and AD&D valued at 50K coverage amount with the option for voluntary buy up for additional coverage. Time Off: Flexible non-accrual vacation; company holidays per policy. (For California employees, this is separate from California paid sick leave, if applicable.) Expenses: Business travel and related expenses reimbursed per company policy. Reasonable Accommodations If you need assistance or accommodations during the application or interview process, please contact us at ta@wearelegence.com or your dedicated recruiter with the job title and requisition number. Employment Eligibility Candidates must have current work authorization in the U.S.; visa sponsorship is not available for this position. Third-Party Recruiting Disclaimer Legence and its affiliates do not accept unsolicited resumes from agencies; any such submissions without a prior signed agreement authorized by Legence Holdings LLC's CHRO or Director of Talent Acquisition will not incur fees and are considered property of Legence. Pay Disclosure & Considerations Where pay ranges are indicated, please note that a successful candidate’s exact pay will be determined based relevant job-related factors, including any of the following: candidate’s experience, skills, and qualifications, as well as geographic and market considerations. We are committed to ensuring fair and competitive compensation for all employees and comply with all applicable salary transparency laws. Equal Employment Opportunity Employer Legence and its affiliate companies are proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), marital or familial status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, other non-merit-based factors, and any other characteristic protected under applicable local, state or federal laws and regulations. EEO is the Law