Cliffs Natural Resources

IT Security Engineer

Location: Cleveland, OH
Country: United States
Job Code: 2974
Position Type: Salary


About Cleveland-Cliffs Inc.

Founded in 1847, Cleveland-Cliffs Inc. is the largest and oldest independent iron ore mining company in the United States. We are a major supplier of iron ore pellets to the North American steel industry from our mines and pellet plants located in Michigan and Minnesota. By 2020, Cliffs expects to be the sole producer of hot briquetted iron (HBI) in the Great Lakes region with the development of its first production plant in Toledo, OH. Driven by the core values of safety, social, environmental and capital stewardship, our employees endeavor to provide all stakeholders with operating and financial transparency. For more information, visit

Thank you for your interest in exploring a career opportunity with Cleveland-Cliffs. Our Career site is updated daily with new opportunities, so please check back often.



Summary of Principle Functions

The IT Security Engineer evaluates and monitors information security related configurations, processes and controls across the company.  This role researches, recommends, implements, and maintains changes to enhance information systems security. The incumbent will interface with infrastructure engineering/architecture resources, software application administrators, database administrators, network engineers, as well as senior management, and mine site/field services resources.

This role manages medium to large initiatives to enhance the security posture of the organization which is composed of over 800 network devices supporting 2,000+ end users. This role will provide support to systems and projects and will work with teams across many different technical disciplines and geographic locations.

This role will also identify and investigate anomalies and produces status reports and metrics reflecting the current state of security within the company.  This may include performing forensic captures in accordance with defined procedures and chain of custody requirements.

Specific Responsibilities/Essential Functions

  • This role will be responsible to help manage vulnerability management, identity access management (including single-sign-on), privileged account management, end point protection, email filtering, threat prevention and detection, incident response, security vendor management (and working with outside vendors on security assessments and penetration testing), and responding to a centralized security information and event management system (that is externally managed).

  • Identifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the companies applications or infrastructure and recommends mitigating controls to reduce the companies risk

  • Maintain workable knowledge and understanding of information security, risk management and regulatory compliance topics.Maintains professional/technical currency of information security knowledge

  • Point of contact for the security information and event management process for all monitoring, logging, alerting, auditing and reporting on threats, vulnerabilities and breaches. Working with managed service provider, determine the appropriate thresholds and monitor the environment for anomalous behavior

  • Knowledgeable in the “white-hat” use of hacking tool and techniques and skilled in Active Directory management and concepts

  • Technical responsibilities for working on security events and incident response management

  • Conduct assessments of the businesses’ compliance to information security policy in the areas of manual or automated processes, procedures and access control

  • Work with internal and external audit to acquire and maintain knowledge of current Cleveland-Cliffs standards, policies, procedures and audit requirements. Communicates with intra and inter-department team members as required, as well as members of Cleveland-Cliffs’ technical and project management teams

  • Perform additional duties as directed by the Manager of Infrastructure & Security Services

  • Provide support for other team members as required

  • Ability to respond to emergency service calls at any time outside of normally assigned work hours

  • Willingness and ability to commute between Cleveland and Canton data centers on an as needed basis.

  • Willingness to travel up to 10%, including international travel, and be flexible to work various hours to accommodate international business needs

Education/Experience Requirements


  • Bachelor’s Degree in a related field or 5+ years equivalent IT experience with a minimum of 2-3 years security experience
  • Security certifications (such as GISF or GSEC) preferred but not required
  • Related industry experience is preferred.
  • Knowledge of mining business and systems a plus.


  • Experience with vulnerability management toolsets, hacking toolsets, and security information and event management systems (Qualys and AlienVault highly preferred). Past experience developing dashboards and reports to measure the company’s security posture

  • Installation, integration and support of Microsoft technologies including all versions of Windows and Windows Server, VMware, Active Directory, Group Policies, DNS, and DHCP.Knowledge of an Office 365 environment would be a plus.

  • Managing and maintaining end-point protection and application security platforms (Cylance and Malwarebytes experience is highly preferred)

  • Experience with managing a privileged account management solution (CyberArk highly desired)

  • Previous experience with administering email filtering and threat prevention modules (ProofPoint highly preferred)

  • Previous experience with managing Microsoft file server security permission and auditing tools

  • Experience with a threat detection and incident response program, ideal candidate will have leveraged a tool like ProofPoint Threat Response and Darktrace

  • Security vendor management experience and the ability to work with these vendors on security assessments and penetration testing

  • Effectively able to diagnose/troubleshoot on various security technologies

  • Ability to communicate with and understand the needs of non-technical constituents, both internal and external

  • Demonstrated experience working on projects, training, designing process solutions, and directly interacting with customers

Are you a returning applicant?

Previous Applicants:

If you do not remember your password click here.

Back to Search Results

New Search

Powered By Taleo