diff --git a/main.tf b/main.tf
index b1bca38..e1a2923 100644
--- a/main.tf
+++ b/main.tf
@@ -83,7 +83,8 @@ resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
     task_count          = 1
     task_definition_arn = aws_ecs_task_definition.this.arn
     network_configuration {
-      subnets = var.subnet_ids
+      subnets         = var.subnet_ids
+      security_groups = var.security_group_ids
     }
   }
 }
diff --git a/variables.tf b/variables.tf
index b5a49bd..141ac16 100644
--- a/variables.tf
+++ b/variables.tf
@@ -33,6 +33,11 @@ variable "subnet_ids" {
   description = "Subnets where the job will be run"
 }
 
+variable "security_group_ids" {
+  type        = list(string)
+  description = "Security groups to associate with the job"
+}
+
 variable "cloudwatch_schedule_expression" {
   type        = string
   description = "AWS cron schedule expression"
@@ -52,4 +57,4 @@ variable "task_role_arn" {
 variable "ecs_task_execution_role_name" {
   default     = ""
   description = "If the default AWS ECSTaskExecutionRole is not sufficient for your needs, you can provide your own ECS Task Execution Role here.  The module will attach a CloudWatch policy for logging purposes."
-}
\ No newline at end of file
+}