Senior Security Automation Engineer building centralized security telemetry, universal identity provisioning, and agentic risk engines to enable continuous compliance, self-healing controls, and real-time risk visibility at ClickHouse. Requires strong IAM/IGA and automation experience with Python, JS/TS, or Go.
125k – 205k
Remote5+ YOESecurity Engineering
About the role
What you will do
Build the Security Telemetry and Risk Fabric
Translate control frameworks into layered control implementations that prevent risks from being exploited and detect possible weaknesses within control design. Shift from reactive monitoring to self-healing security, preventing compliance drift before it becomes an audit finding.
Engineer a centralized security telemetry system that programmatically captures control evidence and health in real-time, transitioning from manual snapshots to continuous data streams for an 'always-on' view of our security posture.
Engineer specialized automation that acts as its own continuous audit function to minimize findings and provide real-time insights into our automated control performance. Extend visibility into our proprietary applications and complex internal workflows, ensuring our most critical controls are continuously validated.
Partner with our risk management function to build a secure mechanism to generate agentic risk assessments workflows using the data and results from what is collected.
Architect Universal Identity and Access Automation
Architect solutions for systems that lack native IGA support (proprietary databases, custom apps, and niche SaaS) to ensure instant account creation and de-provisioning—eliminating tickets, wait-times, and providing maximum observability into the state of Clickhouse identities.
Architect the complex, high-trust workflows required for support teams to access customer-specific instances, ensuring actions are customer-approved, strictly time-bound, and automatically revoked via a "Trust-by-Design" model.
Transition "hidden" access managed by disparate business units into a single, observable permissions inventory, gaining 100% visibility into permissions at the authZ level across our full suite of applications.
Develop automation to continuously discover and inventory secrets, credentials, and API keys throughout the environment, providing aging and rotation intervals for long lived keys.
Mitigate audit risks by ensuring automated de-provisioning for local identities, API keys, and persistent permissions across all target systems.
Partner Across Security, Engineering and Product
Work in tandem with GRC, Finance, and Security to build custom, bulletproof automation for compliance with different audit frameworks.
Eliminate the "Productivity Anchor" by removing manual provisioning workflows that slow down projects and flood teams with low-value administrative tickets.
What you bring along
Security & Automation Engineering Depth
Strong hands-on background in security automation and identity engineering (IAM/IGA).
Strong proficiency in at least one commonly used programming language to build scalable automation. Experience with Python, JavaScript (TypeScript highly preferred), or Go is required.
Experience building scalable and reliable automation ecosystems.
Familiarity with compliance automation, continuous control monitoring, and extending GRC tools to meet the granular requirements of a variety of compliance frameworks.
Understanding of risks associated with change management, logical access, and data integrity.
Execution and Delivery
Demonstrated ability to translate complex security/GRC mandates into automated workflows and self-healing technical guardrails.
Strong instincts for eliminating operational friction and the engineering "interruption tax."
Experience delivering continuous data streams for security posture and risk validation.
Bonus Points
BS, MS, or PhD in Computer Science or related field.
Previous experience at a cloud infrastructure, database, or developer tools company.
Experience with AI/Agentic risk engines and non-deterministic risk assessments.
Lead client-facing vCISO and GRC consulting engagements for SOC 2, ISO 27001, NIST, and CMMC compliance. Manage a team of consultants while advising executives on security program design, risk prioritization, audit readiness, and control implementation.
125k – 125k
On-site6+ YOESecurity Engineering
Senior GRC Analyst
Radar LabsNew York, NY
Senior GRC Analyst scaling security and compliance programs with focus on third-party risk, SaaS governance, and AI tool evaluation. Requires 4+ years experience and SOC 2 audit support.
125k – 160k
On-site4+ YOESecurity Engineering
Corporate Security Lead
Northwood SpaceLos Angeles, CA +1
Builds and leads corporate IT security operations including helpdesk, endpoint management, SIEM deployment, and team hiring for a space communications company. Requires 5+ years in IT/security/DevSecOps, hands-on tools like Okta and AWS, and compliance knowledge.
125k – 206k
On-site5+ YOESecurity Engineering
Senior Software Engineer, Server Security
MongoDBNew York, NY
Senior Software Engineer builds and tests security features like cryptography, identity/access, and network security in MongoDB's C++ codebase. Requires 5+ years in distributed systems and proficiency in compiled languages like C++ or Rust.
Build automation, tooling, and secure software systems as part of Pinterest's Corporate Security team. Integrate security into development lifecycles, improve threat detection/remediation, and leverage AI while maintaining critical verification and ownership.