Hands-on Corporate Security Engineer to own and improve technical controls across identity, endpoints, SaaS, and workforce infrastructure. Build scalable automation and partner with IT, Infrastructure, GRC, and Detection & Response.
220k – 260k/yr
HybridSecurity Engineering
About the role
What You'll Achieve
Harden our identity and access management stack, including Okta and Google Workspace, with phishing-resistant MFA, strong SSO and SCIM lifecycles, and least-privilege access across SaaS.
Run our endpoint security program across a macOS-first fleet, including MDM, EDR, and configuration baselines, with working coverage for Windows and ChromeOS.
Secure AI tool usage at the endpoint, including governance of large language models, AI agents, and model context protocol (MCP) integrations; detect and prevent unauthorized or risky AI service access and data exfiltration through AI-enabled tools.
Reduce SaaS risk at scale through SSPM tooling and custom automation, including detection of risky OAuth grants, excessive permissions, shadow IT, and configuration drift.
Write code (Python, Terraform) to automate access reviews, onboarding and offboarding, configuration drift detection, and audit evidence collection.
Partner with Detection & Response to ensure corporate systems produce the telemetry needed to detect identity, endpoint, and SaaS abuse.
Support SOC 2, ISO 27001, and customer audits as a byproduct of good engineering, not a separate workstream.
Partner with Detection & Response on investigation and response for corporate security incidents, including phishing, account compromise, lost devices, and BEC.
Nice to Haves
Experience at a fast-growing tech or AI company where the security program had to outpace headcount.
A background in IT engineering, SRE, or production engineering that transitioned into security engineering.
Experience building internal security tooling or workflows that improved employee or developer experience.
Contributions to the security community through open-source tools, blog posts, or conference talks.
Build and manage secure identity infrastructure including authentication (SSO, MFA, SAML/OAuth/OIDC) and authorization (ReBAC, RBAC, ABAC) systems for AI data platforms. Requires 4+ years in infrastructure/identity engineering with hands-on authorization frameworks like OpenFGA/Authzed and IaC tools.
216k – 270k/yr
On-site4+ YOESecurity Engineering
Security Engineer, Cloud
RampNew York, NY +1
Build and enhance cloud security infrastructure, drive security roadmap, remediate issues, and partner with teams for secure deployments. Requires 5+ years software experience, 3+ years AWS with Terraform.
211k – 291k/yr
Hybrid5+ YOESecurity Engineering
Software Engineer, Scaled Abuse
OpenAISan Francisco, CA
Build and operate backend and data systems for real-time fraud/abuse detection, investigation, and enforcement at OpenAI. Requires 5+ years backend engineering and 2+ years fraud/abuse experience.
230k – 385k/yr
On-site5+ YOESecurity Engineering
Software Engineer, Cyber Frontier
OpenAISan Francisco, CA
Build AI-powered security products and evaluation systems that help trusted defenders respond to cyber threats while ensuring responsible deployment of frontier AI models.
230k – 325k/yr
HybridSecurity Engineering
Security Engineer - Vuln Management (Infra)
ReplitFoster City, CA
Mid-level Infrastructure Vulnerability Management Engineer responsible for cloud security posture, IaC scanning, container vulnerability management, and compliance tracking across multi-cloud environments. Requires 5+ years in cloud security/DevSecOps with deep GCP expertise.