Enterprise Security Engineer building zero trust architecture, IAM controls, and macOS MDM at a biotech AI platform. Requires 5+ years security/IAM experience with deep Okta and identity protocol expertise.
189k – 256k/yr
Hybrid5+ YOESecurity Engineering
About the role
Responsibilities
Drive the organization's zero trust strategy end to end — treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions
Design and maintain least-privilege access patterns, Just-in-Time (JIT) access, and Privileged Access Management (PAM) controls
Deploy, configure, and maintain MDM infrastructure for the macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisions
Enforce SSO-required policies, review and restrict OAuth scopes, and audit third-party integration access
Build processes and tooling to detect shadow IT, unauthorized OAuth app grants, and SaaS tools that bypass identity controls
Evaluate and deploy AI-native security tooling where it demonstrably reduces analyst burden or closes coverage gaps faster than traditional approaches
Define and enforce security standards for AI agent and LLM service identities — including scoped API keys, short-lived credentials, and workload identity federation
Develop and enforce CIS/NIST-aligned configuration baselines
Meaningfully reduce manual toil through automation and, where applicable, AI-assisted tooling
Requirements
5+ years in a security engineering or IAM-focused role
Demonstrated experience implementing zero trust architecture in practice — continuous verification, device trust integration, and least-privilege enforcement
Strong working knowledge of identity protocols: SAML, OIDC, OAuth 2.0, and SCIM
Proficiency managing macOS endpoints at scale using Fleet or an equivalent MDM platform
Foundational cloud IAM experience across at least one major provider (AWS, GCP, or Azure)
Demonstrated track record of building automation that eliminated recurring manual work
Scripting proficiency in at least one language, preferably Python
Excellent communication skills
Strong understanding of operating systems fundamentals (macOS/Linux/Windows)
Nice-to-Haves
Experience with ZTNA platforms (Cloudflare Access, Zscaler Private Access, Tailscale, or similar)
Hands-on use of AI coding assistants (Copilot, Claude, Cursor, or similar)
Experience governing AI/ML service identities or securing LLM API integrations
Familiarity with PAM solutions such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged Access
Okta Certified Administrator, Okta Certified Consultant, or equivalent certification
Offensive-minded blue teamer building and leading Harvey's Detection & Response program. Develop threat scenarios, detection rules, data pipelines on ClickHouse, and lead incident response for their AI platform. Requires 4+ years in security/SRE/software engineering with hands-on incident response and weakness discovery experience.
188k – 282k/yr
Hybrid4+ YOESecurity Engineering
Product Security Engineer
AirtableSan Francisco, CA +3
Builds security frameworks, automated guardrails, and threat modeling for Airtable's platform, focusing on AI/LLM safety and application security. Partners with engineering teams; requires 4+ years product security experience and proficiency in JS/TS/Node.js.
187k – 260k/yr
Remote4+ YOESecurity Engineering
Security Engineer, Privacy
RampNew York, NY +1
Build privacy-focused primitives, integrate into products, partner on secure designs, and manage data retention/anonymization while tracking legal standards. Requires 4+ years software experience, 2+ years in privacy/security.
185k – 375k/yr
Hybrid4+ YOESecurity Engineering
Manager, Security Operations
RulaLos Angeles, CA
Lead and manage a security operations team responsible for detection, incident response, and security automation while coaching engineers and managing vendor relationships. Requires 5+ years in security operations and 2+ years of people management experience.
194k – 217k/yr
Remote5+ YOESecurity Engineering
Security Engineer, Infrastructure Security
OpenAISan Francisco, CA +3
Designs and builds security controls for infrastructure including GPU clusters, multi-cloud setups, datacenters, Kubernetes, and networks to protect AI models and data from advanced threats. Requires deep security expertise, cloud platform knowledge, and proactive problem-solving across on-prem and cloud environments.