# Enterprise Security Engineer

**Company:** [Benchling](https://hotfix.jobs/companies/benchling)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $189k – $256k/yr
**Experience:** 5+ years
**Skills:** Okta, SSO, SCIM, MFA, Zero Trust, SAML, OIDC, Oauth 2.0, MDM, Fleet, AWS, GCP, Azure, Python, Pam
**Posted:** 2026-06-04

> Enterprise Security Engineer building zero trust architecture, IAM controls, and macOS MDM at a biotech AI platform. Requires 5+ years security/IAM experience with deep Okta and identity protocol expertise.

## Job Description

## Responsibilities
- Drive the organization's zero trust strategy end to end — treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions
- Design and maintain least-privilege access patterns, Just-in-Time (JIT) access, and Privileged Access Management (PAM) controls
- Deploy, configure, and maintain MDM infrastructure for the macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisions
- Enforce SSO-required policies, review and restrict OAuth scopes, and audit third-party integration access
- Build processes and tooling to detect shadow IT, unauthorized OAuth app grants, and SaaS tools that bypass identity controls
- Evaluate and deploy AI-native security tooling where it demonstrably reduces analyst burden or closes coverage gaps faster than traditional approaches
- Define and enforce security standards for AI agent and LLM service identities — including scoped API keys, short-lived credentials, and workload identity federation
- Develop and enforce CIS/NIST-aligned configuration baselines
- Meaningfully reduce manual toil through automation and, where applicable, AI-assisted tooling

## Requirements
- 5+ years in a security engineering or IAM-focused role
- Deep, hands-on IdP expertise (preferably Okta) — SSO, SCIM, MFA, Lifecycle Management, and NHI management
- Demonstrated experience implementing zero trust architecture in practice — continuous verification, device trust integration, and least-privilege enforcement
- Strong working knowledge of identity protocols: SAML, OIDC, OAuth 2.0, and SCIM
- Proficiency managing macOS endpoints at scale using Fleet or an equivalent MDM platform
- Foundational cloud IAM experience across at least one major provider (AWS, GCP, or Azure)
- Demonstrated track record of building automation that eliminated recurring manual work
- Scripting proficiency in at least one language, preferably Python
- Excellent communication skills
- Strong understanding of operating systems fundamentals (macOS/Linux/Windows)

## Nice-to-Haves
- Experience with ZTNA platforms (Cloudflare Access, Zscaler Private Access, Tailscale, or similar)
- Hands-on use of AI coding assistants (Copilot, Claude, Cursor, or similar)
- Experience governing AI/ML service identities or securing LLM API integrations
- Familiarity with PAM solutions such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged Access
- Okta Certified Administrator, Okta Certified Consultant, or equivalent certification

## Similar roles

- [Detection & Response Security Engineer](https://hotfix.jobs/jobs/d9b874cd-5256-437a-b42b-cacd3aceaaa4) - Harvey - San Francisco, CA - $188k – $282k/yr
- [Product Security Engineer](https://hotfix.jobs/jobs/17d9ed0a-1df5-498e-af1c-1644bd4940e0) - Airtable - Remote - $187k – $260k/yr
- [Security Engineer, Privacy](https://hotfix.jobs/jobs/21a248c5-bba3-4587-adc6-041fbbed1e1a) - Ramp - New York, NY - $185k – $375k/yr
- [Manager, Security Operations](https://hotfix.jobs/jobs/200f94c8-0a36-4042-b17d-4ca1769be31f) - Rula - Remote - $194k – $217k/yr
- [Security Engineer, Infrastructure Security](https://hotfix.jobs/jobs/07228b27-48b3-41af-8e9a-208076e63fac) - OpenAI - Remote - $184k – $385k/yr

**Apply:** https://hotfix.jobs/jobs/c5a8b575-ef52-45c3-ab89-7b19a3a5bb5c
**Canonical:** https://hotfix.jobs/jobs/c5a8b575-ef52-45c3-ab89-7b19a3a5bb5c