Skip to content
CrusoeCrusoeSan Francisco, CA

Endpoint Security Engineer

Security Engineer responsible for endpoint security architecture, MDM administration (Jamf, Intune), compliance enforcement, and automation across macOS, Windows, iOS, and Android devices. Requires 3-6 years MDM experience, OSQuery/CrowdStrike expertise, and a security-first mindset.

170k – 205k
On-site3+ YOESecurity Engineering

About the role

What You'll Be Working On

  • Administer and continuously improve Jamf and Microsoft Intune environments across all managed device types: macOS, Windows, iOS, and Android; maintain configuration profiles, compliance policies, app deployment packages, and OS update enforcement across all platforms.
  • Build and maintain automated enrollment workflows including Apple Business Manager (ABM) and Windows Autopilot for zero-touch provisioning at scale.
  • Own a structured patch management program with clear SLAs for OS and application updates across all device platforms.
  • Define and enforce device compliance baselines aligned with Crusoe security standards and frameworks including CIS Benchmarks and SOC 2; integrate MDM telemetry with EDR and SIEM tooling for compliance drift visibility and proactive remediation.
  • Partner with Security on device trust policies, Conditional Access enforcement, certificate-based authentication rollout (SCEP/PKCS), and network-level access control for certificate-based Wi-Fi and VPN authentication.
  • Build and maintain scripts and automation in Bash, Python, or PowerShell to reduce manual IT workload; develop self-service tooling that puts routine fixes and software requests directly in employees’ hands.
  • Own MDM runbooks, device policy documentation, and asset records; contribute to the standardization of enrollment workflows, naming conventions, and configuration baselines across all platforms.
  • Serve as the MDM escalation point in the IT on-call rotation; partner with People Operations on seamless device provisioning and deprovisioning; mentor junior IT team members on endpoint management practices.

What You'll Bring to the Team

  • Foundational Security Experience: Demonstrated experience with OSQuery and CrowdStrike (XDR/EDR) for endpoint visibility and threat detection.
  • Identity & Access Management: Deep understanding of Okta (Device Trust/FastPass) and Entra ID (Conditional Access).
  • MDM/Endpoint Management: 3–6 years of experience with Jamf/Kandji and Microsoft Intune (Autopilot, Compliance Policies, App Protection).
  • Independent Engineering: A "Security-First" mindset and proven ability to drive R&D initiatives from planning through implementation independently, with a focus on automating security controls.
  • Scripting & Automation: Proficiency in Bash, Python, or PowerShell for device policy automation, packaging, and remediation.
  • Infrastructure Knowledge: Strong understanding of certificate infrastructure (SCEP, PKCS) and experience with Absolute for Windows persistence.
  • Strong documentation habits, ownership mindset, and ability to communicate technical policies to non-technical stakeholders.
  • Bachelor’s degree in IT, Computer Science, or equivalent practical experience.
  • OSQuery and CrowdStrike expertise, demonstrable experience leveraging OSQuery for endpoint visibility and administering CrowdStrike for threat detection and response; these are foundational to our security visibility and enforcement strategy.

Bonus Points

  • Jamf Pro administration experience: Smart Groups, configuration profiles, and Jamf Connect or equivalent SSO integration.
  • Experience with Jamf Protect, Microsoft Defender for Endpoint, or equivalent EDR tooling.
  • Familiarity with Linux endpoint management via Fleet, Puppet, or similar.
  • Apple Certified Support Professional (ACSP) or equivalent MDM certification.
  • Exposure to SIEM tooling and endpoint log pipelines.
  • Experience at a high-growth technology company through a period of rapid headcount scaling.

Benefits

  • Competitive compensation and equity packages
  • Restricted Stock Units
  • Paid time off, paid holidays & leave of absence programs
  • Comprehensive health, dental & vision insurance
  • Employer contributions to HSA account
  • Paid parental leave
  • Paid life insurance, short-term and long-term disability
  • Professional development & tuition reimbursement
  • Mental health & wellness support
  • Commuter benefits (parking & transit)
  • Cell phone stipend
  • 401(k) Retirement plan with company match up to 4% of salary
  • Volunteer time off
  • Global travel insurance & emergency assistance
  • Daily meals allowance
  • Additional perks & programs specific to location

Compensation Range Compensation will be paid in the range of up to $170,000 - $205,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data.

Skills

OsqueryCrowdstrikeJamfMicrosoft IntuneOktaEntra IdBashPythonPowerShellScepPkcsCis BenchmarksSOC 2EdrSIEM
Suno

Software Engineer, Trust & Safety

SunoSan Francisco, CA

Suno is seeking a Software Engineer, Trust & Safety to protect its platform and users from abuse, fraud, and harmful content. This role involves building data pipelines, anomaly detection systems, and internal tools to ensure user safety and platform integrity.

170k – 240k
On-site3+ YOESecurity Engineering
Lumin Digital

Vulnerability Automation Engineer

Lumin DigitalUnited States

Designs and builds autonomous vulnerability automation pipelines using AI tools to discover assets, scan vulnerabilities, harden configurations, and auto-remediate in cloud-native environments. Requires 5+ years in security engineering, DevSecOps, IaC, and cloud security tools.

170k – 190k
Remote5+ YOESecurity Engineering
Siftstack

Software Engineer, Security Infrastructure

SiftstackMarina del Rey, CA +2

Builds and automates security controls, tooling, and compliance for AWS, Kubernetes, and CI/CD in cloud-native environments. Requires 4+ years in security engineering with hands-on IaC, scripting, and frameworks like SOC 2/FedRAMP.

170k – 220k
Hybrid4+ YOESecurity Engineering
Clickhouse

Incident Response Security Engineer

ClickhouseUnited States

Handles security incidents, develops detection and response processes, maintains logging platforms, and automates risk mitigation for cloud services. Requires experience in incident response, threat modeling, cloud security, and programming in Golang/Python.

169k – 225k
RemoteSecurity Engineering
Liftoff

Security Engineer, Detection & Response

LiftoffUnited States

Security Engineer focused on operating the SIEM, building AI-augmented detection tooling, triaging alerts, and leading incident response for a high-scale mobile adtech platform.

172k – 240k
Remote5+ YOESecurity Engineering