Security Engineer, Corporate Security

What You'll Achieve

• Harden our identity and access management stack, including Okta and Google Workspace, with phishing-resistant MFA, strong SSO and SCIM lifecycles, and least-privilege access across SaaS.
• Run our endpoint security program across a macOS-first fleet, including MDM, EDR, and configuration baselines, with working coverage for Windows and ChromeOS.
• Secure AI tool usage at the endpoint, including governance of large language models, AI agents, and model context protocol (MCP) integrations; detect and prevent unauthorized or risky AI service access and data exfiltration through AI-enabled tools.
• Reduce SaaS risk at scale through SSPM tooling and custom automation, including detection of risky OAuth grants, excessive permissions, shadow IT, and configuration drift.
• Write code (Python, Terraform) to automate access reviews, onboarding and offboarding, configuration drift detection, and audit evidence collection.
• Partner with Detection & Response to ensure corporate systems produce the telemetry needed to detect identity, endpoint, and SaaS abuse.
• Support SOC 2, ISO 27001, and customer audits as a byproduct of good engineering, not a separate workstream.
• Partner with Detection & Response on investigation and response for corporate security incidents, including phishing, account compromise, lost devices, and BEC.

Nice to Haves

• Experience at a fast-growing tech or AI company where the security program had to outpace headcount.
• A background in IT engineering, SRE, or production engineering that transitioned into security engineering.
• Experience building internal security tooling or workflows that improved employee or developer experience.
• Contributions to the security community through open-source tools, blog posts, or conference talks.