Sr. Security Engineer, Corporate Information Security

Responsibilities

Identity & Access Architecture

• Define and evolve the workforce IAM roadmap
• Architect identity patterns across Okta and SaaS estate SSO at scale, RBAC design, and lifecycle automation from HRIS through joiner/mover/leaver
• Build sustainable Identity Governance & Administration (IGA) practice including User Access Review campaigns

Security Design

• Lead initiatives across authentication, authorization, federation, and privileged access
• Design time-bound, just-in-time, and break-glass patterns (PIM-equivalent) for high-risk roles
• Govern non-human identities, service accounts, API tokens, OAuth integrations, and AI agents
• Embed Zero Trust and least-privilege principles

Securing & Monitoring Corporate Communications

• Manage security of corporate communication platforms (email, Slack) through Abnormal Security and Proofpoint
• DLP enforcement to protect PII
• Conduct email investigations for spam, phishing, and other threats

Endpoint, Mobile & Browser Security

• Define and enforce hardening standards aligned with CIS benchmarks
• Own configuration baselines for macOS, Windows, and Linux Desktops
• Architect enterprise browser security, extension governance, session protection, and DLP at the browser layer

Vulnerability & Posture Management

• Lead workforce vulnerability management program for endpoints and corporate SaaS
• Design remediation SLAs by severity and asset class
• Run remediation campaigns to closure
• Operate SaaS posture tooling (Wiz, Vanta, Drata, or peers)

AI Tool Security

• Establish and enforce secure architecture for AI tool usage
• Define data handling boundaries, connector security, identity-aware access controls
• Implement detection for misuse with bias toward enabling business safely

Governance & Operations

• Run UAR campaigns end-to-end
• Drive remediation of audit findings (SOC 2, ISO 27001)
• Partner with MDR MSP and internal teams to mature identity-related detection and incident response

Requirements

• 6+ years in security engineering with deep experience in IAM and corporate security, ideally in a regulated environment
• Strong command of authentication and authorization protocols (SAML, OIDC, OAuth, SCIM, LDAP)
• Experience with enterprise IAM platforms (Okta, Entra ID), RBAC design, and lifecycle automation
• Familiarity with endpoint management and EDR; operationalizing CIS benchmarks across macOS and Windows
• Experience designing remediation SLAs, running remediation campaigns, and operating SaaS posture tooling (Wiz, Vanta, Drata)
• Comfortable building tools and pipelines with Python, Go, or similar
• Strong writing skills for RFCs, one-pagers, audit narratives
• Experience operating in SOC 2 and ISO 27001/NIST environments
• Experience with network monitoring & alerting, perimeter blocking, ZTNA, ACLs, firewall rules, cryptography, VPNs

Preferred Qualifications

• Hands-on experience with Privileged Access Management (CyberArk, BeyondTrust, Delinea)
• Identity Governance & Administration (Saviynt, SailPoint, ConductorOne, Lumos)
• Modern secrets management (HashiCorp Vault, Doppler)
• Zero Trust implementation experience
• Policy-as-code (OPA / Rego)
• Experience partnering with MDR / managed SOC
• Security certifications (CISSP or vendor IAM certifications)