CorpSec Security Engineer II

About The Position

Requirements

• 3+ years in security or systems engineering, with 1+ year focused in a relevant sub-domain (identity, endpoint, SaaS security, cloud, etc.) in a cloud-first environment.
• Proficiency in a programming language (Python preferred; willing to learn others). You can write code, review code and build tooling → not just run scripts.
• Proficiency using AI tools (e.g. Claude Code, ChatGPT, Copilot) to accelerate security engineering work → writing automation, analyzing configurations, drafting documentation and triaging findings. You treat AI as a force multiplier, not a crutch.
• Experience managing a project from start to finish → requirements, milestones, triage, deployment.
• You've influenced other teams to take action on security risks by understanding the entire context and ensuring incentives are aligned.
• Knowledge of security industry frameworks relevant to your sub-domain and how to apply them.
• Real-world experience mitigating technical risks → with enough depth to make recommendations based on business risk level without hand-holding from stakeholders. You can articulate the full impact of a risk, explain potential solutions and lay out trade-offs clearly.
• Familiarity with IaC (Terraform/Pulumi) or strong willingness to learn fast.

Nice To Haves

• Hands-on with any of: Okta, Google Workspace admin, MDM, SIEM, endpoint security, SASE/ZTNA.
• Experience w/ AWS or GCP → you've been in a console, you've read a CloudTrail log.
• Familiarity with GitHub, CI/CD pipelines, or Kubernetes.
• Exposure to DLP, insider threat tooling, or SaaS posture management platforms (e.g. Obsidian, Trelica).
• You've written a runbook someone else actually used.

Responsibilities

• Harden SaaS & infrastructure → configure and maintain security controls across internal infrastructure and SaaS (Google Workspace, Okta, Salesforce, Slack, Workday). Find misconfigurations, fix them, document the fix.
• Enhance team-owned security technologies to better support internal assessments.
• Operate zero-trust controls → support least-privilege IAM enforcement across our stack. Validate policy compliance and escalate gaps with full risk context.
• Build automation → write tooling that improves risk detection, expedites response, or eliminates manual steps. Solutions should be logical, scalable and maintainable → not one-off scripts.
• Secure endpoints & devices → manage and improve MDM policies (Kandji, FleetDM), enforce device trust posture, support OS hardening baselines.
• Participate in reviews → join threat models, vendor security assessments and product design reviews. Provide constructive feedback via thorough reviews. Grow toward running these independently.
• Strengthen email & app controls → maintain email defense configurations, support OAuth app review workflows, flag and remediate risky integrations before they become incidents.
• Drive operational improvements → improve how systems are deployed, tested, logged and monitored. Refactor where it helps.
• Participate in the team oncall rotation. Resolve root causes, not just symptoms.
• Document and define → write and update runbooks. Help define team strategy. Explain standards to new hires. Act as an onboarding buddy when needed.

Benefits

• Flexible paid time off
• Health, dental, and vision
• 401k plan with company matching
• Paid parental, medical, military and family care leave
• Mental Health & Family Forming Benefits
• Employee Stock Purchase Plan (ESPP)
• Continuing education and travel benefits