Cybersecurity Engineer

Trupanion•Seattle, WA

12h•Hybrid

About The Position

Trupanion is seeking a Cybersecurity Engineer to help design, operate, and continuously improve the company’s security controls and tooling across its Microsoft 365/Azure environment and supporting on-prem systems. This role involves hands-on ownership of core security platforms, particularly the Microsoft Defender suite and Privileged Access Management (CyberArk), alongside strong security engineering practices like automation, integrations, hardening, and detection/response improvements. The ideal candidate is proactive, detail-oriented, and comfortable partnering with IT and engineering teams to reduce risk, respond to incidents, and deliver practical, measurable security outcomes. This position is open to candidates in the Seattle area and offers a hybrid remote/in-office schedule, requiring at least 3 days a week in the office.

Requirements

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent practical experience).
5+ years of hands-on security engineering experience supporting enterprise security platforms in Microsoft 365/Azure environments.
Deep expertise securing Microsoft 365 and Azure, including identity, endpoint, email, and cloud security controls.
Demonstrated experience administering Microsoft Defender components and/or XDR/SIEM platforms, including alert tuning, detection engineering, and incident response collaboration.
Experience implementing or operating Privileged Access Management (CyberArk preferred) and integrating PAM with identity and security monitoring systems, including policy configuration, privileged session controls, onboarding/offboarding, and operational troubleshooting.
Strong hands-on experience with the Microsoft Defender stack (Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, Defender Vulnerability Management) and associated investigation workflows.
Experience with XDR/SIEM operations and integration (e.g., Microsoft Sentinel or equivalent): alert triage, tuning, threat hunting, and automation/playbooks.
Strong identity and access management knowledge, including Entra ID (Azure AD), conditional access, MFA, least privilege, and role-based access control.
Security engineering fundamentals across Windows, macOS, and Linux, plus network and cloud concepts (TLS, DNS, routing, segmentation, logging).
Proficiency in scripting and automation (PowerShell and/or Python) to operationalize controls, integrate platforms, and improve reliability.
Experience with vulnerability management and remediation workflows, including scanning, prioritization, validation, and reporting.
Working knowledge of secure SDLC and DevSecOps practices, including CI/CD security checks, secrets handling, and infrastructure-as-code security.
Familiarity with security frameworks and controls (NIST, CIS, ISO 27001) and translating requirements into implementable technical standards.
Strong communication skills with the ability to explain security issues, tradeoffs, and remediation steps to both technical and non-technical stakeholders.
Excellent problem-solving, analytical skills, and the ability to prioritize and deliver across multiple concurrent initiatives.
Experience developing and maintaining runbooks, technical documentation, security guidelines, and reference architectures.

Nice To Haves

Relevant certifications (one or more preferred): Microsoft Security (e.g., SC-200/SC-300/SC-100), AZ-500, CISSP, CISM, GIAC, or equivalent.

Responsibilities

Engineer, operate, and continuously improve the Microsoft Defender security stack (e.g., Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, Defender Vulnerability Management) to protect endpoints, identities, email, and cloud applications.
Own and administer Privileged Access Management tool, including onboarding/offboarding privileged accounts, policy and workflow configuration, vault health, upgrades, and integrations.
Integrate Defender and PAM signals with SIEM/SOAR and ITSM workflows to improve detection fidelity, reduce false positives, and accelerate response and remediation.
Design and implement security engineering solutions across cloud and on-prem environments (primarily Azure/M365), including baseline hardening, configuration standards, and security control automation.
Develop and maintain security tooling lifecycle management (health, licensing, capacity, performance, roadmap, and upgrades), ensuring resilient and supportable operations.
Create and maintain detection engineering content: analytic rules/use cases, alert tuning, threat hunting queries, and automated response playbooks.
Perform security assessments and vulnerability management, including scanning, prioritization, remediation tracking, and validation of fixes in partnership with IT and engineering teams.
Partner with infrastructure, identity/IAM, and application teams to embed security controls into designs and delivery (secure-by-default patterns, CI/CD security checks, and least-privilege access).
Respond to security incidents as an engineering escalation point—triage alerts, contain threats, coordinate remediation, and drive root-cause fixes and preventive controls.
Produce clear, accurate, and up-to-date runbooks, procedures, and reference architectures for security tooling and operational processes.
Support audits and regulatory exams by providing evidence, control narratives, and technical subject-matter expertise for implemented security controls.
Stay current with emerging threats and Microsoft security capabilities; recommend and implement pragmatic improvements to Trupanion’s security posture.