Enterprise Security Engineer

About The Position

Requirements

• 5+ years in a security engineering or IAM-focused role
• Deep, hands-on IdP expertise (preferably Okta) — SSO, SCIM, MFA, Lifecycle Management, and NHI management are all areas you can speak to with depth and demonstrate in practice
• Demonstrated experience implementing zero trust architecture in practice — not just familiarity with the framework, but hands-on delivery of continuous verification, device trust integration, and least-privilege enforcement across an organization
• Strong working knowledge of identity protocols: SAML, OIDC, OAuth 2.0, and SCIM
• Proficiency managing macOS endpoints at scale using Fleet or an equivalent MDM platform
• Foundational cloud IAM experience across at least one major provider (AWS, GCP, or Azure) — enough to audit, scope, and remediate identity issues
• Demonstrated track record of building automation that eliminated recurring manual work
• Scripting proficiency in in at least one language, preferably Python
• Excellent communication skills, with the ability to engage effectively with both technical teams and non-technical stakeholders.
• Strong understanding of operating systems fundamentals (MacOS/Linux/Windows)

Nice To Haves

• Experience with ZTNA platforms (Cloudflare Access, Zscaler Private Access, Tailscale, or similar) and the operational patterns around replacing VPN with identity-aware access
• Hands-on use of AI coding assistants (Copilot, Claude, Cursor, or similar) to increase velocity
• Experience governing AI/ML service identities or securing LLM API integrations
• Familiarity with PAM solutions such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged Access
• Okta Certified Administrator, Okta Certified Consultant, or equivalent certification

Responsibilities

• Drive the organization's zero trust strategy end to end — treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions rather than one-time gates
• Design and maintain least-privilege access patterns, Just-in-Time (JIT) access, and Privileged Access Management (PAM) controls
• Deploy, configure, and maintain MDM infrastructure for the macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisions
• Enforce SSO-required policies, review and restrict OAuth scopes, and audit third-party integration access
• Build processes and tooling to detect shadow IT, unauthorized OAuth app grants, and SaaS tools that bypass identity controls
• Evaluate and deploy AI-native security tooling where it demonstrably reduces analyst burden or closes coverage gaps faster than traditional approaches
• Define and enforce security standards for AI agent and LLM service identities — including scoped API keys, short-lived credentials, and workload identity federation
• Develop and enforce CIS/NIST-aligned configuration baselines
• Meaningfully reduce manual toil through automation and, where applicable, AI-assisted tooling

Benefits

• Flexible hybrid work arrangement