Security Engineer, Corporate Security

About The Position

Requirements

• Hands-on Corporate Security Engineer role focused on building scalable controls and automation across identity, endpoints, SaaS, and workforce infrastructure.
• Own and evolve core security controls.
• Design systems and automation that scale with the company.
• Partner closely with IT, Infrastructure, GRC, and Detection & Response.
• Experience with Okta and Google Workspace.
• Experience with macOS, Windows, and ChromeOS endpoint security (MDM, EDR, configuration baselines).
• Experience securing AI tool usage at the endpoint, including governance of large language models, AI agents, and model context protocol (MCP) integrations.
• Experience with SSPM tooling and custom automation for SaaS risk reduction.
• Proficiency in Python and Terraform for automation.
• Experience partnering with Detection & Response teams.
• Experience supporting SOC 2 and ISO 27001 audits.
• Experience with investigation and response for corporate security incidents.

Nice To Haves

• Experience at a fast-growing tech or AI company where the security program had to outpace headcount.
• A background in IT engineering, SRE, or production engineering that transitioned into security engineering.
• Experience building internal security tooling or workflows that improved employee or developer experience.
• Contributions to the security community through open-source tools, blog posts, or conference talks.

Responsibilities

• Harden our identity and access management stack, including Okta and Google Workspace, with phishing-resistant MFA, strong SSO and SCIM lifecycles, and least-privilege access across SaaS.
• Run our endpoint security program across a macOS-first fleet, including MDM, EDR, and configuration baselines, with working coverage for Windows and ChromeOS.
• Secure AI tool usage at the endpoint, including governance of large language models, AI agents, and model context protocol (MCP) integrations; detect and prevent unauthorized or risky AI service access and data exfiltration through AI-enabled tools.
• Reduce SaaS risk at scale through SSPM tooling and custom automation, including detection of risky OAuth grants, excessive permissions, shadow IT, and configuration drift.
• Write code (Python, Terraform) to automate access reviews, onboarding and offboarding, configuration drift detection, and audit evidence collection.
• Partner with Detection & Response to ensure corporate systems produce the telemetry needed to detect identity, endpoint, and SaaS abuse.
• Support SOC 2, ISO 27001, and customer audits as a byproduct of good engineering, not a separate workstream.
• Partner with Detection & Response on investigation and response for corporate security incidents, including phishing, account compromise, lost devices, and BEC.

Benefits

• Highly competitive cash compensation
• Equity
• Benefits