Security Engineer, Enterprise Infrastructure, Level 3

About The Position

Requirements

• Experience designing, building, and maintaining corporate security controls, with depth in areas such as device posture management, endpoint agents/binary allowlisting, or SaaS application security
• Knowledge of operating system internals and hardening, with competency across two or more of the following: macOS, Windows, Linux, mobile (iOS/Android), IoT, or cloud environments (AWS, GCP)
• Understanding of corporate networking concepts and protocols (e.g., VPNs, firewalls, DNS, TLS, identity-aware networking) and their role in enforcing device and application security
• Experience conducting security design reviews and providing actionable mitigation guidance that balances business enablement with risk reduction
• Strong development or scripting skills (Python, Go, or equivalent) for building integrations, automating workflows, and scaling security platforms
• Bachelor of Science in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
• 1+ years of experience in the field of corporate or enterprise security, or other similar security engineering role

Nice To Haves

• Background evaluating and securely enabling emerging technologies, including AI tools and features, with a focus on upholding access control boundaries and data protection requirements
• Familiarity with securing lab, IoT, and ancillary systems, including applying hardening standards, monitoring, and access controls across heterogeneous environments
• Excellent verbal and written communication skills, with high attention to detail
• Work record of collaborating with internal and external stakeholders at all levels of a company

Responsibilities

• Build and maintain execution control tooling such as endpoint agents, binary allowlisting, and related enforcement systems while driving resilient device posture through configuration standards, hardening, and continuous validation across endpoints, BYOD, browsers, IoT, lab, network, and IT systems
• Architect and deploy device trust capabilities by defining and enforcing policies that validate device posture, health, and identity, ensuring only trusted devices can access internal and SaaS applications
• Secure corporate and SaaS applications, including Google Workspace, by establishing baseline configurations, enforcing access governance, managing browser policies, and ensuring secure communication and data sharing across collaboration platforms
• Build and operate enterprise vulnerability and risk management platforms, establishing patching and configuration standards, managing exceptions, and reducing attack surface across operating environments
• Design and operate secure networking and Zero Trust access controls, ensuring that device trust, identity, and network segmentation principles are consistently enforced across corporate and SaaS environments
• Partner with IT and identity platform teams to define security requirements for IAM, IDP, and SSO integrations, ensuring strong authentication, least-privilege access, and alignment with Zero Trust principles across corporate and SaaS environments
• Implement and enforce secure network architectures and firewall policies to protect on-premise infrastructure, maintaining resilient security across datacenters, PoP sites, and manufacturing environments
• Conduct security reviews and partner with cross-functional teams to evaluate new and existing systems, including AI tools and features, providing actionable mitigation guidance that upholds access control boundaries, protects sensitive data, and enables the business to move securely, while also managing exception handling and formal risk acceptance processes

Benefits

• paid parental leave
• comprehensive medical coverage
• emotional and mental health support programs
• compensation packages that let you share in Snap’s long-term success!