Security Engineer

About The Position

Requirements

• Experience with enterprise identity controls and solutions, including delivering outcomes that use Entra ID/AD, Okta, and SailPoint (or equivalents)
• Strong understanding of core Zero Trust principles, the least privilege and continuous verification models, and incorporating those into the enterprise
• SaaS posture skills for securing large SaaS tenants (M365, Slack, GitHub, Workday, Google), including security Authn and Authz for all identities accessing SaaS tenants
• Influence and collaborate with key partners in IT and other security teams. Work together to develop security outcomes that reduce risk and require creative problem solving.
• Excellent written and verbal communication skills, including communicating complex problems and solutions to business leaders and technical specialists
• Ability to deliver measurable outcomes in a technical environment that align with long term goals
• Active team participation and an inquisitive mind passionate about delivering creative solutions and working collaboratively
• ~5+ years relevant experience
• Bachelor’s required or equivalent experience

Nice To Haves

• Engineering familiarity with secure access control solutions (e.g. Teleport, Vault), secrets management, and CI/CD solutions and their customers.
• Scripting/automation knowledge (e.g., Python, PowerShell) and infrastructure‑as‑code (e.g., Terraform) for policy and pipeline automation.
• Exposure to service identity frameworks (e.g., SPIFFE/SPIRE) and workload identity patterns.

Responsibilities

• Engineer Zero‑Trust access controls for workforce and service identities.
• Develop and implement pipelines using RBAC and ABAC standards.
• Include device and posture checks and risk‑adaptive policies for critical services and high-risk scenarios.
• Harden privileged access: migrate administrators to right‑size entitlements and eliminate long‑lived elevated access across prioritized platforms (e.g., Entra ID, Privileged Access Management).
• Participate in tool POCs and deployments for SaaS security posture monitoring.
• Define baselines for M365, Slack, GitHub, Workday, and Google.
• Build remediation runbooks and posture success measurements.
• Instrument identity metrics collection and tracking by standardizing log schemas for authentication, authorization, and entitlement changes.
• Publish dashboards showing privilege drift, misconfigurations, and access sprawl.
• Coordinate risky events with security alert procedures.
• Contribute and drive architecture & standards: author implementation guides and reference architecture that supports a multi‑year strategy passionate about measuring risk reduction over time. Inclusive of new technologies and risks.