Security Engineer

Adobe•San Jose, CA

About The Position

About the Team & Mission The team focuses on Identity Architecture & Solutions by crafting, building, and operationalizing scalable identity and SaaS security capabilities enterprise-wide. This technical role depends on members passionate about Identity & SaaS Security functions, identity architecture strategy, and encouraging teamwork. We collaborate as an organization to reduce identity-centric risk, with each member essential to delivering security value and outcomes. The Challenge Engineer Zero‑Trust access controls for workforce and service identities. Develop and implement pipelines using RBAC and ABAC standards. Include device and posture checks and risk‑adaptive policies for critical services and high-risk scenarios. Harden privileged access: migrate administrators to right‑size entitlements and eliminate long‑lived elevated access across prioritized platforms (e.g., Entra ID, Privileged Access Management). Participate in tool POCs and deployments for SaaS security posture monitoring. Define baselines for M365, Slack, GitHub, Workday, and Google. Build remediation runbooks and posture success measurements. Instrument identity metrics collection and tracking by standardizing log schemas for authentication, authorization, and entitlement changes. Publish dashboards showing privilege drift, misconfigurations, and access sprawl. Coordinate risky events with security alert procedures. Contribute and drive architecture & standards: author implementation guides and reference architecture that supports a multi‑year strategy passionate about measuring risk reduction over time. Inclusive of new technologies and risks. What is needed to succeed Experience with enterprise identity controls and solutions, including delivering outcomes that use Entra ID/AD, Okta, and SailPoint (or equivalents) Strong understanding of core Zero Trust principles, the least privilege and continuous verification models, and incorporating those into the enterprise SaaS posture skills for securing large SaaS tenants (M365, Slack, GitHub, Workday, Google), including security Authn and Authz for all identities accessing SaaS tenants Influence and collaborate with key partners in IT and other security teams. Work together to develop security outcomes that reduce risk and require creative problem solving. Excellent written and verbal communication skills, including communicating complex problems and solutions to business leaders and technical specialists Ability to deliver measurable outcomes in a technical environment that align with long term goals Active team participation and an inquisitive mind passionate about delivering creative solutions and working collaboratively

Requirements

Experience with enterprise identity controls and solutions, including delivering outcomes that use Entra ID/AD, Okta, and SailPoint (or equivalents)
Strong understanding of core Zero Trust principles, the least privilege and continuous verification models, and incorporating those into the enterprise SaaS posture skills for securing large SaaS tenants (M365, Slack, GitHub, Workday, Google), including security Authn and Authz for all identities accessing SaaS tenants
Influence and collaborate with key partners in IT and other security teams. Work together to develop security outcomes that reduce risk and require creative problem solving.
Excellent written and verbal communication skills, including communicating complex problems and solutions to business leaders and technical specialists
Ability to deliver measurable outcomes in a technical environment that align with long term goals
Active team participation and an inquisitive mind passionate about delivering creative solutions and working collaboratively
~5+ years relevant experience
Bachelor’s required or equivalent experience

Nice To Haves

Engineering familiarity with secure access control solutions (e.g. Teleport, Vault), secrets management, and CI/CD solutions and their customers.
Scripting/automation knowledge (e.g., Python, PowerShell) and infrastructure‑as‑code (e.g., Terraform) for policy and pipeline automation.
Exposure to service identity frameworks (e.g., SPIFFE/SPIRE) and workload identity patterns.

Responsibilities

Engineer Zero‑Trust access controls for workforce and service identities.
Develop and implement pipelines using RBAC and ABAC standards.
Include device and posture checks and risk‑adaptive policies for critical services and high-risk scenarios.
Harden privileged access: migrate administrators to right‑size entitlements and eliminate long‑lived elevated access across prioritized platforms (e.g., Entra ID, Privileged Access Management).
Participate in tool POCs and deployments for SaaS security posture monitoring.
Define baselines for M365, Slack, GitHub, Workday, and Google.
Build remediation runbooks and posture success measurements.
Instrument identity metrics collection and tracking by standardizing log schemas for authentication, authorization, and entitlement changes.
Publish dashboards showing privilege drift, misconfigurations, and access sprawl.
Coordinate risky events with security alert procedures.
Contribute and drive architecture & standards: author implementation guides and reference architecture that supports a multi‑year strategy passionate about measuring risk reduction over time. Inclusive of new technologies and risks.