Senior Security Engineer, Enterprise Security

About The Position

Requirements

• 5+ years of experience in enterprise security, identity and access management, or closely related security engineering roles.
• Strong, practical understanding of modern IAM concepts: SSO, federation, RBAC/ABAC, JIT access, least privilege, and separation of duties.
• Hands-on experience implementing and operating SSO and workforce identity with platforms such as Okta, Entra ID, or equivalent IdPs.
• Deep familiarity with SAML, OAuth 2.0/OIDC, and SCIM, including real-world experience integrating these protocols with third-party SaaS and internal apps.
• Demonstrated experience designing and rolling out MFA, ideally including phishing-resistant approaches (FIDO2/WebAuthn, hardware security keys, device-bound authenticators, step-up authentication).
• Experience designing and deploying zero trust or context-aware access controls (e.g., device trust, network segmentation, mTLS, ZTNA) in hybrid or remote-friendly environments.
• Proficiency in at least one modern scripting or programming language (e.g., Python, Go) used to build automations, integrations, or internal tooling.
• Experience securing and integrating business-critical SaaS (e.g., Google Workspace, Microsoft 365, Slack, Atlassian, HRIS, ticketing) including SCIM provisioning, access reviews, and audit log ingestion.
• Familiarity with MDM and endpoint security tooling (e.g., Jamf, Intune, EDR platforms) and how they tie into identity and access decisions.
• Exposure to SIEM/detection ecosystems (e.g., Elastic) and experience collaborating with detection & response teams on identity/endpoint/SaaS detections.
• A track record of owning cross-functional projects from design through adoption, with an emphasis on measurable risk reduction and user experience.

Nice To Haves

• Experience working in high-growth or hyperscale environments where security must keep pace with rapid headcount and tooling expansion.
• Hands-on experience with zero trust network access or secure access products (e.g., ZTNA, secure web gateways, or identity-aware proxies).
• Familiarity with enterprise security standards and frameworks (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.
• Experience with SaaS security posture management (SSPM), CASB, DLP, or insider risk tooling focused on collaboration platforms and data access.
• Experience building or contributing to internal security tooling (e.g., access review automation, JML workflows, policy-as-code).
• Participation in security communities, standards groups, or open-source contributions in IAM, zero trust, or enterprise security.

Responsibilities

• Engineer modern identity and access controls
• Design, implement, and operate workforce identity solutions (e.g., Okta/Entra and other IdPs) including SSO, MFA, conditional access, and lifecycle automation via SCIM.
• Develop and roll out phishing-resistant MFA for high-value accounts and critical access paths (e.g., FIDO2/WebAuthn, hardware keys, device-bound authenticators).
• Define and maintain RBAC/IAM patterns for enterprise applications (role models, groups, entitlements, JIT access, and approvals).
• Implement zero trust for workforce and enterprise access
• Design and deploy controls that combine user identity, device posture, network context, and application sensitivity to enforce least-privilege access.
• Partner with Network and Infrastructure teams to integrate mTLS, service identity, and policy-based access into internal services and admin interfaces.
• Help transition from legacy perimeter models to zero trust network access (ZTNA) patterns for employees, contractors, and third parties.
• Secure SaaS and collaboration platforms
• Evaluate, onboard, and harden SaaS applications (Google Workspace, Microsoft 365, Slack, HRIS, ticketing, and other business apps) to align with enterprise security policies.
• Implement and tune controls such as SCIM provisioning, data access policies, DLP, sharing controls, and audit logging across the SaaS estate.
• Partner with business and IT owners to ensure new SaaS applications meet baseline security standards before adoption.
• Harden endpoints and the extended workforce
• Collaborate with Endpoint/IT teams to define and enforce baseline configurations for laptops, workstations, and other managed devices via MDM and EDR.
• Design secure patterns for contractor and vendor access, including device requirements, identity separation, and time-bound access.
• Support investigations and incident response related to identity, endpoint, and SaaS domains.
• Automate and instrument everything you can
• Build automation and self-service experiences for access requests, approvals, access reviews, and break-glass workflows.
• Develop integrations between IdPs, HRIS, ticketing, and other systems to minimize manual toil and reduce identity-related error rates.
• Define and instrument metrics for enterprise security (e.g., MFA coverage, zero trust policy enforcement, joiner/mover/leaver SLA adherence, SaaS posture).
• Partner on detection, response, and governance
• Work with Security Operations and SIEM teams to ensure robust visibility into identity, device, and SaaS activity, and to build high-signal detections.
• Contribute to policies, standards, and reference architectures that encode enterprise security expectations.
• Author clear documentation and runbooks that make it easy for teams to consume and operate the controls you build.

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption