Senior/Staff Enterprise Security Engineer

About The Position

Requirements

• Experience: 5 to 7+ years of progressive experience in an Enterprise/Corporate Security Engineering role.
• Coding/Automation: Proven hands-on experience developing security automation solutions with Python or similar high-level languages.
• IAM Deep Dive: Expert-level knowledge of IAM concepts, protocols (SAML, OAuth), and hands-on experience with at least IAM in Google Workspace. Additional experience with other IAM platforms is a big plus.
• Endpoint Expertise: Strong experience deploying and managing modern Endpoint Protection (EDR) and MDM solutions in a large corporate environment.
• Networking: Deep understanding of networking and security protocols (TCP/IP, DNS, TLS/SSL, VPN, Firewalls) and how to secure hybrid environments.
• Cross-Functional Skills: Demonstrated ability to lead complex projects, mentor junior staff, and communicate security risks and solutions effectively to both technical and non-technical stakeholders.

Nice To Haves

• AI Security: Deep understanding of the security of AI models, agents, and associated infrastructure and systems.
• Automation: Experience working with a Security Orchestration, Automation, and Response (SOAR) platform (e.g., Google, Tines, Splunk, Phantom, Cortex XSOAR, etc.).
• Cloud Environments: Deep expertise with security cloud platforms (Primarily GCP, but AWS and Azure are a big plus).
• Access Controls: Deep expertise designing and implementing RBAC, ABAC, NACLs, etc.
• Penetration Testing: Experience performing hands-on penetration tests against SaaS vendors, custom applications, etc.

Responsibilities

• Identity & Access Management (IAM) and SaaS Security
• IAM Architecture: Architect and implement enterprise-wide Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions.
• Federation & SSO: Own the implementation and maintenance of authentication standards, including Single Sign-On (SSO), phishing resistant Multi-Factor Authentication (MFA), and identity federation protocols (SAML, OIDC, OAuth2).
• SaaS Security Posture: Design and enforce security policies for critical SaaS applications using tools like SSPM (SaaS Security Posture Management) to ensure secure configurations and access controls.
• Lifecycle Management: Develop and automate the full identity lifecycle (joiner, mover, leaver) process, leveraging SCIM and other APIs for streamlined user provisioning and de-provisioning.
• Security Automation and Tooling
• Automation Strategy: Lead the development of the security automation roadmap for Enterprise Security, identifying key areas for efficiency gains.
• Build & Integrate: Design and build custom automation scripts and integrations using languages like Python to connect security tools (SIEM, EDR, IAM, Ticketing).
• Policy Enforcement: Utilize Infrastructure as Code (IaC) tools (e.g., Terraform) to manage the secure configuration of enterprise tools and enforce security policies at scale across code repos, MDM, and cloud environments.
• Endpoint, Network, and Email Security
• Endpoint Protection: Engineer, deploy, and manage our Endpoint Detection and Response (EDR) and Mobile Device Management (MDM) platforms to ensure full coverage, policy compliance, and timely incident response across a fleet of various operating systems (Primarily MacOS).
• Network Security Controls: Design, configure, and maintain enterprise network security controls, including next-generation firewalls, secure web gateways, VPNs, and micro-segmentation strategies.
• Email Security: Own and optimize the email security stack, DMARC/DKIM/SPF enforcement, and anti-phishing controls to mitigate social engineering attacks.
• Zero Trust Architecture: Drive the technical implementation of the company's Zero Trust architecture across corporate networks, systems, and endpoints.
• Leadership and Partnership
• Technical Leadership: Act as an escalation point for complex security events and technical issues within the Enterprise Security domain, performing root cause analysis and leading remediation efforts.
• Compliance & Audit Support: Ensure the security capabilities meet compliance and regulatory requirements (e.g. FedRAMP Moderate, SOC 2), providing technical evidence and documentation for audits. Be a strong partner for the Security and Privacy Compliance Team.
• Information Technology Partner: Work closely with the Information Technology Team to ensure security is integrated into the lifecycle of designing, implementing, and maintaining technology across the company.

Benefits

• Generous Time Off: 13 paid holidays, flexible PTO for salaried employees, and accrued time off for hourly employees.
• Comprehensive Health Plans: Medical, Dental, and Vision plans for all full-time employees. Abridge covers 100% of the premium for you and 75% for dependents. If you choose a HSA-eligible plan, Abridge also makes monthly contributions to your HSA.
• Paid Parental Leave: 16 weeks paid parental leave for all full-time employees.
• 401k and Matching: Contribution matching to help invest in your future.
• Pre-tax Benefits: Access to Flexible Spending Accounts (FSA) and Commuter Benefits.
• Learning and Development Budget: Yearly contributions for coaching, courses, workshops, conferences, and more.
• Sabbatical Leave: 30 days of paid Sabbatical Leave after 5 years of employment.
• Compensation and Equity: Competitive compensation and equity grants for full time employees.
• ... and much more!