Staff Corporate Security Engineer

About The Position

Requirements

• 8+ years of experience designing and implementing Zero Trust, SASE, and modern identity-based security architectures
• Strong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and Slack
• Experience implementing device trust, endpoint security, and hardware-backed identity solutions
• Strong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patterns
• Knowledge of email security, phishing mitigation, and session security controls
• Experience identifying and mitigating application-layer vulnerabilities such as IDOR and privilege escalation risks
• Familiarity with emerging AI security challenges, including governance of agent-based systems and secure orchestration patterns
• Strong architectural mindset with the ability to design preventative, scalable security systems
• Excellent communication skills and ability to influence security decisions across engineering and business teams

Nice To Haves

• Experience implementing CASB platforms and enterprise DLP solutions at scale
• Familiarity with Model Context Protocol (MCP) or similar AI orchestration frameworks
• Experience building “Secure by Default” environments in high-growth organizations
• Background in cloud-native or AI infrastructure environment.

Responsibilities

• Leading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity-aware, perimeter-less access models
• Architecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensions
• Implementing Binary Authorization and device trust mechanisms, leveraging hardware-backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systems
• Designing and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual property
• Strengthening email security posture, including MFA enforcement and session controls to mitigate phishing and session hijacking risks
• Architecting AI-native security frameworks, including governance and secure gateways for agent-based systems (e.g., MCP), ensuring all AI-driven actions are auditable and aligned with zero-trust principles
• Scaling identity and access management systems, including SSO, SAML, OAuth, SCIM, and designing Just-In-Time (JIT) access workflows to eliminate standing privileges
• Defining and executing a “Crown Jewels” security methodology, identifying and remediating high-risk vulnerabilities (e.g., IDOR, role-bypass) across critical systems

Benefits

• Competitive compensation and equity packages
• Restricted Stock Units
• Paid time off, paid holidays & leave of absence programs
• Comprehensive health, dental & vision insurance
• Employer contributions to HSA account
• Paid parental leave
• Paid life insurance, short-term and long-term disability
• Professional development & tuition reimbursement
• Mental health & wellness support
• Commuter benefits (parking & transit)
• Cell phone stipend
• 401(k) Retirement plan with company match up to 4% of salary
• Volunteer time off
• Global travel insurance & emergency assistance
• Daily meals allowance
• Additional perks & programs specific to location