Security engineer, enterprise security

About this roleWRITER is looking for an Enterprise Security Engineer to help secure our corporate infrastructure and protect our workforce.At WRITER, we believe strong security shouldn’t slow business down — it should empower it. You’ll be responsible for architecting identity management solutions, implementing zero trust frameworks, and building automated security systems that scale as we grow. Your work will directly enable our teams to move fast while maintaining a rock-solid security posture.As an Enterprise Security Engineer, you’ll lead hands-on implementation of enterprise security measures across identity, endpoint, device, and SaaS environments. You’ll collaborate closely with Cloud/Infrastructure, GRC, Detection & Response, and Software Security Engineering to create seamless, secure, and scalable systems for our people and tools.If you’re passionate about blending practical security engineering with business enablement, we’d love to hear from you.Role Boundaries & CollaborationWhat You Own (Responsible)Employee identity management (SSO, MFA, IGA, PAM)Endpoint protection (EDR, AV, DLP)Device trust and endpoint zero trustMobile device management (MDM)SaaS application securityVendor/partner access managementWhat You Don't Own (Others Lead)Infrastructure/service identity (Cloud/Infrastructure owns)Customer identity (Software Security Engineering owns)Network zero trust (Cloud/Infrastructure owns)Third-party risk program leadership (GRC owns, you implement technical controls)Key PartnershipsWith Cloud/Infrastructure: You manage human identity; they manage machine identityWith GRC: They define vendor risk requirements; you implement technical assessmentsWith Detection & Response: You deploy endpoint tools; they monitor for threatsWith Software Security Engineering: Clear separation at employee vs. customer identity boundary????️ Your responsibilitiesEmployee Identity & Access ManagementAutomate IAM processes to remove manual bottlenecks in user lifecycle management (onboarding → offboarding)Design and implement enterprise-wide identity and authentication solutionsDeploy IGA, PAM, and cloud-native IAM platformsPartner with engineering teams on provisioning, access termination, and entitlement managementOwn all human/employee identities (service/machine identity managed by Cloud/Infrastructure)Endpoint & Device SecurityBuild and maintain endpoint security architecture and strategyDeploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security toolsImplement device hardening and automated compliance checksInvestigate endpoint security incidents and build systems that strengthen identity, DLP, and device securityOwn endpoint security tools; Detection & Response uses your tools for monitoringMobile Device Management (MDM)Design and operate MDM for iOS, Android, and corporate-owned devicesCreate compliance policies and automated enforcementIntegrate MDM with conditional access and zero trustManage BYOD programs with balanced security/privacy controlsAutomate provisioning, configuration, and device retirementSaaS & Third-Party SecurityEvaluate and secure third-party SaaS applicationsConduct technical security assessments of SaaS vendorsImplement enterprise SaaS security strategiesPartner with GRC on vendor risk requirements while you own technical controlsEndpoint Zero Trust ImplementationDeploy endpoint/user-focused Zero Trust security frameworksImplement device trust, continuous verification, and user behavior analyticsCreate conditional access policies based on device health and user riskAutomation & OperationsAutomate security processes with Python, PowerShell, or similarMaintain runbooks and automation for security reviewsSupport and troubleshoot IAM systems across platformsDrive data-informed prioritization for security initiatives️ Is this you?Required Experience8+ years in enterprise security engineering (IAM & endpoint protection focus)5+ years implementing identity solutions at scale (1,000+ users)Proven track record of automation with measurable process improvementsDeep expertise with Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArkStrong scripting skills (Python, PowerShell)Technical ExpertiseExpert in SAML, OAuth, OIDCSkilled with EDR platforms, MDM solutions (Jamf, Intune, Workspace ONE, MobileIron)Experience with DLP, insider threat programs, and endpoint/user zero trustFamiliarity with SOC2, ISO 27001, GDPR, HIPAAExecution & ImpactHistory of cutting manual processes by 50%+ through automationProven ability to improve MTTR for access-related incidentsExperience driving security initiatives that accelerate business growthPreferred QualificationsExperience securing AI/ML development environmentsBackground in browser security & secure web gateway implementationKnowledge of container/Kubernetes securityContributions to open-source security projectsExperience with SOAR platforms Benefits & perks (US Full-time employees)Generous PTO, plus company holidaysMedical, dental, and vision coverage for you and your familyPaid parental leave for all parents (12 weeks)Fertility and family planning supportEarly-detection cancer testing through GalleriFlexible spending account and dependent FSA optionsHealth savings account for eligible plans with company contributionAnnual work-life stipends for:Home office setup, cell phone, internetWellness stipend for gym, massage/chiropractor, personal training, etc.Learning and development stipendCompany-wide off-sites and team off-sitesCompetitive compensation, company stock options and 401kWRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice. #J-18808-Ljbffr

Created: 2025-09-17