Information Security Engineer
Keeper Security, Inc. · El Dorado Hills, CA · 3 wk ago
RemoteRemoteEngineeringFull-time
About the role
Join one of the fastest-growing cybersecurity companies and play a critical part in advancing Keeper’s AI-driven threat detection capabilities for our Privileged Access Management (PAM) platform.
Responsibilities
- Support and execute security incident response activities, including triage, investigation support, containment coordination, lessons learned, and corrective action tracking
- Develop and maintain incident response playbooks, runbooks, and escalation paths; participate in and help run tabletop exercises
- Operate and improve enterprise security controls and tooling (e.g., endpoint protection/EDR, SaaS security controls, email security, access control workflows), ensuring reliable configuration and ongoing effectiveness
- Partner with Observability Engineering to ensure security-relevant telemetry is available for investigations and response (without owning SIEM/telemetry platform administration)
- Cook with Vulnerability Management to drive remediation execution, validate fixes where appropriate, and reduce repeat findings through hardening and control improvements
- Cook with security investigations with DevOps, IT, and Engineering teams; track actions through to closure and document outcomes
- Create and maintain security documentation for processes, controls, and operational procedures to enable consistency across teams and geographies
- Aid with security control evidence and operational readiness activities for compliance frameworks (e.g., SOC 2, ISO 27001, FedRAMP/GovRAMP, NIST 800-53) in partnership with Compliance and platform teams
- Identify opportunities for automation to improve security operations efficiency (ticketing workflows, control checks, integrations, scripting)
Requirements
- 5+ years of experience in Information Security, Security Engineering, or Security Operations roles within a SaaS or cloud-centric environment
- Hands-on experience supporting incident response and investigations, including building/using runbooks and participating in post-incident reviews
- Experience implementing and operating security controls and security tooling across endpoints, SaaS applications, and cloud environments
- Working knowledge of cloud security fundamentals (AWS, Azure, or GCP), identity/access concepts (SSO, MFA, RBAC), and modern security best practices
- Ability to collaborate effectively with technical teams (DevOps, Engineering, Observability, AppSec) to drive remediation and measurable risk reduction
- Familiarity with vulnerability and risk concepts (CVEs, prioritization, remediation tracking), even if not the program owner
- Strong documentation habits and an operational mindset (clear processes, repeatability, auditability)
Preferred Qualifications
- Experience in compliance-driven environments (FedRAMP, GovRAMP, SOC 2, ISO 27001, NIST 800-53) and supporting evidence collection/operational readiness
- Experience with EDR, email security, and/or SaaS security controls (tooling specifics vary)
- Experience with identity security workflows (access reviews, privileged access processes, conditional access patterns)
- Scripting/automation experience (Python, Bash, PowerShell) and comfort integrating systems via APIs
- Exposure to detection engineering, threat intelligence workflows, or SOAR-style automation (without needing to be the SIEM/platform owner)