Security Engineer, Corporate Security
Fixed Frames · San Francisco, CA · 2 days ago
On-siteInformation Technology$200k–$220k/yrFull-time
About the role
Multifaceted security engineer position focusing on identity, endpoints, SaaS, and workforce infrastructure. Responsibilities include securing identity and access management, endpoint security, AI tool usage, and SaaS risk reduction. Partner with Detection & Response for incident response and audits.
Responsibilities
- Harden identity and access management stack with phishing-resistant MFA, strong SSO, and least-privilege access.
- Operate endpoint security program across macOS, Windows, and ChromeOS fleets, including MDM, EDR, and configuration baselines.
- Secure AI tool usage, detect and prevent unauthorized AI service access, and data exfiltration.
- Reduce SaaS risk at scale using SSPM tooling and custom automation.
- Write Python or Bash scripts and Terraform for access reviews, onboarding/offboarding, configuration drift detection, and audit evidence collection.
- Support SOC 2, ISO 27001, and customer audits through good engineering practices.
- Partner with Detection & Response for investigation and response to security incidents.
Requirements
- 5+ years of hands-on experience in corporate security, enterprise security, or IT security engineering at a cloud-native company.
- Working knowledge of a major identity provider (Okta, Entra, or Google Workspace) and the underlying protocols (SAML, OIDC, OAuth 2.0, SCIM).
- Hands-on experience operating endpoint management and detection tooling across macOS and enterprise environments.
- Write production-quality scripts and automation in Python or Bash, and have shipped Terraform or other infrastructure-as-code for security configuration.
- Familiarity with SaaS security risks (OAuth governance, audit logging, SSPM) and the realities of integrating a long tail of vendors.
- Experience with at least one major cloud platform (AWS, GCP, or Azure) at the security configuration level.
- Communicate clearly in writing and work effectively across IT, Engineering, Legal, People, and GRC.
Skills
- Have 5+ years of hands-on experience in corporate security, enterprise security, or IT security engineering at a cloud-native company.
- Have working knowledge of a major identity provider (Okta, Entra, or Google Workspace) and the underlying protocols (SAML, OIDC, OAuth 2.0, SCIM).
- Have hands-on experience operating endpoint management and detection tooling across macOS and enterprise environments.
- Write production-quality scripts and automation in Python or Bash, and have shipped Terraform or other infrastructure-as-code for security configuration.
- Be familiar with SaaS security risks (OAuth governance, audit logging, SSPM) and the realities of integrating a long tail of vendors.
- Have experience with at least one major cloud platform (AWS, GCP, or Azure) at the security configuration level.
- Communicate clearly in writing and work effectively across IT, Engineering, Legal, People, and GRC.
Nice to haves
- Experience at a fast-growing tech or AI company where the security program had to outpace headcount.
- A background in IT engineering, SRE, or production engineering that transitioned into security engineering.
- Experience building internal security tooling or workflows that improved employee or developer experience.
- Contributions to the security community through open-source tools, blog posts, or conference talks.