Job Description
Job DescriptionSenior Security Engineer
San Mateo, CA (Hybrid, 3 days onsite)
About the Role
This role is responsible for enterprise security across endpoints, identity, cloud services, and SaaS applications for a globally distributed team. You will work directly with IT and Engineering, using AI-powered tooling to move quickly and operate at scale.
This is a highly hands-on role focused on building automated, scalable security controls that support a modern SaaS environment without slowing the business down.
What You Will Do
- Harden a global MacOS fleet using EDR, NGAV, and MDM, enforcing patching cadences and security baselines at scale
- Build and enforce IAM policies including SSO, MFA, SCIM, and least-privilege access with automated provisioning and deprovisioning
- Secure Google Workspace and the broader SaaS environment through DLP controls and logging pipelines that highlight real data exposure risk
- Administer and improve VPN and zero trust remote access infrastructure for a distributed workforce
- Develop AI-assisted detection and response workflows to automate alert triage, incident timelines, and reporting
- Embed security into Engineering and IT workflows so it is part of how systems are built and shipped, not just audited
- Monitor the threat landscape and translate attacker techniques into actionable detections
- Build internal security tooling, dashboards, and automation pipelines where off-the-shelf solutions fall short
What We Are Looking For
- Ability to automate repetitive security tasks using Python or Bash as a core part of your workflow
- Experience building controls that scale without constant manual oversight, particularly in SaaS-heavy environments
- Strong understanding of attacker techniques and the ability to design detections that identify real threats
- Experience building or using AI-assisted workflows to improve threat detection, alert triage, or reporting
- Ability to maintain a secure-by-default mindset while enabling engineering velocity
- Strong communication skills with the ability to explain risk trade-offs to engineers and business stakeholders
Required Qualifications
- 4+ years of hands-on enterprise security experience, with strong depth in endpoint security across MacOS environments using EDR, NGAV, and MDM
- Experience with VPN and zero trust network access platforms
- Working knowledge of modern email security including SPF, DKIM, and DMARC
- Proven experience securing SaaS platforms with preventive and detective controls including DLP and logging pipelines
- Scripting proficiency in Python preferred, or Bash, used for automation and tooling
- Experience owning or contributing to a risk-based security roadmap tied to business exposure
- Deep familiarity with adversary tactics using frameworks such as MITRE ATT and hands-on experience building detection and response strategies
Additional Context
- Mac-heavy, bring-your-own-device environment with multiple endpoints per user
- Strong focus on automation, monitoring, and logging
- Opportunity to build AI-driven security workflows and agents
- Senior-level role with high ownership and autonomy
- Collaborative, fast-paced, and globally distributed team