Security engineer, enterprise security

About this role

WRITER is looking for an Enterprise Security Engineer to help secure our corporate infrastructure and protect our workforce.

At WRITER, we believe strong security shouldn’t slow business down — it should empower it. You’ll be responsible for architecting identity management solutions, implementing zero trust frameworks, and building automated security systems that scale as we grow. Your work will directly enable our teams to move fast while maintaining a rock-solid security posture.

As an Enterprise Security Engineer, you’ll lead hands-on implementation of enterprise security measures across identity, endpoint, device, and SaaS environments. You’ll collaborate closely with Cloud / Infrastructure, GRC, Detection & Response, and Software Security Engineering to create seamless, secure, and scalable systems for our people and tools.

If you’re passionate about blending practical security engineering with business enablement, we’d love to hear from you.

Role Boundaries & Collaboration

What You Own (Responsible)

Employee identity management (SSO, MFA, IGA, PAM)

Endpoint protection (EDR, AV, DLP)

Device trust and endpoint zero trust

Mobile device management (MDM)

SaaS application security

Vendor / partner access management

What You Don't Own (Others Lead)

Infrastructure / service identity (Cloud / Infrastructure owns)

Customer identity (Software Security Engineering owns)

Network zero trust (Cloud / Infrastructure owns)

Third-party risk program leadership (GRC owns, you implement technical controls)

Key Partnerships

With Cloud / Infrastructure : You manage human identity; they manage machine identity

With GRC : They define vendor risk requirements; you implement technical assessments

With Detection & Response : You deploy endpoint tools; they monitor for threats

With Software Security Engineering : Clear separation at employee vs. customer identity boundary

• Your responsibilities

Employee Identity & Access Management

Automate IAM processes to remove manual bottlenecks in user lifecycle management (onboarding → offboarding)

Design and implement enterprise-wide identity and authentication solutions

Deploy IGA, PAM, and cloud-native IAM platforms

Partner with engineering teams on provisioning, access termination, and entitlement management

Own all human / employee identities (service / machine identity managed by Cloud / Infrastructure)

Endpoint & Device Security

Build and maintain endpoint security architecture and strategy

Deploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security tools

Implement device hardening and automated compliance checks

Investigate endpoint security incidents and build systems that strengthen identity, DLP, and device security

Own endpoint security tools; Detection & Response uses your tools for monitoring

Mobile Device Management (MDM)

Design and operate MDM for iOS, Android, and corporate-owned devices

Create compliance policies and automated enforcement

Integrate MDM with conditional access and zero trust

Manage BYOD programs with balanced security / privacy controls

Automate provisioning, configuration, and device retirement

SaaS & Third-Party Security

Evaluate and secure third-party SaaS applications

Conduct technical security assessments of SaaS vendors

Implement enterprise SaaS security strategies

Partner with GRC on vendor risk requirements while you own technical controls

Endpoint Zero Trust Implementation

Deploy endpoint / user-focused Zero Trust security frameworks

Implement device trust, continuous verification, and user behavior analytics

Create conditional access policies based on device health and user risk

Automation & Operations

Automate security processes with Python, PowerShell, or similar

Maintain runbooks and automation for security reviews

Support and troubleshoot IAM systems across platforms

Drive data-informed prioritization for security initiatives

Is this you?

Required Experience

8+ years in enterprise security engineering (IAM & endpoint protection focus)

5+ years implementing identity solutions at scale (1,000+ users)

Proven track record of automation with measurable process improvements

Deep expertise with Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArk

Strong scripting skills (Python, PowerShell)

Technical Expertise

Expert in SAML, OAuth, OIDC

Skilled with EDR platforms, MDM solutions (Jamf, Intune, Workspace ONE, MobileIron)

Experience with DLP, insider threat programs, and endpoint / user zero trust

Familiarity with SOC2, ISO 27001, GDPR, HIPAA

Execution & Impact

History of cutting manual processes by 50%+ through automation

Proven ability to improve MTTR for access-related incidents

Experience driving security initiatives that accelerate business growth

Preferred Qualifications

Experience securing AI / ML development environments

Background in browser security & secure web gateway implementation

Knowledge of container / Kubernetes security

Contributions to open-source security projects

Experience with SOAR platforms

Benefits & perks (US Full-time employees)

Generous PTO, plus company holidays

Medical, dental, and vision coverage for you and your family

Paid parental leave for all parents (12 weeks)

Fertility and family planning support

Early-detection cancer testing through Galleri

Flexible spending account and dependent FSA options

Health savings account for eligible plans with company contribution

Annual work-life stipends for :

Home office setup, cell phone, internet

Wellness stipend for gym, massage / chiropractor, personal training, etc.

Learning and development stipend

Company-wide off-sites and team off-sites

Competitive compensation, company stock options and 401k

WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice .

J-18808-Ljbffr