Talent.com
Security engineer, enterprise security

Security engineer, enterprise security

WriterSan Francisco, CA, US
job_description.job_card.variable_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description
  • About this role

    • WRITER is looking for an Enterprise Security Engineer to help secure our corporate infrastructure and protect our workforce.

    At WRITER, we believe strong security shouldnt slow business down it should empower it. Youll be responsible for architecting identity management solutions, implementing zero trust frameworks, and building automated security systems that scale as we grow. Your work will directly enable our teams to move fast while maintaining a rock-solid security posture.

    As an Enterprise Security Engineer, youll lead hands-on implementation of enterprise security measures across identity, endpoint, device, and SaaS environments. Youll collaborate closely with Cloud / Infrastructure, GRC, Detection & Response, and Software Security Engineering to create seamless, secure, and scalable systems for our people and tools.

    If youre passionate about blending practical security engineering with business enablement, wed love to hear from you.

    Role Boundaries & Collaboration

    What You Own (Responsible)

    Employee identity management (SSO, MFA, IGA, PAM)

    Endpoint protection (EDR, AV, DLP)

    Device trust and endpoint zero trust

    Mobile device management (MDM)

    SaaS application security

    Vendor / partner access management

    What You Don't Own (Others Lead)

    Infrastructure / service identity (Cloud / Infrastructure owns)

    Customer identity (Software Security Engineering owns)

    Network zero trust (Cloud / Infrastructure owns)

    Third-party risk program leadership (GRC owns, you implement technical controls)

    Key Partnerships

    With Cloud / Infrastructure : You manage human identity; they manage machine identity

    With GRC : They define vendor risk requirements; you implement technical assessments

    With Detection & Response : You deploy endpoint tools; they monitor for threats

    With Software Security Engineering : Clear separation at employee vs. customer identity boundary

    • Your responsibilities

      • Employee Identity & Access Management

      Automate IAM processes to remove manual bottlenecks in user lifecycle management (onboarding ? offboarding)

      Design and implement enterprise-wide identity and authentication solutions

      Deploy IGA, PAM, and cloud-native IAM platforms

      Partner with engineering teams on provisioning, access termination, and entitlement management

      Own all human / employee identities (service / machine identity managed by Cloud / Infrastructure)

      Endpoint & Device Security

      Build and maintain endpoint security architecture and strategy

      Deploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security tools

      Implement device hardening and automated compliance checks

      Investigate endpoint security incidents and build systems that strengthen identity, DLP, and device security

      Own endpoint security tools; Detection & Response uses your tools for monitoring

      Mobile Device Management (MDM)

      Design and operate MDM for iOS, Android, and corporate-owned devices

      Create compliance policies and automated enforcement

      Integrate MDM with conditional access and zero trust

      Manage BYOD programs with balanced security / privacy controls

      Automate provisioning, configuration, and device retirement

      SaaS & Third-Party Security

      Evaluate and secure third-party SaaS applications

      Conduct technical security assessments of SaaS vendors

      Implement enterprise SaaS security strategies

      Partner with GRC on vendor risk requirements while you own technical controls

      Endpoint Zero Trust Implementation

      Deploy endpoint / user-focused Zero Trust security frameworks

      Implement device trust, continuous verification, and user behavior analytics

      Create conditional access policies based on device health and user risk

      Automation & Operations

      Automate security processes with Python, PowerShell, or similar

      Maintain runbooks and automation for security reviews

      Support and troubleshoot IAM systems across platforms

      Drive data-informed prioritization for security initiatives

    • Is this you?

      • Required Experience

      8+ years in enterprise security engineering (IAM & endpoint protection focus)

      5+ years implementing identity solutions at scale (1,000+ users)

      Proven track record of automation with measurable process improvements

      Deep expertise with Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArk

      Strong scripting skills (Python, PowerShell)

      Technical Expertise

      Expert in SAML, OAuth, OIDC

      Skilled with EDR platforms, MDM solutions (Jamf, Intune, Workspace ONE, MobileIron)

      Experience with DLP, insider threat programs, and endpoint / user zero trust

      Familiarity with SOC2, ISO 27001, GDPR, HIPAA

      Execution & Impact

      History of cutting manual processes by 50%+ through automation

      Proven ability to improve MTTR for access-related incidents

      Experience driving security initiatives that accelerate business growth

      Preferred Qualifications

      Experience securing AI / ML development environments

      Background in browser security & secure web gateway implementation

      Knowledge of container / Kubernetes security

      Contributions to open-source security projects

      Experience with SOAR platforms

    • Benefits & perks (US Full-time employees)

      • Generous PTO, plus company holidays

      Medical, dental, and vision coverage for you and your family

      Paid parental leave for all parents (12 weeks)

      Fertility and family planning support

      Early-detection cancer testing through Galleri

      Flexible spending account and dependent FSA options

      Health savings account for eligible plans with company contribution

      Annual work-life stipends for :

      Home office setup, cell phone, internet

      Wellness stipend for gym, massage / chiropractor, personal training, etc.

      Learning and development stipend

      Company-wide off-sites and team off-sites

      Competitive compensation, company stock options and 401k

      WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

      By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice .

    serp_jobs.job_alerts.create_a_job

    Security Engineer • San Francisco, CA, US