Enterprise Security Engineer at WRITER
Ready to build a world-class security program that empowers innovation? At WRITER, we're looking for an experienced Enterprise Security Engineer to help us secure our corporate infrastructure and protect our workforce. We believe security should be a business enabler, not a roadblock. If you're passionate about blending practical security engineering with business enablement, this is your chance to make a real impact.
As our Enterprise Security Engineer, you'll be at the forefront of designing, implementing, and automating security solutions across identity, endpoint, device, and SaaS environments. You'll collaborate with cross-functional teams, including Cloud/Infrastructure, GRC, Detection & Response, and Software Security Engineering, to create seamless, secure, and scalable systems for our people and tools. Think zero trust, automation, and cutting-edge security practices.
What You'll Own
Employee Identity Management: Secure SSO, MFA, IGA, and PAM systems.
Endpoint Protection: Implement and manage EDR, AV, and DLP solutions.
Device Trust & Zero Trust: Architect and implement device trust and endpoint zero trust frameworks.
Mobile Device Management (MDM): Manage security for iOS, Android, and corporate-owned devices.
SaaS Application Security: Evaluate and secure third-party SaaS applications.
Vendor/Partner Access Management: Securely manage access for external partners.
What You Won't Own (But Will Partner On)
Infrastructure/service identity (Cloud/Infrastructure owns)
Customer identity (Software Security Engineering owns)
Network zero trust (Cloud/Infrastructure owns)
Third-party risk program leadership (GRC owns, you implement technical controls)
Key Partnerships
Cloud/Infrastructure: You manage human identity; they manage machine identity.
GRC: They define vendor risk requirements; you implement technical assessments.
Detection & Response: You deploy endpoint tools; they monitor for threats.
Software Security Engineering: Clear separation at employee vs. customer identity boundary.
Your Mission: Key Responsibilities
Employee Identity & Access Management
Automate IAM processes to eliminate manual bottlenecks in user lifecycle management (onboarding → offboarding).
Design and implement enterprise-wide identity and authentication solutions.
Deploy IGA, PAM, and cloud-native IAM platforms.
Partner with engineering teams on provisioning, access termination, and entitlement management.
Own all human/employee identities (service/machine identity managed by Cloud/Infrastructure).
Endpoint & Device Security
Build and maintain endpoint security architecture and strategy.
Deploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security tools.
Implement device hardening and automated compliance checks.
Investigate endpoint security incidents and build systems that strengthen identity, DLP, and device security.
Own endpoint security tools; Detection & Response uses your tools for monitoring.
Mobile Device Management (MDM)
Design and operate MDM for iOS, Android, and corporate-owned devices.
Create compliance policies and automated enforcement.
Integrate MDM with conditional access and zero trust.
Manage BYOD programs with balanced security/privacy controls.
Automate provisioning, configuration, and device retirement.
SaaS & Third-Party Security
Evaluate and secure third-party SaaS applications.
Conduct technical security assessments of SaaS vendors.
Implement enterprise SaaS security strategies.
Partner with GRC on vendor risk requirements while you own technical controls.
Endpoint Zero Trust Implementation
Deploy endpoint/user-focused Zero Trust security frameworks.
Implement device trust, continuous verification, and user behavior analytics.
Create conditional access policies based on device health and user risk.
Automation & Operations
Automate security processes with Python, PowerShell, or similar.
Maintain runbooks and automation for security reviews.
Support and troubleshoot IAM systems across platforms.
Drive data-informed prioritization for security initiatives.
Do You Have What It Takes?
Required Experience
8+ years in enterprise security engineering with a focus on IAM & endpoint protection.
5+ years implementing identity solutions at scale (1,000+ users).
Proven track record of automation with measurable process improvements.
Deep expertise with tools like Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArk.
Strong scripting skills in Python or PowerShell.
Technical Expertise
Expert in SAML, OAuth, OIDC.
Skilled with EDR platforms and MDM solutions (Jamf, Intune, Workspace ONE, MobileIron).
Experience with DLP, insider threat programs, and endpoint/user zero trust.
Familiarity with SOC2, ISO 27001, GDPR, and HIPAA.
Execution & Impact
History of cutting manual processes by 50%+ through automation.
Proven ability to improve MTTR for access-related incidents.
Experience driving security initiatives that accelerate business growth.
Bonus Points (Preferred Qualifications)
Experience securing AI/ML development environments.
Background in browser security & secure web gateway implementation.
Knowledge of container/Kubernetes security.
Contributions to open-source security projects.
Experience with SOAR platforms.
Benefits & Perks (US Full-time employees)
Generous PTO, plus company holidays
Medical, dental, and vision coverage for you and your family
Paid parental leave for all parents (12 weeks)
Fertility and family planning support
Early-detection cancer testing through Galleri
Flexible spending account and dependent FSA options
Health savings account for eligible plans with company contribution
Annual work-life stipends for:
Home office setup, cell phone, internet
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites
Competitive compensation, company stock options and 401k
WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.