Secure the Future at WRITER: Enterprise Security Engineer
WRITER is on a mission to empower businesses with strong security that doesn't hinder progress, but fuels it. We're seeking a talented Enterprise Security Engineer to safeguard our corporate infrastructure and protect our most valuable asset: our people.
Imagine architecting cutting-edge identity management solutions, implementing robust zero trust frameworks, and building automated security systems that scale seamlessly as we grow. As an Enterprise Security Engineer at WRITER, your work will directly impact our ability to innovate and operate securely.
This isn't just a job; it's an opportunity to blend hands-on security engineering with genuine business enablement. If you're passionate about creating a world-class security posture, we want to hear from you.
What You'll Own: Your Core Responsibilities
Employee Identity Management: SSO, MFA, IGA, and PAM solutions that streamline user lifecycle management.
Endpoint Protection: Leading-edge EDR, AV, and DLP deployments to defend against evolving threats.
Device Trust and Endpoint Zero Trust: Implementing policies and controls to ensure only trusted devices access sensitive data.
Mobile Device Management (MDM): Securely managing iOS, Android, and corporate-owned devices.
SaaS Application Security: Evaluating and securing third-party SaaS applications to minimize risk.
Vendor/Partner Access Management: Controlling and monitoring access for external partners.
What You Won't Own: Collaboration is Key
We believe in clear ownership and strong collaboration. Here's what other teams will lead, allowing you to focus on your areas of expertise:
Infrastructure/Service Identity: Managed by our Cloud/Infrastructure team.
Customer Identity: Handled by our Software Security Engineering team.
Network Zero Trust: Overseen by our Cloud/Infrastructure team.
Third-Party Risk Program Leadership: Led by our GRC team, with you implementing technical controls.
Your Key Partnerships
Cloud/Infrastructure: You secure human identities, they secure machine identities.
GRC: They define vendor risk requirements, you implement technical assessments.
Detection & Response: You deploy endpoint tools, they monitor for threats.
Software Security Engineering: Clear division between employee and customer identity security.
Dive Deeper: Your Day-to-Day
Employee Identity & Access Management
Automate IAM processes to eliminate manual bottlenecks in user lifecycle management (onboarding to offboarding).
Design and implement enterprise-wide identity and authentication solutions.
Deploy IGA, PAM, and cloud-native IAM platforms.
Partner with engineering teams on provisioning, access termination, and entitlement management.
Own all human/employee identities (service/machine identity managed by Cloud/Infrastructure).
Endpoint & Device Security
Build and maintain endpoint security architecture and strategy.
Deploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security tools.
Implement device hardening and automated compliance checks.
Investigate endpoint security incidents and build systems that strengthen identity, DLP, and device security.
Own endpoint security tools; Detection & Response uses your tools for monitoring.
Mobile Device Management (MDM)
Design and operate MDM for iOS, Android, and corporate-owned devices.
Create compliance policies and automated enforcement.
Integrate MDM with conditional access and zero trust.
Manage BYOD programs with balanced security/privacy controls.
Automate provisioning, configuration, and device retirement.
SaaS & Third-Party Security
Evaluate and secure third-party SaaS applications.
Conduct technical security assessments of SaaS vendors.
Implement enterprise SaaS security strategies.
Partner with GRC on vendor risk requirements while you own technical controls.
Endpoint Zero Trust Implementation
Deploy endpoint/user-focused Zero Trust security frameworks.
Implement device trust, continuous verification, and user behavior analytics.
Create conditional access policies based on device health and user risk.
Automation & Operations
Automate security processes with Python, PowerShell, or similar.
Maintain runbooks and automation for security reviews.
Support and troubleshoot IAM systems across platforms.
Drive data-informed prioritization for security initiatives.
Are You the Right Fit?
Required Experience
8+ years in enterprise security engineering with a focus on IAM and endpoint protection.
5+ years implementing identity solutions at scale (1,000+ users).
Proven track record of automation resulting in measurable process improvements.
Deep expertise with Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArk.
Strong scripting skills (Python, PowerShell).
Technical Expertise
Expert in SAML, OAuth, OIDC.
Skilled with EDR platforms and MDM solutions (Jamf, Intune, Workspace ONE, MobileIron).
Experience with DLP, insider threat programs, and endpoint/user zero trust.
Familiarity with SOC2, ISO 27001, GDPR, and HIPAA.
Execution & Impact
History of cutting manual processes by 50%+ through automation.
Proven ability to improve MTTR for access-related incidents.
Experience driving security initiatives that accelerate business growth.
Preferred Qualifications
Experience securing AI/ML development environments.
Background in browser security & secure web gateway implementation.
Knowledge of container/Kubernetes security.
Contributions to open-source security projects.
Experience with SOAR platforms.
Benefits & Perks (US Full-time employees)
Generous PTO, plus company holidays.
Medical, dental, and vision coverage for you and your family.
Paid parental leave for all parents (12 weeks).
Fertility and family planning support.
Early-detection cancer testing through Galleri.
Flexible spending account and dependent FSA options.
Health savings account for eligible plans with company contribution.
Annual work-life stipends for:
Home office setup, cell phone, internet
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites.
Competitive compensation, company stock options, and 401k.
WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.