Security Engineer

We are looking for a hands-on Security Engineer who takes complete ownership of our security posture — across every device, every server, every application, and every user in our environment.This is not a monitoring-only role. You will actively assess, identify weaknesses, and prescribe and implement the specific steps needed to fix them. You will be the person who detects threats before they become incidents — including threats that come from inside the organization. You will own endpoint security for our Apple device fleet, harden and audit our cloud and on-premise servers, evaluate our SaaS and internal applications for vulnerabilities, and build the processes that keep us secure as we scale.If you have done this work hands-on — not supervised it, not theorized about it, but actually built and secured real systems — this role is for you.We are not looking for someone who generates reports and waits for engineers to action them.What You’ll Be Responsible ForEndpoint Security — Own Apple/macOS device security end-to-end: MDM enrollment, hardening baselines, patch compliance, and EDR-driven threat responseServer & Infrastructure Security — Conduct regular assessments of AWS and on-premise servers; produce prioritized remediation plans with specific steps for every findingApplication Security — Review internal and SaaS applications for weaknesses; deliver written hardening recommendations and track them to closure with engineeringInsider Threat Detection — Design and operate behavioral monitoring, access pattern analysis, and anomaly detection; investigate flagged activity and escalate with evidenceAccess & Identity Management — Enforce least-privilege across all users and systems; conduct regular access reviews and remediate orphaned or over-privileged accountsSecurity Operations — Own SIEM, EDR, and vulnerability scanning workflows; lead incident response end-to-end from detection through post-incident documentationGovernance & Compliance — Maintain security policies, run employee training, and keep the organization audit-ready for SOC 2, ISO 27001, or equivalentRequired QualificationsBachelor’s degree from an accredited college or universityMinimum 5 years of hands-on experience in a security engineering or equivalent roleCySA+ or CISSP certification — CISSP strongly preferredDemonstrated, provable experience securing Apple/macOS environments (MDM, endpoint hardening, fleet management)Demonstrated experience assessing server security, documenting findings, and delivering step-by-step remediation plansDemonstrated experience reviewing applications for security weaknesses and producing actionable hardening recommendationsExperience designing or operating insider threat detection programs — behavioral monitoring, access auditing, anomaly detectionStrong working knowledge of SIEM, EDR, vulnerability scanners, and access management toolsExperience with IAM — SSO, MFA, RBAC, and least-privilege enforcementFluent spoken and written EnglishHigh ownership mindset — you find vulnerabilities before they find youStrongly PreferredHands-on experience with MDM platforms for Apple device managementExperience securing AWS environments — IAM policies, security groups, CloudTrail, GuardDuty, and ConfigFamiliarity with DLP (Data Loss Prevention) tools for insider threat and data exfiltration detectionExperience conducting application security assessments or penetration testingFamiliarity with SOC 2 Type II or ISO 27001 compliance frameworksScripting ability (Python or Bash) for security automation and toolingExperience in a product-based SaaS or AI companyWhat We Mean by “Full Security Ownership”We are looking for someone who:Has personally configured, hardened, and audited the systems they are responsible for — not delegated itCan demonstrate exactly what they secured, how they secured it, and what changed as a resultDoes not just flag problems — they show up with the problem, the root cause, and the recommended fixThinks like an attacker when reviewing systems and applicationsTreats every orphaned account, unpatched server, and weak application config as a personal responsibilityUnderstands that insider threats are as dangerous as external ones — and builds monitoring accordinglyWhat Success Looks LikeEvery employee device is enrolled, hardened, and compliant with a documented security baselineServer assessments are conducted on schedule — findings are documented with clear remediation steps and tracked to closureEvery application in use has been reviewed; known weaknesses have a documented remediation plan with ownership and timelinesInsider threat monitoring is active — anomalies are flagged, investigated, and escalated appropriatelyNo orphaned accounts, no over-privileged roles, no unreviewed third-party accessThe company can pass a security audit with confidence at any timeLeadership trusts that if a risk exists, the Security Engineer has already found it and is addressing it

Apply Now