📐 About this role
WRITER is looking for an Enterprise Security Engineer to help secure our corporate infrastructure and protect our workforce.
At WRITER, we believe strong security shouldn’t slow business down — it should empower it. You’ll be responsible for architecting identity management solutions, implementing zero trust frameworks, and building automated security systems that scale as we grow. Your work will directly enable our teams to move fast while maintaining a rock-solid security posture.
As an Enterprise Security Engineer, you’ll lead hands-on implementation of enterprise security measures across identity, endpoint, device, and SaaS environments. You’ll collaborate closely with Cloud/Infrastructure, GRC, Detection & Response, and Software Security Engineering to create seamless, secure, and scalable systems for our people and tools.
If you’re passionate about blending practical security engineering with business enablement, we’d love to hear from you.
Role Boundaries & Collaboration
What You Own (Responsible)
Employee identity management (SSO, MFA, IGA, PAM)
Endpoint protection (EDR, AV, DLP)
Device trust and endpoint zero trust
Mobile device management (MDM)
SaaS application security
Vendor/partner access management
What You Don't Own (Others Lead)
Infrastructure/service identity (Cloud/Infrastructure owns)
Customer identity (Software Security Engineering owns)
Network zero trust (Cloud/Infrastructure owns)
Third-party risk program leadership (GRC owns, you implement technical controls)
Key Partnerships
With Cloud/Infrastructure: You manage human identity; they manage machine identity
With GRC: They define vendor risk requirements; you implement technical assessments
With Detection & Response: You deploy endpoint tools; they monitor for threats
With Software Security Engineering: Clear separation at employee vs. customer identity boundary
🦸🏻♀️ Your responsibilities
Employee Identity & Access Management
Automate IAM processes to remove manual bottlenecks in user lifecycle management (onboarding → offboarding)
Design and implement enterprise-wide identity and authentication solutions
Deploy IGA, PAM, and cloud-native IAM platforms
Partner with engineering teams on provisioning, access termination, and entitlement management
Own all human/employee identities (service/machine identity managed by Cloud/Infrastructure)
Endpoint & Device Security
Build and maintain endpoint security architecture and strategy
Deploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security tools
Implement device hardening and automated compliance checks
Investigate endpoint security incidents and build systems that strengthen identity, DLP, and device security
Own endpoint security tools; Detection & Response uses your tools for monitoring
Mobile Device Management (MDM)
Design and operate MDM for iOS, Android, and corporate-owned devices
Create compliance policies and automated enforcement
Integrate MDM with conditional access and zero trust
Manage BYOD programs with balanced security/privacy controls
Automate provisioning, configuration, and device retirement
SaaS & Third-Party Security
Evaluate and secure third-party SaaS applications
Conduct technical security assessments of SaaS vendors
Implement enterprise SaaS security strategies
Partner with GRC on vendor risk requirements while you own technical controls
Endpoint Zero Trust Implementation
Deploy endpoint/user-focused Zero Trust security frameworks
Implement device trust, continuous verification, and user behavior analytics
Create conditional access policies based on device health and user risk
Automation & Operations
Automate security processes with Python, PowerShell, or similar
Maintain runbooks and automation for security reviews
Support and troubleshoot IAM systems across platforms
Drive data-informed prioritization for security initiatives
⭐️ Is this you?
Required Experience
8+ years in enterprise security engineering (IAM & endpoint protection focus)
5+ years implementing identity solutions at scale (1,000+ users)
Proven track record of automation with measurable process improvements
Deep expertise with Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArk
Strong scripting skills (Python, PowerShell)
Technical Expertise
Expert in SAML, OAuth, OIDC
Skilled with EDR platforms, MDM solutions (Jamf, Intune, Workspace ONE, MobileIron)
Experience with DLP, insider threat programs, and endpoint/user zero trust
Familiarity with SOC2, ISO 27001, GDPR, HIPAA
Execution & Impact
History of cutting manual processes by 50%+ through automation
Proven ability to improve MTTR for access-related incidents
Experience driving security initiatives that accelerate business growth
Preferred Qualifications
Experience securing AI/ML development environments
Background in browser security & secure web gateway implementation
Knowledge of container/Kubernetes security
Contributions to open-source security projects
Experience with SOAR platforms
🍩 Benefits & perks (US Full-time employees)
Generous PTO, plus company holidays
Medical, dental, and vision coverage for you and your family
Paid parental leave for all parents (12 weeks)
Fertility and family planning support
Early-detection cancer testing through Galleri
Flexible spending account and dependent FSA options
Health savings account for eligible plans with company contribution
Annual work-life stipends for:
Home office setup, cell phone, internet
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites
Competitive compensation, company stock options and 401k
WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.
