Security engineer, enterprise security

📐 About this role

WRITER is looking for an Enterprise Security Engineer to help secure our corporate infrastructure and protect our workforce.

At WRITER, we believe strong security shouldn’t slow business down — it should empower it. You’ll be responsible for architecting identity management solutions, implementing zero trust frameworks, and building automated security systems that scale as we grow. Your work will directly enable our teams to move fast while maintaining a rocksolid security posture.

As an Enterprise Security Engineer, you’ll lead handson implementation of enterprise security measures across identity, endpoint, device, and SaaS environments. You’ll collaborate closely with CloudInfrastructure, GRC, Detection & Response, and Software Security Engineering to create seamless, secure, and scalable systems for our people and tools.

If you’re passionate about blending practical security engineering with business enablement, we’d love to hear from you.

Role Boundaries & Collaboration

What You Own (Responsible)

• Employee identity management (SSO, MFA, IGA, PAM)

• Endpoint protection (EDR, AV, DLP)

• Device trust and endpoint zero trust

• Mobile device management (MDM)

• SaaS application security

• Vendorpartner access management

• What You Dont Own (Others Lead)

  • Infrastructureservice identity (CloudInfrastructure owns)

  • Customer identity (Software Security Engineering owns)

  • Network zero trust (CloudInfrastructure owns)

  • Thirdparty risk program leadership (GRC owns, you implement technical controls)

  • Key Partnerships

    • With CloudInfrastructure: You manage human identity; they manage machine identity

    • With GRC: They define vendor risk requirements; you implement technical assessments

    • With Detection & Response: You deploy endpoint tools; they monitor for threats

    • With Software Security Engineering: Clear separation at employee vs. customer identity boundary

    • 🦸🏻‍♀️ Your responsibilities

      Employee Identity & Access Management

      • Automate IAM processes to remove manual bottlenecks in user lifecycle management (onboarding → offboarding)

      • Design and implement enterprisewide identity and authentication solutions

      • Deploy IGA, PAM, and cloudnative IAM platforms

      • Partner with engineering teams on provisioning, access termination, and entitlement management

      • Own all humanemployee identities (servicemachine identity managed by CloudInfrastructure)

      • Endpoint & Device Security

        • Build and maintain endpoint security architecture and strategy

        • Deploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security tools

        • Implement device hardening and automated compliance checks

        • Investigate endpoint security incidents and build systems that strengthen identity, DLP, and device security

        • Own endpoint security tools; Detection & Response uses your tools for monitoring

        • Mobile Device Management (MDM)

          • Design and operate MDM for iOS, Android, and corporateowned devices

          • Create compliance policies and automated enforcement

          • Integrate MDM with conditional access and zero trust

          • Manage BYOD programs with balanced securityprivacy controls

          • Automate provisioning, configuration, and device retirement

          • SaaS & ThirdParty Security

            • Evaluate and secure thirdparty SaaS applications

            • Conduct technical security assessments of SaaS vendors

            • Implement enterprise SaaS security strategies

            • Partner with GRC on vendor risk requirements while you own technical controls

            • Endpoint Zero Trust Implementation

              • Deploy endpointuserfocused Zero Trust security frameworks

              • Implement device trust, continuous verification, and user behavior analytics

              • Create conditional access policies based on device health and user risk

              • Automation & Operations

                • Automate security processes with Python, PowerShell, or similar

                • Maintain runbooks and automation for security reviews

                • Support and troubleshoot IAM systems across platforms

                • Drive datainformed prioritization for security initiatives

                • ⭐️ Is this you?

                  Required Experience

                  • 8+ years in enterprise security engineering (IAM & endpoint protection focus)

                  • 5+ years implementing identity solutions at scale (1,000+ users)

                  • Proven track record of automation with measurable process improvements

                  • Deep expertise with Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArk

                  • Strong scripting skills (Python, PowerShell)

                  • Technical Expertise

                    • Expert in SAML, OAuth, OIDC

                    • Skilled with EDR platforms, MDM solutions (Jamf, Intune, Workspace ONE, MobileIron)

                    • Experience with DLP, insider threat programs, and endpointuser zero trust

                    • Familiarity with SOC2, ISO 27001, GDPR, HIPAA

                    • Execution & Impact

                      • History of cutting manual processes by 50%+ through automation

                      • Proven ability to improve MTTR for accessrelated incidents

                      • Experience driving security initiatives that accelerate business growth

                      • Preferred Qualifications

                        • Experience securing AIML development environments

                        • Background in browser security & secure web gateway implementation

                        • Knowledge of containerKubernetes security

                        • Contributions to opensource security projects

                        • Experience with SOAR platforms

                        • 
                          🍩 Benefits & perks (US Fulltime employees)

                          • Generous PTO, plus company holidays

                          • Medical, dental, and vision coverage for you and your family

                          • Paid parental leave for all parents (12 weeks)

                          • Fertility and family planning support

                          • Earlydetection cancer testing through Galleri

                          • Flexible spending account and dependent FSA options

                          • Health savings account for eligible plans with company contribution

                          • Annual worklife stipends for:

                            • Home office setup, cell phone, internet

                            • Wellness stipend for gym, massagechiropractor, personal training, etc.

                            • Learning and development stipend

                            • • Companywide offsites and team offsites

                              • Competitive compensation, company stock options and 401k

                              • WRITER is an equalopportunity employer and is committed to diversity. We dont make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

                                By submitting your application on the application page, you acknowledge and agree to WRITERs Global Candidate Privacy Notice.