Security Engineer

We are looking for a hands-on Security Analyst who takes complete ownership of our security posture — across every device, every server, every application, and every user in our environment.

This is not a monitoring-only role. You will actively assess, identify weaknesses, and prescribe and implement the specific steps needed to fix them. You will be the person who detects threats before they become incidents — including threats that come from inside the organization. You will own endpoint security for our Apple device fleet, harden and audit our cloud and on-premise servers, evaluate our SaaS and internal applications for vulnerabilities, and build the processes that keep us secure as we scale.

If you have done this work hands-on — not supervised it, not theorized about it, but actually built and secured real systems — this role is for you.

We are not looking for someone who generates reports and waits for engineers to action them.

What You’ll Be Responsible For

• Endpoint Security — Own Apple/macOS device security end-to-end: MDM enrollment, hardening baselines, patch compliance, and EDR-driven threat response

• Server & Infrastructure Security — Conduct regular assessments of AWS and on-premise servers; produce prioritized remediation plans with specific steps for every finding

• Application Security — Review internal and SaaS applications for weaknesses; deliver written hardening recommendations and track them to closure with engineering

• Insider Threat Detection — Design and operate behavioral monitoring, access pattern analysis, and anomaly detection; investigate flagged activity and escalate with evidence

• Access & Identity Management — Enforce least-privilege across all users and systems; conduct regular access reviews and remediate orphaned or over-privileged accounts

• Security Operations — Own SIEM, EDR, and vulnerability scanning workflows; lead incident response end-to-end from detection through post-incident documentation

• Governance & Compliance — Maintain security policies, run employee training, and keep the organization audit-ready for SOC 2, ISO 27001, or equivalent

Required Qualifications

• Bachelor’s degree from an accredited college or university

• Minimum 5 years of hands-on experience in a security engineering or equivalent role

• CySA+ or CISSP certification — CISSP strongly preferred

• Demonstrated, provable experience securing Apple/macOS environments (MDM, endpoint hardening, fleet management)

• Demonstrated experience assessing server security, documenting findings, and delivering step-by-step remediation plans

• Demonstrated experience reviewing applications for security weaknesses and producing actionable hardening recommendations

• Experience designing or operating insider threat detection programs — behavioral monitoring, access auditing, anomaly detection

• Strong working knowledge of SIEM, EDR, vulnerability scanners, and access management tools

• Experience with IAM — SSO, MFA, RBAC, and least-privilege enforcement

• Fluent spoken and written English

• High ownership mindset — you find vulnerabilities before they find you

Strongly Preferred

• Hands-on experience with MDM platforms for Apple device management

• Experience securing AWS environments — IAM policies, security groups, Cloud

Trail, Guard

Duty, and Config

• Familiarity with DLP (Data Loss Prevention) tools for insider threat and data exfiltration detection

• Experience conducting application security assessments or penetration testing

• Familiarity with SOC 2 Type II or ISO 27001 compliance frameworks

• Scripting ability (Python or Bash) for security automation and tooling

• Experience in a product-based SaaS or AI company

What We Mean by “Full Security Ownership”

We are looking for someone who:

• Has personally configured, hardened, and audited the systems they are responsible for — not delegated it

• Can demonstrate exactly what they secured, how they secured it, and what changed as a result

• Does not just flag problems — they show up with the problem, the root cause, and the recommended fix

• Thinks like an attacker when reviewing systems and applications

• Treats every orphaned account, unpatched server, and weak application config as a personal responsibility

• Understands that insider threats are as dangerous as external ones — and builds monitoring accordingly

What Success Looks Like

• Every employee device is enrolled, hardened, and compliant with a documented security baseline

• Server assessments are conducted on schedule — findings are documented with clear remediation steps and tracked to closure

• Every application in use has been reviewed; known weaknesses have a documented remediation plan with ownership and timelines

• Insider threat monitoring is active — anomalies are flagged, investigated, and escalated appropriately

• No orphaned accounts, no over-privileged roles, no unreviewed third-party access

• The company can pass a security audit with confidence at any time

• Leadership trusts that if a risk exists, the Security Engineer has already found it and is addressing it