Security engineer, enterprise security (San Francisco)

About this role

WRITER is looking for an Enterprise Security Engineer to help secure our corporate infrastructure and protect our workforce.

At WRITER, we believe strong security shouldnt slow business down it should empower it. Youll be responsible for architecting identity management solutions, implementing zero trust frameworks, and building automated security systems that scale as we grow. Your work will directly enable our teams to move fast while maintaining a rock-solid security posture.

As an Enterprise Security Engineer, youll lead hands-on implementation of enterprise security measures across identity, endpoint, device, and SaaS environments. Youll collaborate closely with Cloud/Infrastructure, GRC, Detection & Response, and Software Security Engineering to create seamless, secure, and scalable systems for our people and tools.

If youre passionate about blending practical security engineering with business enablement, wed love to hear from you.

Role Boundaries & Collaboration

What You Own (Responsible)

• Employee identity management (SSO, MFA, IGA, PAM)

• Endpoint protection (EDR, AV, DLP)

• Device trust and endpoint zero trust

• Mobile device management (MDM)

• SaaS application security

• Vendor/partner access management

What You Don't Own (Others Lead)

• Infrastructure/service identity (Cloud/Infrastructure owns)

• Customer identity (Software Security Engineering owns)

• Network zero trust (Cloud/Infrastructure owns)

• Third-party risk program leadership (GRC owns, you implement technical controls)

Key Partnerships

• With Cloud/Infrastructure : You manage human identity; they manage machine identity

• With GRC : They define vendor risk requirements; you implement technical assessments

• With Detection & Response : You deploy endpoint tools; they monitor for threats

• With Software Security Engineering : Clear separation at employee vs. customer identity boundary

???? Your responsibilities

Employee Identity & Access Management

• Automate IAM processes to remove manual bottlenecks in user lifecycle management (onboarding offboarding)

• Design and implement enterprise-wide identity and authentication solutions

• Deploy IGA, PAM, and cloud-native IAM platforms

• Partner with engineering teams on provisioning, access termination, and entitlement management

• Own all human/employee identities (service/machine identity managed by Cloud/Infrastructure)

Endpoint & Device Security

• Build and maintain endpoint security architecture and strategy

• Deploy, manage, and troubleshoot enterprise browsers, EDR, DLP, AV, and other security tools

• Implement device hardening and automated compliance checks

• Investigate endpoint security incidents and build systems that strengthen identity, DLP, and device security

• Own endpoint security tools; Detection & Response uses your tools for monitoring

Mobile Device Management (MDM)

• Design and operate MDM for iOS, Android, and corporate-owned devices

• Create compliance policies and automated enforcement

• Integrate MDM with conditional access and zero trust

• Manage BYOD programs with balanced security/privacy controls

• Automate provisioning, configuration, and device retirement

SaaS & Third-Party Security

• Evaluate and secure third-party SaaS applications

• Conduct technical security assessments of SaaS vendors

• Implement enterprise SaaS security strategies

• Partner with GRC on vendor risk requirements while you own technical controls

Endpoint Zero Trust Implementation

• Deploy endpoint/user-focused Zero Trust security frameworks

• Implement device trust, continuous verification, and user behavior analytics

• Create conditional access policies based on device health and user risk

Automation & Operations

• Automate security processes with Python, PowerShell, or similar

• Maintain runbooks and automation for security reviews

• Support and troubleshoot IAM systems across platforms

• Drive data-informed prioritization for security initiatives

Is this you?

Required Experience

• 8+ years in enterprise security engineering (IAM & endpoint protection focus)

• 5+ years implementing identity solutions at scale (1,000+ users)

• Proven track record of automation with measurable process improvements

• Deep expertise with Okta, Ping, Azure AD, CrowdStrike, SentinelOne, CyberArk

• Strong scripting skills (Python, PowerShell)

Technical Expertise

• Expert in SAML, OAuth, OIDC

• Skilled with EDR platforms, MDM solutions (Jamf, Intune, Workspace ONE, MobileIron)

• Experience with DLP, insider threat programs, and endpoint/user zero trust

• Familiarity with SOC2, ISO 27001, GDPR, HIPAA

Execution & Impact

• History of cutting manual processes by 50%+ through automation

• Proven ability to improve MTTR for access-related incidents

• Experience driving security initiatives that accelerate business growth

Preferred Qualifications

• Experience securing AI/ML development environments

• Background in browser security & secure web gateway implementation

• Knowledge of container/Kubernetes security

• Contributions to open-source security projects

• Experience with SOAR platforms

Benefits & perks (US Full-time employees)

• Generous PTO, plus company holidays

• Medical, dental, and vision coverage for you and your family

• Paid parental leave for all parents (12 weeks)

• Fertility and family planning support

• Early-detection cancer testing through Galleri

• Flexible spending account and dependent FSA options

• Health savings account for eligible plans with company contribution

• Annual work-life stipends for:

  • Home office setup, cell phone, internet

  • Wellness stipend for gym, massage/chiropractor, personal training, etc.

  • Learning and development stipend

• Company-wide off-sites and team off-sites

• Competitive compensation, company stock options and 401k

WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice .