**Candidates must be U.S. citizens to be considered for this role.About the RoleWe're looking for a hands-on Senior Security Engineer with broad experience across enterprise security - identity, cloud, collaboration platforms, and endpoints. This is not a traditional SOC or Detection & Response role. Your focus will be on building, improving, and scaling the security controls, guardrails, and automation that protect a modern, cloud-first environment.
You'll work closely with engineering, IT, and compliance teams to strengthen our security posture, drive security initiatives end-to-end, and ensure our environments remain secure as we grow. Deep experience with cloud identity and access platforms is especially important. Experience with data protection (DLP/DSPM) is a strong plus.
What You Will DoIdentity & Access Security
- Engineer and operate identity security controls, including just-in-time access, privileged elevation, federation, conditional access, strong authentication, and least-privilege patterns.
- Strengthen identity governance across cloud and enterprise environments, including role design, access reviews, and lifecycle processes.
Cloud Security & Governance
- Build and maintain cloud guardrails across multi-cloud environments (policies, blueprints, configuration rules, organizational guardrails).
- Implement and tune cloud security posture / CNAPP capabilities to continuously monitor, prioritize, and reduce misconfigurations and exposed risks.
- Analyze cloud IAM configurations and identity behavior to identify risky patterns, excessive permissions, and gaps in controls.
Endpoint, Collaboration & Data Security
- Enhance endpoint security through EDR tuning, hardening baselines, and consistent configuration enforcement.
- Own key corporate security controls across email, collaboration, endpoints, cloud applications, and endpoint privilege management.
- Support data protection initiatives, including DLP/DSPM policies, classifications, and monitoring, with a focus on usable, business-aligned controls.
Automation & Engineering
- Develop automation and tooling (for example, using scripting languages and workflow/serverless automation services) to improve visibility, consistency, and reduce manual effort.
- Build scalable, business-aligned security controls that integrate smoothly into engineering, IT, and operational workflows.
Security Architecture & Cross-Functional Work
- Contribute to the long-term security architecture and strategy for identity, cloud, endpoints, and data protection.
- Lead small to medium security projects end-to-end: define scope, align stakeholders, implement, and follow through on outcomes.
- Collaborate with compliance and risk teams to maintain and audit controls aligned with relevant frameworks and certifications.
- Provide guidance and mentorship to cross-functional teams on secure patterns and best practices.
What You Will Bring- 5+ years of hands-on experience as a Security Engineer with exposure to identity, endpoint, and cloud security.
- Strong understanding of identity security and governance (privileged access, strong authentication, conditional access, federation, access reviews, and role design).
- Experience with endpoint security (hardening, configuration baselines, detection and response capabilities).
- Experience with data protection (DLP/DSPM), endpoint privilege management (EPM), or privileged access management (PAM) solutions is a strong plus.
- Ability to script or automate using languages such as Python, PowerShell, or JavaScript.
- Experience building automation using workflow orchestration and serverless platforms (for example, runbooks, pipelines, and function-as-a-service patterns).
- Strong understanding of IAM concepts and identity behavior across multi-cloud environments.
- Experience implementing practical, business-aligned security controls in cloud environments (experience in more than one major cloud is a plus).
- Ability to work independently, make informed decisions, and manage competing priorities.
- Experience collaborating with distributed teams and cross-functional stakeholders.
- Familiarity with DevOps practices and Agile methodologies is a plus.
Semperis maintains office locations in several cities across the globe. Candidates who reside within 45 miles of one of our offices-or where the job description specifies a required location-will follow our hybrid work model. This includes working onsite some days per week and remotely the remaining days. 
