About the RoleWe are hiring a Workforce Security Engineer to secure how our people work: their identities, their devices, and the SaaS and collaboration stack they use every day. Identity is the active front line. You'll design and build phishing-resistant authentication, tighten admin access, automate the joiner/mover/leaver lifecycle, and harden the endpoint and workplace estate. If you'd rather automate an identity problem out of existence than click through an admin console forever, you'll fit here. Security is core to the product and the company, and we are engineering-led: we buy managed protection where it makes sense and spend headcount on engineers who automate and extend the stack. You'll be one of the first hires on this team, owning a domain rather than a slice of someone else's.
Responsibilities- Harden our IdP (Microsoft Entra) with phishing-resistant authentication, Conditional Access, privileged-access tiering (PIM), and admin-account protections
- Drive SSO enforcement across SaaS and automate the joiner/mover/leaver lifecycle (HRIS-to-IdP)
- Manage workforce secrets (e.g., 1Password) and build contingent-worker and non-human identity models
- Own MDM (e.g., Intune), EDR (e.g., CrowdStrike Falcon), device posture (e.g., Fleet), endpoint hardening, vulnerability and patch management, and reliable device lock/recovery at offboarding
- Harden the workplace stack (e.g., M365) and email security (e.g., Microsoft Defender), data-loss prevention, and SaaS posture/CASB and connectivity (e.g., Cloudflare One)
- Govern AI tooling access for the workforce
- Build the controls and automation that govern workforce access into customer environments
- Participate in the shared incident-response and on-call rotation
Minimum Qualifications- 5+ years in identity/IAM, corporate/workforce security, or security engineering
- Hands-on IAM depth: an enterprise IdP (Entra/Azure AD or equivalent) and the auth protocols (SAML, OIDC, OAuth), including MFA and Conditional Access
- Endpoint management experience (Intune, Jamf, or equivalent) across macOS and Windows
- Scripting/automation skills (e.g., Python, PowerShell) to replace manual identity and endpoint toil
- Working knowledge of M365 / workplace SaaS security
Preferred Qualifications- Identity-lifecycle/IGA automation and SCIM provisioning
- DLP, CASB, and SaaS posture management
- Zero-trust / device-trust-at-authentication models
- Experience securing AI tool usage and LLM gateways for a workforce
Why Join Us?- A high-performance culture
- State-of-the-art technology
- Experience world-class leadership
- Scale of impact and purpose
- A competitive salary and a huge growth trajectory
- Work with the best in the industry
- Flexible work environment
- Diversity and creativity