Job Summary
We are looking for a Workplace Security Engineer to design, implement, and continuously improve corporate security controls across identity, endpoint, network access (VPN/ZTNA), and data protection. You will be the technical owner for key security platforms and work with IT, Cloud, and Compliance teams to meet financial industry security requirements.
Key Responsibilities
1) Identity & Access Engineering
- Own secure identity architecture across Google Workspace and AWS IAM Identity Center:
- Design group/role models, least privilege, and access governance processes.
- Improve SSO posture (SAML/OAuth), session policies, MFA enforcement, conditional access patterns where applicable.
- Lead onboarding of new SaaS apps into SSO and define standard patterns (SAML attributes, role mapping, break-glass access).
2) Zero Trust / Remote Access Engineering
- Own and optimize enterprise remote access and ZTNA/SASE through: Prisma Access / GlobalProtect; Prisma ZTNA / Prisma SASE; Google BeyondCorp (where applicable)
- Work with network teams on policy design, segmentation, and logging requirements.
3) Endpoint Security Engineering
- Define and enforce endpoint security baselines and compliance through: Jamf Pro + Apple Business Manager; Google Endpoint Management; Palo Alto Cortex XDR
- Drive improvements in device posture: encryption, OS baseline, EDR coverage, hardening, local admin controls.
4) Data Security & DLP Engineering
- Design and tune data protection controls through: Google Workspace DLP, Prisma Cloud DLP
- Define data classification patterns, DLP rules/exception workflows, and measurable reduction in risky exfiltration events.
5) Vulnerability & Patch Governance
- Own vulnerability scanning results triage, risk rating, remediation tracking, and verification.
- Define patch SLAs, exception workflows, and reporting; coordinate with IT/Ops/R&D teams (execution may be performed by owning teams).
6) Security Monitoring, Incident Response & Continuous Improvement
- Improve alerting quality and detection coverage across IAM/endpoint/network/DLP telemetry.
- Lead investigations for escalated incidents, produce incident reports and post-incident improvements (runbooks, control changes).
7) Documentation & Audit Readiness
- Build security standards, runbooks, and audit evidence pipelines for access control, remote access, endpoint protection, and DLP.
Qualifications
- 5+ years in security engineering / IT security with strong hands-on implementation experience.
- Deep experience in at least two of the following:
-- IAM/SSO (Google Workspace / AWS IAM Identity Center, SAML/OAuth)
-- Endpoint security (Jamf/ABM, EDRCortex XDR)
-- Zero Trust / VPN / SASE (Prisma Access/GlobalProtect, Prisma ZTNA/SASE, BeyondCorp)
-- DLP engineering (Google Workspace DLP / Prisma Cloud DLP)
-- Strong troubleshooting skills across Windows/macOS, and solid networking fundamentals.
-- Experience supporting audits and producing evidence in regulated environments is a strong plus.
Nice to Have
- Scripting/automation (Python, Bash), IaC mindset, good operational excellence.
- Relevant certs: Palo Alto (PCNSA/PCNSE), Jamf certs, Google Workspace admin, AWS security.
