More jobs:
Job Description & How to Apply Below
This is not a monitoring-only role. You will actively assess, identify weaknesses, and prescribe and implement the specific steps needed to fix them. You will be the person who detects threats before they become incidents — including threats that come from inside the organization. You will own endpoint security for our Apple device fleet, harden and audit our cloud and on-premise servers, evaluate our SaaS and internal applications for vulnerabilities, and build the processes that keep us secure as we scale.
If you have done this work hands-on — not supervised it, not theorized about it, but actually built and secured real systems — this role is for you.
We are not looking for someone who generates reports and waits for engineers to action them.
What You’ll Be Responsible For
Endpoint Security — Own Apple/macOS device security end-to-end: MDM enrollment, hardening baselines, patch compliance, and EDR-driven threat response
Server & Infrastructure Security — Conduct regular assessments of AWS and on-premise servers; produce prioritized remediation plans with specific steps for every finding
Application Security — Review internal and SaaS applications for weaknesses; deliver written hardening recommendations and track them to closure with engineering
Insider Threat Detection — Design and operate behavioral monitoring, access pattern analysis, and anomaly detection; investigate flagged activity and escalate with evidence
Access & Identity Management — Enforce least-privilege across all users and systems; conduct regular access reviews and remediate orphaned or over-privileged accounts
Security Operations — Own SIEM, EDR, and vulnerability scanning workflows; lead incident response end-to-end from detection through post-incident documentation
Governance & Compliance — Maintain security policies, run employee training, and keep the organization audit-ready for SOC 2, ISO 27001, or equivalent
Required Qualifications
Bachelor’s degree from an accredited college or university
Minimum 5 years of hands-on experience in a security engineering or equivalent role
CySA+ or CISSP certification — CISSP strongly preferred
Demonstrated, provable experience securing Apple/macOS environments (MDM, endpoint hardening, fleet management)
Demonstrated experience assessing server security, documenting findings, and delivering step-by-step remediation plans
Demonstrated experience reviewing applications for security weaknesses and producing actionable hardening recommendations
Experience designing or operating insider threat detection programs — behavioral monitoring, access auditing, anomaly detection
Strong working knowledge of SIEM, EDR, vulnerability scanners, and access management tools
Experience with IAM — SSO, MFA, RBAC, and least-privilege enforcement
Fluent spoken and written English
High ownership mindset — you find vulnerabilities before they find you
Strongly Preferred
Hands-on experience with MDM platforms for Apple device management
Experience securing AWS environments — IAM policies, security groups, Cloud Trail, Guard Duty, and Config
Familiarity with DLP (Data Loss Prevention) tools for insider threat and data exfiltration detection
Experience conducting application security assessments or penetration testing
Familiarity with SOC 2 Type II or ISO 27001 compliance frameworks
Scripting ability (Python or Bash) for security automation and tooling
Experience in a product-based SaaS or AI company
What We Mean by “Full Security Ownership”
We are looking for someone who:
Has personally configured, hardened, and audited the systems they are responsible for — not delegated it
Can demonstrate exactly what they secured, how they secured it, and what changed as a result
Does not just flag problems — they show up with the problem, the root cause, and the recommended fix
Thinks like an attacker when reviewing systems and applications
Treats every orphaned account, unpatched server, and weak application config as a personal responsibility
Understands…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×