Senior Software Engineer, Endpoint Privilege Manager; EPM

Description

Keeper Security is hiring a Senior Software Engineer to help build and scale our Endpoint Privilege Manager (KEPM/EPM) solution, enabling organizations to enforce least-privilege access and secure privilege elevation across endpoints. This is a 100% remote position, with an opportunity to work a hybrid schedule for candidates based in the Chicago, IL or El Dorado Hills, CA metro areas.

Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organizations and millions of people in over 150 countries. Keeper is a pioneer of zero-knowledge and zero-trust security built for any IT environment. Its core offering, Keeper

PAM®, is an AI-enabled, cloud-native platform that protects all users, devices and infrastructure from cyber attacks. Recognized for its innovation in the Gartner Magic Quadrant for Privileged Access Management (PAM), Keeper secures passwords and passkeys, infrastructure secrets, remote connections and endpoints with role-based enforcement policies, least privilege and just-in-time access. Learn why Keeper is trusted by leading organizations to defend against modern adversaries at

As a Senior Software Engineer on the KEPM/EPM team, you will remain hands‑on building core endpoint privilege capabilities from agent behavior and policy enforcement to elevation workflows, auditing, and integrations that support enterprise IT and MSP environments. You’ll work closely with Product and QA Automation to deliver features end‑to‑end, with a strong focus on secure systems engineering, reliability, and testability across Windows, macOS, and/or Linux.

• Design, build, and maintain core KEPM/EPM capabilities, including policy evaluation, privilege enforcement, elevation workflows, and audit logging
• Develop and harden endpoint agent components (services/daemons, installers/updaters, local policy caching, secure IPC) with a focus on security, reliability, and performance
• Implement platform integrations and management‑plane capabilities (APIs, admin workflows, telemetry) to support enterprise deployment, monitoring, and troubleshooting
• Partner with Product to review technical approaches, break down epics, and deliver incremental value through well‑scoped releases
• Collaborate with QA Automation to expand test coverage (unit, integration, end‑to‑end), improve CI reliability, and build testable interfaces into agent and service components
• Participate in security reviews and threat modeling; remediate vulnerabilities and improve tamper resistance and abuse prevention
• Improve observability and diagnosability across components (structured logging, metrics, crash reporting, debug tooling)
• Participate in on‑call and incident response as needed; contribute to postmortems and prevention measures

• 5+ years of professional software engineering experience delivering production software
• Proficiency in one or more systems/backend languages such as C/C++, Rust, Go, C#/.NET, or Java, with the ability to work across a multi‑language codebase
• Experience building system‑level software (endpoint agents, desktop applications, services/daemons, security tooling, or device management components)
• Strong understanding of OS security concepts and privilege models (least privilege, process execution, access control, secure update/signing patterns)
• Experience debugging and optimizing complex software (concurrency, performance profiling, memory/threading issues)
• Experience building automated tests and working in CI/CD environments; strong engineering hygiene around code review, testing, and documentation
• Strong communication skills and ability to partner cross‑functionally with Product, QA, and Security

• Experience with endpoint privilege management, EDR/EPP, device management, or identity/security products
• Deep expertise in at least one endpoint OS ecosystem (Windows, macOS, or Linux) and its privilege/security model (services/daemons, elevation flows, packaging, and code signing)
• Experience designing policy engines (rules evaluation, precedence, auditability, and explainability)
• Familiarity with enterprise…