Staff Enterprise Security Engineer

Staff Enterprise Security Engineer 

Location: Remote 

Reports To: Senior Manager, Enterprise Security 

Department: Enterprise Security 

About the Role 

We are seeking a seasoned Staff Enterprise Security Engineer to design, implement, and manage enterprise-wide security solutions. You'll shape our security strategy across endpoint protection, network, SaaS, IAM, and observability—while aligning to NIST and CIS standards. This role reports to the Senior Manager of Enterprise Security, with close collaboration with the CISO, CISO staff, and cross-functional teams. 

Key Responsibilities 

• Security Architecture & Governance 

• Architect enterprise security solutions across endpoints (EDR/XDR), networks, SaaS, and identity/infrastructure. 

• Ensure compliance with NIST SP 800-53, CIS benchmarks, and FedRAMP (Low/Moderate/High) standards. 

• Design for DoD Impact Levels IL‑4 and IL‑5 environments, integrating enhanced controls beyond FedRAMP High (inkit.com). 

• IAM & Access Management 

• Implement and manage IAM frameworks: RBAC, MFA, SAML, OAuth, SCIM. 

• Regularly review and optimize privilege configurations. 

• Endpoint & Network Security 

• Deploy and manage endpoint security tools (e.g., CrowdStrike, SentinelOne). 

• Define network security strategies including firewalls (e.g., Palo Alto), micro-segmentation, VPNs. 

• SaaS Security & Cloud Compliance 

• Secure SaaS applications using SSPM tools and integrate them into governance frameworks. 

• Maintain compliance evidence for FedRAMP/DoD IL audits and ATO packages (openai.com, builtinsf.com, scale.com). 

• Incident Response & Threat Intelligence 

• Lead incident response efforts: detection, triage, investigation, mitigation, and post-mortems. 

• Coordinate with threat intel teams to feed strategic threat insights into detection logic and tools. 

• Vulnerability Management & Observability 

• Own vulnerability scanning, CVE tracking, patch-rollout, and POA&M development. 

• Build and tune observability systems (SIEM, EDR, logging, telemetry) to support security posture. 

• Automation & Scripting 

• Automate security workflows using Python, PowerShell, Bash, or similar languages. 

• Integrate automation into tooling for incident response, compliance, detection, and remediation. 

• Collaboration & Communication 

• Work directly with the CISO and staff to align security initiatives with organizational strategy. 

• Communicate technical concepts clearly to leadership, compliance, legal, and engineering teams. 

• Develop and deliver security training and awareness for teams across the enterprise. 

Qualifications & Experience 

• Education: Bachelor’s degree in cybersecurity, computer science, engineering—or equivalent years of corporate security/SOC experience. 

• Experience: 7+ years in enterprise or cloud security with hands-on background in IAM, endpoint/network/SaaS security, incident management, vulnerability management, and log analytics. 

• Compliance Know-How: 

• Solid understanding of FedRAMP security controls and audit frameworks. 

• Experience with DoD IL‑4/IL‑5 programs—understand added encryption, personnel restrictions, and control overlays

• Technical Skills: 

• Proficiency with tools like CrowdStrike, Palo Alto, F5, Splunk/ELK, and IAM platforms (Okta, AzureAD, etc.). 

• Strong scripting/automation using Python, PowerShell, Bash, etc. 

• Security Frameworks: NIST SP 800-53/171, CIS Benchmarks, FedRAMP, DoD CC SRG. 

• Soft Skills: Strong verbal and written communication; ability to convey complex topics to executives. 

• Personality Traits: Strategic thinker, collaborative, proactive, with the ability to thrive in fast-moving environments.