Crusoe21.04.2026

Staff Corporate Security Engineer

Полная занятостьОфис

Обязанности

  • 01Leading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity-aware, perimeter-less access models
  • 02Architecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensions
  • 03Implementing Binary Authorization and device trust mechanisms, leveraging hardware-backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systems
  • 04Designing and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual property
  • 05Strengthening email security posture, including MFA enforcement and session controls to mitigate phishing and session hijacking risks
  • 06Architecting AI-native security frameworks, including governance and secure gateways for agent-based systems (e.g., MCP), ensuring all AI-driven actions are auditable and aligned with zero-trust principles
  • 07Scaling identity and access management systems, including SSO, SAML, OAuth, SCIM, and designing Just-In-Time (JIT) access workflows to eliminate standing privileges
  • 08Defining and executing a “Crown Jewels” security methodology, identifying and remediating high-risk vulnerabilities (e.g., IDOR, role-bypass) across critical systems

Требования

  • 018+ years of experience designing and implementing Zero Trust, SASE, and modern identity-based security architectures
  • 02Strong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and Slack
  • 03Experience implementing device trust, endpoint security, and hardware-backed identity solutions
  • 04Strong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patterns
  • 05Knowledge of email security, phishing mitigation, and session security controls
  • 06Experience identifying and mitigating application-layer vulnerabilities such as IDOR and privilege escalation risks
  • 07Familiarity with emerging AI security challenges, including governance of agent-based systems and secure orchestration patterns
  • 08Strong architectural mindset with the ability to design preventative, scalable security systems
  • 09Excellent communication skills and ability to influence security decisions across engineering and business teams

Условия

  • 01Competitive compensation and equity packages
  • 02Restricted Stock Units
  • 03Paid time off, paid holidays & leave of absence programs
  • 04Comprehensive health, dental & vision insurance
  • 05Employer contributions to HSA account
  • 06Paid parental leave
  • 07Paid life insurance, short-term and long-term disability
  • 08Professional development & tuition reimbursement
  • 09Mental health & wellness support
  • 10Commuter benefits (parking & transit)
  • 11Cell phone stipend
  • 12401(k) Retirement plan with company match up to 4% of salary
  • 13Volunteer time off
  • 14Global travel insurance & emergency assistance
  • 15Daily meals allowance
  • 16Additional perks & programs specific to location
  • 17Compensation will be paid in the range of up to $210,000 - $255,000 + Bonus