Crusoe21.04.2026
Staff Corporate Security Engineer
Полная занятостьОфис
Обязанности
- 01Leading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity-aware, perimeter-less access models
- 02Architecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensions
- 03Implementing Binary Authorization and device trust mechanisms, leveraging hardware-backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systems
- 04Designing and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual property
- 05Strengthening email security posture, including MFA enforcement and session controls to mitigate phishing and session hijacking risks
- 06Architecting AI-native security frameworks, including governance and secure gateways for agent-based systems (e.g., MCP), ensuring all AI-driven actions are auditable and aligned with zero-trust principles
- 07Scaling identity and access management systems, including SSO, SAML, OAuth, SCIM, and designing Just-In-Time (JIT) access workflows to eliminate standing privileges
- 08Defining and executing a “Crown Jewels” security methodology, identifying and remediating high-risk vulnerabilities (e.g., IDOR, role-bypass) across critical systems
Требования
- 018+ years of experience designing and implementing Zero Trust, SASE, and modern identity-based security architectures
- 02Strong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and Slack
- 03Experience implementing device trust, endpoint security, and hardware-backed identity solutions
- 04Strong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patterns
- 05Knowledge of email security, phishing mitigation, and session security controls
- 06Experience identifying and mitigating application-layer vulnerabilities such as IDOR and privilege escalation risks
- 07Familiarity with emerging AI security challenges, including governance of agent-based systems and secure orchestration patterns
- 08Strong architectural mindset with the ability to design preventative, scalable security systems
- 09Excellent communication skills and ability to influence security decisions across engineering and business teams
Условия
- 01Competitive compensation and equity packages
- 02Restricted Stock Units
- 03Paid time off, paid holidays & leave of absence programs
- 04Comprehensive health, dental & vision insurance
- 05Employer contributions to HSA account
- 06Paid parental leave
- 07Paid life insurance, short-term and long-term disability
- 08Professional development & tuition reimbursement
- 09Mental health & wellness support
- 10Commuter benefits (parking & transit)
- 11Cell phone stipend
- 12401(k) Retirement plan with company match up to 4% of salary
- 13Volunteer time off
- 14Global travel insurance & emergency assistance
- 15Daily meals allowance
- 16Additional perks & programs specific to location
- 17Compensation will be paid in the range of up to $210,000 - $255,000 + Bonus