← Back to Search
Security Engineer
Denver, CO Direct-Hire $150000.00 - $163000.00 Remote
Job Description

Type: Full-Time, Direct Hire

Salary: $163k

Location: Denver

Schedule: Remote

We are looking for a security-minded, hands-on senior individual with strong Access Management and Cloud Security experience to support our global Identity and Access Management (IAM) and Cloud/Infrastructure security programs. The candidate must have strong operational knowledge of the security/infrastructure tool landscape and have a track record of optimizing and automating processes to achieve measurable efficiency and accuracy gains. This role is integral to the cyber security program, and works directly alongside the Security Architecture / Engineering, Security Operations, Tech Infrastructure and Network teams.

Responsibilities

  • Support for IAM, Cloud Security and Infrastructure Security projects, including (but not limited to) IAM Governance solutions (e.g., SailPoint), Privilege Access Management solutions (PAM), Cloud Assessments and Configuration, Certificate Management, Mobile and Remote Access (e.g., VPN) Security.
  • Implement security processes to support IAM, Cloud and Infrastructure Security using best-in-class security engineering principles.
  • Experience with security metrics and measurements and process automation - understand how to measure IAM and Cloud processes and how to improve them based on historical data.
  • Partner with Security/Infrastructure/Product Engineers to evaluate best in class security solutions and plan production deployments and help document runbooks accordingly.
  • Participate in enterprise cybersecurity tabletop exercises across cross-function teams.
  • Partner with Security Operations (SecOps) Engineers to identify and evaluate best-in-class security solutions, plan production deployments, and help document runbooks accordingly.
  • Provide support for System and Organization Controls (SOC) audits through the gathering of objective evidence.
  • Assist with user access reviews (UARs), including interfacing with application teams, gathering data for entitlements and descriptions, populating entitlement data, communicating with reviewers, and generating UAR status reports
  • Implement identity security metrics and measurements and process automation - understand how to measure monitoring/IR processes and how to improve them based on historical data.
  • Security tool operations - running, maintaining, optimizing, and configuring rules for various tools across Security such as IAM, PAM and EPM.

Knowledge and Skills

  • Experience with IAM products, such as SailPoint Identity Security Cloud, Entra ID, and Okta.
  • Experience with IGA operational triage, requests, and resolutions within SLAs.
  • Strong understanding of IAM and Cloud/Infrastructure Security and concepts.
  • Understand what it means to "think like a hacker" and take the attacker viewpoint.
  • Experience with operating security tools or equivalent IAM, Cloud/Infrastructure tools such as Microsoft Active Directory (AD), IAM Governance (e.g. SailPoint), PAM & EPM (e.g. BeyondTrust, CyberArk), Certificate Management (e.g. Venafi).
  • Understanding of identity security architecture and engineering concepts.
  • Strong understanding of MITRE TTPs or similar.
  • Experience with onboarding applications into an IAM solution.
  • Experience testing IAM solutions, including test case development, data staging, test execution, and documenting test results.
  • Experience with automating IAM workflows.
  • Experience with SQL, PowerShell, Postman, and Visual Studio Code.
  • Experience with Microsoft Excel functions and macros for data analysis and reporting.
  • Experience with Agile methodologies.
  • Experience with Atlassian suite of products, including Jira and Confluence.

Required Experience

  • 3+ years of relevant IAM, Cloud, Infrastructure Security, or equivalent Infrastructure experience
  • Deep SailPoint experience (Identity Security Cloud or IdentityIQ)
  • Experience integrating SailPoint with AD, Okta, Entra ID, PAM (CyberArk/BeyondTrust)
  • Strong scripting/automation: SQL, PowerShell, Postman
  • IAM solution testing + runbook documentation
  • Security mindset (understanding of attacker TTPs / MITRE)

Preferred Experience

  • CISSP or equivalent.
  • Demonstrated past contributor and "plugged-in" to the security community and various industry sources.

Key Differentiator

  • Security tools experience or equivalent infrastructure experience.
  • Strong communicator who can partner internationally with senior security and application team members.
  • Self-starter who takes initiative with strong conviction.

Benefits: Health, vision, and dental insurance, accident and life insurance, 401k matching, paid time off, and education reimbursement, to name a few.

Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa, including student Visas with an OPT/CPT designation, at this time.

Please note that we are unable to support C2C or 1099.

All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance. For unincorporated Los Angeles county, to the extent our customers require a background check for certain positions, the Company faces a significant risk to its business operations and business reputation unless a review of criminal history is conducted for those specific job positions.

Job Reference: JN -032024-362683