Obsidian Security
Staff Security Engineer - Corporate Security
Obsidian Security, Palo Alto, California, United States, 94306
Overview
Staff Security Engineer - Corporate Security Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce, and hundreds more. Backed by top investors, Obsidian has built a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Today, Obsidian is trusted by global enterprises and protects more than 200 organizations across multiple regions. We’re scaling quickly toward long-term growth and IPO readiness. Join us as we define the future of SaaS security! Position Overview:
We’re looking for a Staff Security Engineer to join our team and help drive our corporate security to the next level and beyond. The ideal candidate is highly technical, passionate, and team-oriented, capable of maturing and automating our security controls, processes, and capabilities. In this hands-on role, you will engineer, architect, implement, and operate scalable security solutions across Obsidian’s global corporate environments. The Staff Security Engineer reports to the Chief Information Security Officer, works within the Security Team, and partners closely with Product Security, GRC, IT, and Engineering. This role requires a technically skilled individual with experience in cybersecurity engineering, operations, incident response, threat and vulnerability management, security posture management, and related disciplines. This is a multi-faceted role within a fast-moving startup and will require ownership mentality, sound judgment, personal responsibility, and initiative. Responsibilities
Corporate Security Operations and Architecture Support IT by enhancing and automating security controls for corporate IT systems (Google Workspace, Microsoft 365, Salesforce, Meraki, Jamf, Atlassian, Notion, Slack). Operate, integrate, monitor, and automate security tooling (EDR, SIEM, SaaS Security Platforms, Email Security Platforms, CNAPP, MDM, EPM, firewall technologies). Define, implement, and enforce secure patterns for corporate endpoint deployments and operations. Create automation workflows for security incident detection and response across corporate environments. Secure Identity Access Management and Privilege Access Management systems with least privilege and RBAC. Ensure corporate password and secrets managers are securely hardened and monitored. Support product penetration testing and corporate red teaming exercises. Mature security documentation, processes, and runbooks; build playbooks for recurring security events. Perform regular access reviews and corporate vulnerability management. Drive zero-trust principles in corporate network communication and access control. Security Governance, Risk Management, and Compliance Support the GRC Team with security compliance for SOC 2 and ISO 27001. Assist with internal and external audits such as SOC 2 and ISO 27001. Maintain inventories of systems, users, and data flows across the corporate environment. Drive security awareness and training programs across the company. Conduct Third-party Risk Management for procurement of corporate products and services. Support inbound customer and prospect security reviews and due diligence. Ensure Obsidian assets are managed to a high-security standard. Implement security tooling, automation, and orchestration for detection, response, reporting, and vulnerability management; maintain and deploy tooling across the install base. Develop security threat detection rules and analytics within Obsidian security tooling and drive posture security maturity. What We’re Looking For
At least 6 years of Security Engineering and Operations experience. Proficiency in: Endpoint Detection and Response, SIEM, Network Security Monitoring and Hardening, Endpoint Security Management and Hardening, Security Posture Management, Defense in Depth, IAM and PAM, SOAR. Automation scripting in Python or similar for security tasks is a plus. Strong obsession with security while supporting the overall mission. Experience with security capabilities of Google Workspace, Microsoft 365, Slack, Notion, and Jira. Experience working with multiple stakeholders during incident lifecycles and communicating security practices across a company. What We Can Do For You
Be part of a team-first, low-ego, mission-focused culture. Provide opportunities for professional development and high-impact security contributions. Influence Obsidian product development. Annual conference attendance budget. Competitive salary, equity, and health benefits. Opportunity to publish research and share non-proprietary code. Join a well-funded, fast-growing company with strong career potential. This role is a game-changer and is about securing our company and product as we provide cutting-edge capabilities to help organizations increase their security. Employee Benefits
Competitive benefits package designed to support well-being. US-based employees enjoy competitive compensation with equity, comprehensive healthcare with dental and vision, flexible PTO and paid holidays, new parent or family leave, and development resources. For details on US and international benefits, see the company policy. Base Salary Range: $190,000 USD - $243,000 USD Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries Computer and Network Security
#J-18808-Ljbffr
Staff Security Engineer - Corporate Security Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce, and hundreds more. Backed by top investors, Obsidian has built a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Today, Obsidian is trusted by global enterprises and protects more than 200 organizations across multiple regions. We’re scaling quickly toward long-term growth and IPO readiness. Join us as we define the future of SaaS security! Position Overview:
We’re looking for a Staff Security Engineer to join our team and help drive our corporate security to the next level and beyond. The ideal candidate is highly technical, passionate, and team-oriented, capable of maturing and automating our security controls, processes, and capabilities. In this hands-on role, you will engineer, architect, implement, and operate scalable security solutions across Obsidian’s global corporate environments. The Staff Security Engineer reports to the Chief Information Security Officer, works within the Security Team, and partners closely with Product Security, GRC, IT, and Engineering. This role requires a technically skilled individual with experience in cybersecurity engineering, operations, incident response, threat and vulnerability management, security posture management, and related disciplines. This is a multi-faceted role within a fast-moving startup and will require ownership mentality, sound judgment, personal responsibility, and initiative. Responsibilities
Corporate Security Operations and Architecture Support IT by enhancing and automating security controls for corporate IT systems (Google Workspace, Microsoft 365, Salesforce, Meraki, Jamf, Atlassian, Notion, Slack). Operate, integrate, monitor, and automate security tooling (EDR, SIEM, SaaS Security Platforms, Email Security Platforms, CNAPP, MDM, EPM, firewall technologies). Define, implement, and enforce secure patterns for corporate endpoint deployments and operations. Create automation workflows for security incident detection and response across corporate environments. Secure Identity Access Management and Privilege Access Management systems with least privilege and RBAC. Ensure corporate password and secrets managers are securely hardened and monitored. Support product penetration testing and corporate red teaming exercises. Mature security documentation, processes, and runbooks; build playbooks for recurring security events. Perform regular access reviews and corporate vulnerability management. Drive zero-trust principles in corporate network communication and access control. Security Governance, Risk Management, and Compliance Support the GRC Team with security compliance for SOC 2 and ISO 27001. Assist with internal and external audits such as SOC 2 and ISO 27001. Maintain inventories of systems, users, and data flows across the corporate environment. Drive security awareness and training programs across the company. Conduct Third-party Risk Management for procurement of corporate products and services. Support inbound customer and prospect security reviews and due diligence. Ensure Obsidian assets are managed to a high-security standard. Implement security tooling, automation, and orchestration for detection, response, reporting, and vulnerability management; maintain and deploy tooling across the install base. Develop security threat detection rules and analytics within Obsidian security tooling and drive posture security maturity. What We’re Looking For
At least 6 years of Security Engineering and Operations experience. Proficiency in: Endpoint Detection and Response, SIEM, Network Security Monitoring and Hardening, Endpoint Security Management and Hardening, Security Posture Management, Defense in Depth, IAM and PAM, SOAR. Automation scripting in Python or similar for security tasks is a plus. Strong obsession with security while supporting the overall mission. Experience with security capabilities of Google Workspace, Microsoft 365, Slack, Notion, and Jira. Experience working with multiple stakeholders during incident lifecycles and communicating security practices across a company. What We Can Do For You
Be part of a team-first, low-ego, mission-focused culture. Provide opportunities for professional development and high-impact security contributions. Influence Obsidian product development. Annual conference attendance budget. Competitive salary, equity, and health benefits. Opportunity to publish research and share non-proprietary code. Join a well-funded, fast-growing company with strong career potential. This role is a game-changer and is about securing our company and product as we provide cutting-edge capabilities to help organizations increase their security. Employee Benefits
Competitive benefits package designed to support well-being. US-based employees enjoy competitive compensation with equity, comprehensive healthcare with dental and vision, flexible PTO and paid holidays, new parent or family leave, and development resources. For details on US and international benefits, see the company policy. Base Salary Range: $190,000 USD - $243,000 USD Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries Computer and Network Security
#J-18808-Ljbffr