ZipRecruiter
Staff Security Engineer - Corporate Security
ZipRecruiter, Palo Alto, California, United States, 94306
Overview
Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce, and hundreds more. We are backed by top investors and have built a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Our team includes leaders who helped define the categories of endpoint and security. Today, Obsidian is trusted by global enterprises and protects more than 200 organizations across the globe. We are scaling quickly toward long-term growth and IPO readiness. Join us as we define the future of SaaS security. Position Overview We are looking for a Staff Security Engineer to join our team and help drive our corporate security to the next level and beyond. The ideal candidate is highly technical, passionate, and team‑oriented, able to evolve our corporate security program by optimizing, maturing, automating, integrating, and evolving our existing security controls, processes, and capabilities. In this hands-on role, you will engineer, architect, implement, and operate scalable security solutions across Obsidian’s global corporate environments. The ideal candidate is mission and values-driven, owns their work, and prioritizes the well‑being of customers, teammates, and the organization. This role thrives in a dynamic, high-growth startup environment within an established Cybersecurity, GRC, and IT team and programs. This is a critical, high‑impact role that will drive growth for a seasoned cybersecurity professional. The Staff Security Engineer reports to the Chief Information Security Officer, works within the Security Team, partners with Product Security, GRC, IT, and Engineering, and will have the support and autonomy to mature Obsidian's corporate security program and operations. Candidates should be highly technical team players with experience in cybersecurity engineering, operations, incident response, threat and vulnerability management, security posture management, and related disciplines. The role requires the ability to operate across a cloud‑based organization with a cybersecurity mission and a modern tech stack. This multi‑faceted role will require ownership mentality, sound judgment, personal responsibility, and initiative. Your Responsibilities Will Include Corporate Security Operations and Architecture Support IT by enhancing and automating security controls for corporate IT systems, including Google Workspace, Microsoft 365, Salesforce, Meraki, Jamf, Atlassian, Notion, and Slack. Operate, integrate, monitor, and automate security tooling such as endpoint detection and response, SIEM, SaaS Security Platforms, Email Security Platforms, CNAPP, MDM, EPM, and firewall technologies. Define, implement, and enforce secure and hardened patterns for corporate endpoint deployments and operations. Create automation workflows for security incident detection and response across corporate environments. Secure Access Management and Privilege Access Management systems, and ensure least privilege access and RBAC models are designed and implemented. Ensure corporate password and secrets managers are securely hardened and monitored. Support product penetration testing and corporate red teaming exercises. Support security program continuity and resiliency by maturing security documentation, processes, and runbooks. Build playbooks for recurring security events and operations. Perform regular access reviews and corporate vulnerability management. Drive zero-trust principles in corporate network communication and access control. Security Governance, Risk Management, and Compliance Support the GRC Team with security compliance for standards such as SOC 2 and ISO 27001. Assist the GRC Team with internal and external security audits such as SOC 2 and ISO 27001. Maintain accurate inventories of systems, users, and data flows across the corporate environment. Help drive security awareness and training programs across the company. Conduct Third-party Risk Management in support of the procurement of corporate products and services. Support the GRC Team with inbound customer and prospect security reviews and due diligence. Ensuring Obsidian assets are managed to a high‑security standard Implement security tooling, automation, and orchestration as needed for detection, response, reporting, and vulnerability management capabilities. Ensure that security tooling is maintained, optimized, and consistently deployed across the Obsidian install base. Develop security threat detection rules and analytics within Obsidian security tooling systems and drive posture security maturity. What We’re Looking For A person who is excited about working at an industry‑leading cybersecurity startup company with enterprise security needs. At least 6 years of Security Engineering and Operations experience. Proficiency in the following security domains: Endpoint Detection and Response, SIEM, Network Security Monitoring and Hardening, Endpoint Security Management and Hardening, Security Posture Management, Defense in Depth, IAM and PAM, SOAR. Preference for scripting for security automation (e.g., Python). Be obsessive about security while supporting the overall mission. Experience with security capabilities of modern IT systems such as Google Workspace, Microsoft 365, Slack, Notion, and Jira. Experience working with multiple internal and external stakeholders during incident lifecycles. Experience communicating across a company to drive adherence and education on security best practices, standards, and policies. What We Can Do For You Be part of a team‑first, low‑ego, mission‑focused culture. Provide opportunities for professional development. Provide opportunities to make high‑impact contributions to security. Influence the Obsidian product development. Annual conference attendance budget Competitive salary, equity, and health benefits Opportunity to publish research, share non‑proprietary code, and present at conferences Reserve your seat on our rocket ship! We are funded by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, Norwest Venture Partners, and are growing fast. This role is a game‑changer and is about securing our company and product as we provide cutting‑edge capabilities to help organizations increase their security. Employee Benefits Our competitive benefits packages are designed to support our employees' well‑being, both at work and at home. Our US based employees enjoy: Competitive compensation with equity and 401k Comprehensive healthcare with dental and vision coverage Flexible paid time off and paid holiday time off 12 weeks of new parent or family leave Personal and professional development resources For more details on our US benefits, or for information on our international benefits, please see here. Pay Transparency Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location, as well as the knowledge, skills and experience of the candidate. In addition to a competitive base salary, this position is eligible for equity awards and may be eligible for sales commission or incentive compensation based on the role or function within the company. At Obsidian, we are proud to be an equal‑opportunity employer. We value and hire for talent, passion, and compassion. In compliance with federal law, all persons hired will be required to submit satisfactory proof of and legal authorization. If you have a need that requires accommodation, please contact accommodations@obsidiansecurity.com Information collected and processed as part of any job applications you choose to submit is subject to Obsidian's Applicant Privacy Policy. Base Salary Range $190,000—$243,000 USD
#J-18808-Ljbffr
Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce, and hundreds more. We are backed by top investors and have built a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Our team includes leaders who helped define the categories of endpoint and security. Today, Obsidian is trusted by global enterprises and protects more than 200 organizations across the globe. We are scaling quickly toward long-term growth and IPO readiness. Join us as we define the future of SaaS security. Position Overview We are looking for a Staff Security Engineer to join our team and help drive our corporate security to the next level and beyond. The ideal candidate is highly technical, passionate, and team‑oriented, able to evolve our corporate security program by optimizing, maturing, automating, integrating, and evolving our existing security controls, processes, and capabilities. In this hands-on role, you will engineer, architect, implement, and operate scalable security solutions across Obsidian’s global corporate environments. The ideal candidate is mission and values-driven, owns their work, and prioritizes the well‑being of customers, teammates, and the organization. This role thrives in a dynamic, high-growth startup environment within an established Cybersecurity, GRC, and IT team and programs. This is a critical, high‑impact role that will drive growth for a seasoned cybersecurity professional. The Staff Security Engineer reports to the Chief Information Security Officer, works within the Security Team, partners with Product Security, GRC, IT, and Engineering, and will have the support and autonomy to mature Obsidian's corporate security program and operations. Candidates should be highly technical team players with experience in cybersecurity engineering, operations, incident response, threat and vulnerability management, security posture management, and related disciplines. The role requires the ability to operate across a cloud‑based organization with a cybersecurity mission and a modern tech stack. This multi‑faceted role will require ownership mentality, sound judgment, personal responsibility, and initiative. Your Responsibilities Will Include Corporate Security Operations and Architecture Support IT by enhancing and automating security controls for corporate IT systems, including Google Workspace, Microsoft 365, Salesforce, Meraki, Jamf, Atlassian, Notion, and Slack. Operate, integrate, monitor, and automate security tooling such as endpoint detection and response, SIEM, SaaS Security Platforms, Email Security Platforms, CNAPP, MDM, EPM, and firewall technologies. Define, implement, and enforce secure and hardened patterns for corporate endpoint deployments and operations. Create automation workflows for security incident detection and response across corporate environments. Secure Access Management and Privilege Access Management systems, and ensure least privilege access and RBAC models are designed and implemented. Ensure corporate password and secrets managers are securely hardened and monitored. Support product penetration testing and corporate red teaming exercises. Support security program continuity and resiliency by maturing security documentation, processes, and runbooks. Build playbooks for recurring security events and operations. Perform regular access reviews and corporate vulnerability management. Drive zero-trust principles in corporate network communication and access control. Security Governance, Risk Management, and Compliance Support the GRC Team with security compliance for standards such as SOC 2 and ISO 27001. Assist the GRC Team with internal and external security audits such as SOC 2 and ISO 27001. Maintain accurate inventories of systems, users, and data flows across the corporate environment. Help drive security awareness and training programs across the company. Conduct Third-party Risk Management in support of the procurement of corporate products and services. Support the GRC Team with inbound customer and prospect security reviews and due diligence. Ensuring Obsidian assets are managed to a high‑security standard Implement security tooling, automation, and orchestration as needed for detection, response, reporting, and vulnerability management capabilities. Ensure that security tooling is maintained, optimized, and consistently deployed across the Obsidian install base. Develop security threat detection rules and analytics within Obsidian security tooling systems and drive posture security maturity. What We’re Looking For A person who is excited about working at an industry‑leading cybersecurity startup company with enterprise security needs. At least 6 years of Security Engineering and Operations experience. Proficiency in the following security domains: Endpoint Detection and Response, SIEM, Network Security Monitoring and Hardening, Endpoint Security Management and Hardening, Security Posture Management, Defense in Depth, IAM and PAM, SOAR. Preference for scripting for security automation (e.g., Python). Be obsessive about security while supporting the overall mission. Experience with security capabilities of modern IT systems such as Google Workspace, Microsoft 365, Slack, Notion, and Jira. Experience working with multiple internal and external stakeholders during incident lifecycles. Experience communicating across a company to drive adherence and education on security best practices, standards, and policies. What We Can Do For You Be part of a team‑first, low‑ego, mission‑focused culture. Provide opportunities for professional development. Provide opportunities to make high‑impact contributions to security. Influence the Obsidian product development. Annual conference attendance budget Competitive salary, equity, and health benefits Opportunity to publish research, share non‑proprietary code, and present at conferences Reserve your seat on our rocket ship! We are funded by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, Norwest Venture Partners, and are growing fast. This role is a game‑changer and is about securing our company and product as we provide cutting‑edge capabilities to help organizations increase their security. Employee Benefits Our competitive benefits packages are designed to support our employees' well‑being, both at work and at home. Our US based employees enjoy: Competitive compensation with equity and 401k Comprehensive healthcare with dental and vision coverage Flexible paid time off and paid holiday time off 12 weeks of new parent or family leave Personal and professional development resources For more details on our US benefits, or for information on our international benefits, please see here. Pay Transparency Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location, as well as the knowledge, skills and experience of the candidate. In addition to a competitive base salary, this position is eligible for equity awards and may be eligible for sales commission or incentive compensation based on the role or function within the company. At Obsidian, we are proud to be an equal‑opportunity employer. We value and hire for talent, passion, and compassion. In compliance with federal law, all persons hired will be required to submit satisfactory proof of and legal authorization. If you have a need that requires accommodation, please contact accommodations@obsidiansecurity.com Information collected and processed as part of any job applications you choose to submit is subject to Obsidian's Applicant Privacy Policy. Base Salary Range $190,000—$243,000 USD
#J-18808-Ljbffr