Staff Security Engineer - Corporate Security

Position Overview: Were looking for a Staff Security Engineer to join our team and help drive our corporate security to the next level and beyond. The ideal candidate for the role will be a highly technical passionate team-oriented professional who can evolve our corporate security program by optimizing maturing automating integrating and evolving our existing comprehensive security controls processes and this operational hands-on role you will engineer architect implement and operate scalable security solutions and capabilities across the Obsidian global corporate environments.

The ideal person for this role must be mission and values-driven must have an ownership mentality and must put the well-being of our customers our teammates and our organization at the forefront of how they operate. This person must be able to operate and thrive in a dynamic high-growth startup environment within an established Cybersecurity GRC and IT team and programs. This is a critical high-impact role that will serve as a catalyst for growth for any seasoned cybersecurity professional.

The Staff Security Engineer reports to the Chief Information Security Officer works within the Security Team partners closely with Product Security GRC IT and Engineering and will have the support and autonomy to drive maturity and technical excellence within Obsidians corporate security program and operations. Candidates applying for this sensitive and high-impact role should be highly technical team players with experience in cybersecurity engineering operations analysis incident response threat and vulnerability management security posture management and related disciplines. They should also have the ability to operate across a cloud-native organization with a cybersecurity mission and a modern tech stack. This is a multi-faceted role within a fast-moving startup and will require the successful candidate to possess an ownership mentality sound judgment personal responsibility and initiative.

Your Responsibilities Will Include:

• Corporate Security Operations and Architecture
• Support IT by enhancing and automating security controls for corporate IT systems including Google Workspace Microsoft 365 Salesforce Meraki Jamf Atlassian Notion and Slack.
• Operate integrate monitor and automate security tooling such as endpoint detection and response SIEM SaaS Security Platforms Email Security Platforms CNAPP MDM EPM and firewall technologies.
• Define implement and enforce secure and hardened patterns for corporate endpoint deployments and operations.
• Create automation workflows for security incident detection and response across corporate environments.
• Secure Identity Access Management and Privilege Access Management systems and ensure that least privilege access and RBAC models are adequately designed and implemented.
• Ensure corporate password and secrets managers are securely hardened and monitored.
• Support product penetration testing and corporate red teaming exercises.
• Support security program continuity and resiliency by maturing security documentation processes and runbooks. Build playbooks for recurring security events and operations.
• Perform regular access reviews and corporate vulnerability management.
• Drive zero-trust principles in corporate network communication and access control.

• Security Governance Risk Management and Compliance
• Support the GRC Team with security compliance for standards such as SOC 2 and ISO 27001.
• Assist the GRC Team with internal and external security audits such as SOC 2 and ISO 27001.
• Maintain accurate inventories of systems users and data flows across the corporate environment.
• Help drive security awareness and training programs across the company.
• Conduct Third-party Risk Management in support of the procurement of corporate products and services
• Support the GRC Team with inbound customer and prospect security reviews and due diligence.

• Ensuring Obsidian assets are managed to a high-security standard
• Implement security tooling automation and orchestration as needed for detection response reporting and vulnerability management capabilities.
• Ensure that security tooling is maintained optimized and consistently deployed across the Obsidian install base.
• Develop security threat detection rules and analytics within Obsidian security tooling systems and drive posture security maturity.

What Were Looking For

• A person who is excited about working at an industry-leading cybersecurity startup company with enterprise security needs.
• At least 6 years of Security Engineering and Operations experience.
• Proficiency in the following security domains: Endpoint Detection and Response SIEM Network Security Monitoring and Hardening Endpoint Security Management and Hardening Security Posture Management Defense in Depth IAM and PAM SOAR.
• Added preference if proficient in scripting for security automation in a language such as Python.
• Be obsessive about security while doing everything possible to support the overall mission.
• Experience with security capabilities of modern IT systems such as Google Workspace Microsoft 365 Slack Notion and Jira.
• Experience working with multiple internal and external stakeholders during incident lifecycles.
• Experience communicating across a company to drive adherence and education on security best practices standards and policies.

What We Can Do For You

• Be part of a team-first low-ego mission-focused culture.
• Provide opportunities for professional development.
• Provide opportunities to make high-impact contributions to security.
• Influence the Obsidian product development.
• Annual conference attendance budget
• Competitive salary equity and health benefits
• Opportunity to publish research share non-proprietary code and present at conferences
• Reserve your seat on our rocket ship! We are funded by Greylock Partners Google Ventures Menlo Ventures WingVC Norwest Venture Partners and are growing fast.

This role is a game-changer and is about securing our company and product as we provide cutting-edge capabilities to help organizations increase their security.