Cybersecurity Engineer

We are seeking a Cybersecurity Engineer to help design operate and continuously improve Trupanions security controls and tooling across our Microsoft 365/Azure environment and supporting on-prem systems. This role balances hands-on ownership of core security platformsparticularly the Microsoft Defender suite and Privileged Access Management (CyberArk)with strong security engineering practices such as automation integrations hardening and detection and response improvements. The ideal candidate is proactive detail-oriented and comfortable partnering with IT and engineering teams to reduce risk respond to incidents and deliver practical measurable security outcomes. 

This position is open to candidates in the Seattle area. You will have a hybrid remote/in-office schedule where you will work from our casual pet-friendly office at least 3 days a week. 

Key Responsibilities: 

• Engineer operate and continuously improve the Microsoft Defender security stack (e.g. Defender for Endpoint Defender for Identity Defender for Office 365 Defender for Cloud Apps Defender Vulnerability Management) to protect endpoints identities email and cloud applications. 
• Own and administer Privileged Access Management tool including onboarding/offboarding privileged accounts policy and workflow configuration vault health upgrades and integrations. 
• Integrate Defender and PAM signals with SIEM/SOAR and ITSM workflows to improve detection fidelity reduce false positives and accelerate response and remediation. 
• Design and implement security engineering solutions across cloud and on-prem environments (primarily Azure/M365) including baseline hardening configuration standards and security control automation. 
• Develop and maintain security tooling lifecycle management (health licensing capacity performance roadmap and upgrades) ensuring resilient and supportable operations. 
• Create and maintain detection engineering content: analytic rules/use cases alert tuning threat hunting queries and automated response playbooks. 
• Perform security assessments and vulnerability management including scanning prioritization remediation tracking and validation of fixes in partnership with IT and engineering teams. 
• Partner with infrastructure identity/IAM and application teams to embed security controls into designs and delivery (secure-by-default patterns CI/CD security checks and least-privilege access). 
• Respond to security incidents as an engineering escalation pointtriage alerts contain threats coordinate remediation and drive root-cause fixes and preventive controls. 
• Produce clear accurate and up-to-date runbooks procedures and reference architectures for security tooling and operational processes. 
• Support audits and regulatory exams by providing evidence control narratives and technical subject-matter expertise for implemented security controls. 
• Stay current with emerging threats and Microsoft security capabilities; recommend and implement pragmatic improvements to Trupanions security posture. 

Qualifications:  

• Bachelors degree in Computer Science Information Technology Cybersecurity or a related field (or equivalent practical experience). 
• 5 years of hands-on security engineering experience supporting enterprise security platforms in Microsoft 365/Azure environments. 
• Relevant certifications (one or more preferred): Microsoft Security (e.g. SC-200/SC-300/SC-100) AZ-500 CISSP CISM GIAC or equivalent. 

Skills:  

• Deep expertise securing Microsoft 365 and Azure including identity endpoint email and cloud security controls. 
• Demonstrated experience administering Microsoft Defender components and/or XDR/SIEM platforms including alert tuning detection engineering and incident response collaboration. 
• Experience implementing or operating Privileged Access Management (CyberArk preferred) and integrating PAM with identity and security monitoring systems including policy configuration privileged session controls onboarding/ offboarding and operational troubleshooting. 
• Strong hands-on experience with the Microsoft Defender stack (Defender for Endpoint Defender for Identity Defender for Office 365 Defender for Cloud Apps Defender Vulnerability Management) and associated investigation workflows. 
• Experience with XDR/SIEM operations and integration (e.g. Microsoft Sentinel or equivalent): alert triage tuning threat hunting and automation/playbooks. 
• Strong identity and access management knowledge including Entra ID (Azure AD) conditional access MFA least privilege and role-based access control. 
• Security engineering fundamentals across Windows macOS and Linux plus network and cloud concepts (TLS DNS routing segmentation logging). 
• Proficiency in scripting and automation (PowerShell and/or Python) to operationalize controls integrate platforms and improve reliability. 
• Experience with vulnerability management and remediation workflows including scanning prioritization validation and reporting. 
• Working knowledge of secure SDLC and DevSecOps practices including CI/CD security checks secrets handling and infrastructure-as-code security. 
• Familiarity with security frameworks and controls (NIST CIS ISO 27001) and translating requirements into implementable technical standards. 
• Strong communication skills with the ability to explain security issues tradeoffs and remediation steps to both technical and non-technical stakeholders. 
• Excellent problem-solving analytical skills and the ability to prioritize and deliver across multiple concurrent initiatives. 
• Experience developing and maintaining runbooks technical documentation security guidelines and reference architectures. 

Compensation:

• The base pay range for this position is $120000-$160000 on a full-time schedule.
• Along with base salary Trupanion employees may be eligible for monthly bonuses.
• We want all employees to be invested in Trupanions success so we grant Restricted Stock Units to all new team members. Our new hire grants vest over 4 years

Additional Information :

Benefits and Perks:

• Full medical dental and vision benefits at no cost to the employee
• Four weeks of paid time off and 9 paid float holidays (you can decide which days are most important to you!)
• Five-week sabbatical after five years of employment
• Open casual pet-friendly and fun office environment
• Free medical health insurance for your pet (1 dog or cat)
• Paid time off to volunteer at nonprofit organizations
• Seattle Office Amenities: Free on-site gym free dog walking services for office pets during business hours free parking and paid ORCA cards.

For more information about Trupanion visit more about how Trupanion has revolutionized our industry and the reimbursement model: is an equal-opportunity employer and embraces diversity. We are committed to building a team that represents a variety of backgrounds abilities perspectives and skills.

We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process perform essential job functions and receive other benefits and privileges of employment. Please contact us to request accommodations.

Remote Work :

No

Employment Type :

Full-time