Staff Security Engineer (Access Control & Access Management)

Title: Staff Security Engineer, (Access Control & Identity Access Management), 

Location: Remote in these states: AZ, CA, CO, FL, GA, KS, KY, IA, ID, IL, IN, MA, ME, MI, MN, MO, NC, NH, NJ, NV, NY, OH, OR, PA, RI, SC, SD, TN, TX, UT, VA, VT, WA, WI

Role Description:

As a Staff Security Engineer (Access Control & Identity Access Management), you will design, implement, and maintain access control policies and systems for our cloud-based applications and infrastructure. You will also work closely with other security engineers, developers, and operations teams to ensure that our environment is secure and compliant with industry standards and best practices. You will play a pivotal role in identifying and analyzing cyber threat tactics, techniques, and procedures ensuring proactive detection capabilities to aid the global threat detection and response mission. You will use your expertise in security technologies, access control, threat detection, and incident response methodologies to ensure the confidentiality, integrity, and availability of our critical data and systems.

What you’ll do:

• Design and implement access control solutions for cloud-based applications and infrastructure using tools such as Azure AD, M365, Google Workspace, Salesforce, etc.
• Monitor and audit access control activities and events for anomalies.
• Develop and enforce access control policies and standards based on the principle of least privilege and role-based access control.
• Develop and automate security workflows, playbooks, and tools to improve efficiency and effectiveness of security operations.
• Develop relevant policies, procedures, and guidelines for access control and ensure compliance with, and support audits for, various standards, including but not limited to ISO270001 and SOC2.
• Design and configure Azure Active Directory (AAD) for effective access management to be used within Azure and leveraged in other applications such as Retool and SSMS.
• Research and evaluate emerging threats and security technologies and provide recommendations for enhancing our security posture.
• Collaborate with other security team members and stakeholders across the organization to share knowledge and best practices.
• Work closely with all teams to continuously provide technology requirements and use cases for enabling technologies including but not limited to SIEM, SOAR, Case Management, GRC, EDR, Intrusion Detection Systems, Web Proxy/Content Filtering, Active Directory, and PKI.
• Proactively search for, identify, and analyze new and existing techniques to detect advanced and targeted threats.
• Participate in risk assessments and implement controls to mitigate identified risks.
• Additional duties and responsibilities as necessary.

What you’ll bring to the table:

• 6+ years of hands-on work experience with security architecture and engineering in a cyber security operations program.
• 4+ years of experience in an access control security engineering or related role.
• Solid knowledge and experience with access control frameworks and tools, such as IAM, RBAC, ABAC, OAuth, SAML, etc.
• In-depth knowledge of Azure services, especially Azure Active Directory, Azure AD Identity Protection, and Azure RBAC.
• Established experience in designing and implementing access controls in cloud environments, particularly with Azure.
• Demonstrated track record of integrating security practices into the software development process.
• Track record of integrating security practices into database systems such as SSMS.
• Knowledge of cloud security, network security, endpoint security, and threat intelligence.
• Proficiency in scripting languages such as Python, PowerShell, Go, or Bash.
• Experience securing cloud-based infrastructures; Azure, M365, Google Workspace, Salesforce, etc.
• Excellent fundamental knowledge of industry standard frameworks such as MITRE ATT&CK.
• Desire to solve response challenges with automation.
• Established ability designing and deploying security controls across all security domains such as access management, data protection, vulnerability management, incident response and management, application security, network security, preventive, detective, and offensive security solutions.
• Excellent design and solution implementation skills for a Zero Trust Architecture.
• Outstanding interpersonal and communication skills with the ability to influence both internally and externally, and to drive multi-functional alignment and action.

Classification: Exempt

Reports to:  Manager, Information Technology

Perks & Benefits:

• Medical, Dental, Vision & Basic Life Insurance
• Paid Maternity/Parental Leave Program
• Flexible Time Off Program
• Paid Sick Leave and Paid Emergency Leave
• Floating Holidays (2 days/year)
• Wellness Days (1 day/quarter)
• 401K Match
• Competitive Salary, Performance Bonus
• Variety of voluntary benefits, such as, short term disability
• Referral Bonus Program
• Fun Culture >>> Check us out on Instagram (@lifeatshipbob)

ShipBob believes in transparency while providing a competitive total compensation package with a pay for performance approach. The expected base pay range for this position is $140,941 - $234,902.