Enterprise Security Engineer

Job Description: • Engineer secure-by-default endpoint baselines for macOS and Windows Endpoints, including encryption, firewall, application controls, device compliance, and configuration standards. • Automate and scale identity and access controls in Entra ID and Google Workspace (SSO, SCIM, conditional access, privileged access workflows, access reviews, joiner/mover/leaver). • Codify security controls as code (Terraform/configuration profiles/policy-as-code), with peer review, change history, testing/rollback, and measurable outcomes. • Build and maintain automations and integrations (e.g., n8n/SlackOps/APIs/scripts) that reduce manual access grants, speed up control changes, and eliminate repetitive workflows. • Harden SaaS and collaboration platforms by reducing unmanaged apps and enforcing strong authentication, least privilege, sharing controls, and data protection guardrails. • Improve visibility and detection by ensuring logging coverage and telemetry for endpoint, identity, and key SaaS applications (e.g., Defender/Sentinel and vendor logs where relevant). • Drive vulnerability and configuration drift reduction through patch compliance targets, remediation pipelines, and reporting that leadership can act on. • Partner with compliance and risk stakeholders to produce evidence, document controls, and operationalize requirements without creating brittle, manual processes. • Participate in an on-call rotation (every ~3 weeks) for escalations related to identity, endpoint security, and critical enterprise systems. Requirements: • Demonstrated experience engineering and scaling endpoint management (Jamf and/or Intune) and endpoint security controls for macOS and Windows. • Strong IAM foundation: hands-on experience with Entra ID (conditional access, SSO, access governance) and Google Workspace and/or Microsoft 365 administration. • Proven ability to automate real operational workflows using scripting and APIs (Bash, PowerShell, Python, etc.). • Strong troubleshooting and systems thinking: able to diagnose issues across identity, endpoint, network controls, and SaaS integrations. • Comfort balancing security and usability using a risk-based approach, communicating tradeoffs clearly to technical and non-technical stakeholders. Benefits: • TRM’s equity plan may be available Apply tot his job Apply To this Job