Senior Corporate Security Engineer

📋 Description

• • As a Senior Corporate Security Engineer at ServiceTitan, you will be at the forefront of safeguarding our organization's digital assets and infrastructure. This pivotal role involves leading and executing initiatives across critical security domains, including Endpoint Security, SaaS Security Posture Management (SSPM), Identity & Access Management (IAM), Identity Governance, and Data-Loss Prevention (DLP). You will be instrumental in fostering a secure-by-design environment by collaborating closely with cross-functional teams such as IT, Governance, Risk, and Compliance (GRC), Engineering, and various Business stakeholders.
• • Your primary responsibility will be to integrate robust security tools, policies, and processes seamlessly into our corporate systems and workflows. This ensures that security is not an afterthought but a foundational element in all our technological endeavors.
• • A significant part of your role will focus on securing our expanding SaaS ecosystem and endpoints. This includes evaluating, configuring, and hardening critical SaaS applications like Google Workspace, Microsoft 365, Slack, HRIS, and ticketing systems to align with stringent enterprise security policies. You will implement and meticulously tune controls such as data access policies, DLP measures, sharing controls, and comprehensive audit logging across our entire SaaS estate.
• • You will also play a key role in endpoint hardening, working hand-in-hand with Endpoint and IT teams. Together, you will define and enforce baseline configurations for all managed devices, including laptops and workstations, leveraging Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) solutions to ensure a consistent and secure device posture.
• • Addressing the growing concern of data exfiltration and insider threats, you will develop and implement proactive strategies and deploy appropriate tooling for Data Loss Prevention (DLP) and the mitigation of insider risks within the organization. This involves understanding user behavior, data flows, and implementing controls to protect sensitive information.
• • A core focus of this position is engineering modern identity and access controls. You will partner with the Information Technology department to implement, configure, and monitor highly secure workforce identity solutions, with a strong emphasis on platforms like Okta and Microsoft Entra ID. Your work will ensure strict adherence to SSO assurance levels, including robust Multi-Factor Authentication (MFA) and Conditional Access policies.
• • You will be responsible for defining and maintaining Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) patterns across all enterprise applications. This includes defining clear role models, managing entitlements, and enforcing the principle of separation of duties. A key initiative will be the implementation of Just-In-Time (JIT) access and automated approval workflows, ensuring that users only have elevated access when it is strictly necessary and for a defined period.
• • Furthermore, you will design and deploy controls that embody Zero Trust principles, combining user identity, device posture, network context, and application sensitivity to aggressively enforce least-privilege access. This includes building automated, self-service experiences for access requests, facilitating regular access reviews, and establishing secure emergency break-glass workflows.
• • Embracing an automation-first mindset, you will design and build automation scripts and tools to streamline security workflows, collect actionable metrics, and enforce security policies at scale. This involves developing integrations between Identity Providers (IdPs), HRIS, ticketing systems, and other critical platforms to minimize manual effort and significantly reduce identity-related error rates.
• • In operational support and incident response, you will partner with our Incident Manager, providing crucial subject matter expertise for investigations and incident response activities related to identity, endpoint, and SaaS security domains. You will collaborate with Security Operations and SIEM teams to ensure comprehensive visibility into identity, device, and SaaS activity, and to develop high-signal detection rules.
• • Maintaining clear and concise documentation, including runbooks, will be essential to ensure that teams can easily consume and operate the security controls you implement, fostering a culture of shared responsibility and operational efficiency.
• • This role offers a unique opportunity to make a measurable impact by owning cross-functional projects from conception through adoption, with a clear emphasis on reducing risk and enhancing user experience. By building robust integrations and automations, you will directly contribute to minimizing manual toil and reducing error rates across the organization.