TRM Labs is a company providing blockchain analytics and AI solutions aimed at enhancing security for law enforcement and financial institutions. They are seeking an Enterprise Security Engineer to strengthen their corporate security posture by designing and implementing security improvements for identities, endpoints, and SaaS infrastructure.
Responsibilities:
- Engineer secure-by-default endpoint baselines for macOS and Windows Endpoints, including encryption, firewall, application controls, device compliance, and configuration standards
- Automate and scale identity and access controls in Entra ID and Google Workspace (SSO, SCIM, conditional access, privileged access workflows, access reviews, joiner/mover/leaver)
- Codify security controls as code (Terraform/configuration profiles/policy-as-code), with peer review, change history, testing/rollback, and measurable outcomes
- Build and maintain automations and integrations (e.g., n8n/SlackOps/APIs/scripts) that reduce manual access grants, speed up control changes, and eliminate repetitive workflows
- Harden SaaS and collaboration platforms by reducing unmanaged apps and enforcing strong authentication, least privilege, sharing controls, and data protection guardrails
- Improve visibility and detection by ensuring logging coverage and telemetry for endpoint, identity, and key SaaS applications (e.g., Defender/Sentinel and vendor logs where relevant)
- Drive vulnerability and configuration drift reduction through patch compliance targets, remediation pipelines, and reporting that leadership can act on
- Partner with compliance and risk stakeholders to produce evidence, document controls, and operationalize requirements without creating brittle, manual processes
- Participate in an on-call rotation (every ~3 weeks) for escalations related to identity, endpoint security, and critical enterprise systems
Requirements:
- Demonstrated experience engineering and scaling endpoint management (Jamf and/or Intune) and endpoint security controls for macOS and Windows
- Strong IAM foundation: hands-on experience with Entra ID (conditional access, SSO, access governance) and Google Workspace and/or Microsoft 365 administration
- Proven ability to automate real operational workflows using scripting and APIs (Bash, PowerShell, Python, etc.)
- Strong troubleshooting and systems thinking: able to diagnose issues across identity, endpoint, network controls, and SaaS integrations
- Comfort balancing security and usability using a risk-based approach, communicating tradeoffs clearly to technical and non-technical stakeholders
- Working knowledge of operating Infrastructure-as-Code / configuration-as-code (Terraform preferred; policy-as-code/config profiles acceptable)
- Security Incident Response & Countermeasures experience
- Security Operation Center experience