Senior Corporate Security Engineer

ServiceTitan is seeking an exceptional Senior Corporate Security Engineer to lead initiatives across key security domains. The role involves collaborating with various stakeholders to integrate security tools and processes, ensuring secure implementations and managing identity and access controls.

Responsibilities:

• Secure SaaS, Endpoints, and the Extended Workforce
• SaaS Posture Management: Evaluate, configure, and harden SaaS applications (Google Workspace, Microsoft 365, Slack, HRIS, ticketing) to align with enterprise security policies. Implement and tune controls such as data access policies, DLP, sharing controls, and audit logging across the SaaS estate
• Endpoint Hardening: Collaborate with Endpoint/IT teams to define and enforce baseline configurations for laptops, workstations, and other managed devices via MDM and EDR
• Data Loss & Insider Risk: Develop and implement strategies and tooling for Data Loss Prevention (DLP) and the mitigation of insider risks within the organization
• Engineer Modern Identity and Access Controls
• Single Sign-On Assurance & Federation: Partner with Information Technology to implement, configure, and monitor highly secure workforce identity solutions (e.g., Okta/Entra and other IdPs) while enforcing strict SSO assurance levels including Multi-Factor Authentication and Conditional Access
• Privileged Identity & JIT Provisioning: Define and maintain RBAC/ABAC patterns for enterprise applications, focusing on role models, entitlements, and separation of duties. Implement Just-In-Time (JIT) access and automated approval workflows to ensure users only have elevated access when strictly necessary
• Zero Trust & Break-Glass Workflows: Design and deploy controls that combine user identity, device posture, network context, and application sensitivity to aggressively enforce least-privilege access. Build automated, self-service experiences for access requests, recurring access reviews, and emergency break-glass workflows
• Automate and Instrument Everything
• Security Workflows: Design and build automation scripts and tools to streamline security workflows, collect actionable metrics, and enforce security policies at scale. Build automation and self-service experiences for access requests, approvals, access reviews, and break-glass workflows
• System Integrations: Develop integrations between IdPs, HRIS, ticketing, and other systems to minimize manual toil and reduce identity-related error rates
• Operational Support & Incident Response
• Incident Partnership: Partner with our Incident Manager and provide subject matter expertise for investigations and incident response related to identity, endpoint, and SaaS domains
• Detection & Visibility: Work with Security Operations and SIEM teams to ensure robust visibility into identity, device, and SaaS activity, and to build high-signal detections
• Clear Documentation: Author clear documentation and runbooks that make it easy for teams to consume and operate the controls you build

Requirements:

• 4 to 5+ years of experience in Corporate Security, IT Security, enterprise security, identity and access management, or closely related security engineering roles
• Strong, practical understanding of modern IAM concepts (SSO, RBAC/ABAC, least privilege), zero trust architecture, threat modeling, and security frameworks such as SOC 2, ISO 27001, and CIS Controls
• Hands-on experience with security configurations for platforms such as Okta, Entra ID, Google Workspace, and EDR/MDM tooling
• Some experience writing and maintaining scripts, with proficiency in at least one modern language (e.g., Python, Powershell, KQL) used to build automations, integrations, or internal tooling
• Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making