Senior CCS Security Engineer (IAM)

The Basics: The Senior Cloud Cybersecurity (CCS) Security Engineer (IAM) will collaborate with Detection Security and Software Engineers to build operate and defend Tanium Cloud's Identity and Access Management (IAM) in AWS Azure and Kubernetes cloud hosting services. You will be an integral part of the Tanium Cloud security engineering for IAM responsible for the design implementation and operation of preventative and detective controls to identify assess and counter risks and threats before impacting Tanium Cloud. What you'll do:

• Build and operate Tanium Cloud's Identity and Access Management (IAM) in Azure AWS and Kubernetes as infrastructure-as-code and policy-as-code using DevOps methodologies for multiple CCS owned cloud environments.

• Design and implement our security strategy and controls with Security and Software Engineering teams for just-in-time and just-enough access for human and machine identities with Tanium Cloud services and cloud resources.

• Continuously evaluate and enhance the design and effectiveness of IAM security measures and establish an ongoing program to advance our IAM security and close gaps in our defensive posture.

• Proactively characterize unauthorized activity and malicious behaviors against our Tanium Cloud internal and external IAM services with Detection Engineers.

• Develop tailored IAM detections  and enforcement policies perform testing and implement automation to monitor assess and audit security information using SecDataOps and detection engineering best practices.

• Stay up to date with the latest IAM security threats vulnerabilities and industry trends to proactively enhance security prevention and detection measures.

• Build cultivate and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work

• Be on periodic on-call for triage of critical alerts from detections and systems

We're looking for someone with:

Education:

• Bachelor's degree or equivalent experience

• Cloud Security IT Security or related technical field preferred

Cloud IAM Security Engineering Experience

• 5-7 years of experience in cloud security prevention detection response for public cloud systems (e.g. AWS Azure) within a DevOps environment.

• 5+ years of experience in building and operating cloud-based Identity and Access Management with AWS and Azure as code including cloud organizations account identity access secrets role and policy management for both humans and machines.

• 3+ years of hands-on experience in securing identity and access controls for cloud-hosted Kubernetes clusters and their workloads (i.e. custom RBAC roles workload identities Open Policy Operator Framework Service Meshes Hierarchical Namespaces ) with K8 service teams preferably on AKS and EKS

• Explicit hands-on experience using infrastructure-as-code (i.e. Terraform CloudFormation ARM) to manage cloud IAM service configurations such as Azure Entra ID Azure MyApps Azure Policies AWS Organizations and AWS Organizations Service Control Policies (SCP).

• Familiar with SAML2 OAuth2 and OIDC for Single Sign On (SSO) with federated identity access brokers (i.e. MyApps Cognito KeyCloak) for internal and external customer use.

• Experience in detection engineering methodologies such as building detection cases proactively identify known and unknown cyber threats advisory behavior

• Experience in using security query or analytic tools for security data analysis such as SQL KQL or SPL to enable SecDataOps

• Build and improve IAM security playbooks and runbooks for automating security detection and response

• Solid understanding of modern attacker tactics techniques and procedures (TTPs) against cloud provider Kubernetes and open source IAM services (e.g. MITRE ATT&CK building threat intelligence etc.)

• Prior experience implementing and tailoring identity authentication and authorization security controls from ISO 27001 SOC 2 or NIST SP 800-53 security control frameworks for confidential workloads.

Engineering Experience

• Utilize robust analytical and problem-solving capabilities to confirm our hypotheses using precise data and in-depth root cause investigation.

• Experience using high-level programming languages (Go Python) to produce detection-as-code tools and automations

• Experience managing cloud infrastructure as infrastructure-as-code (e.g. Terraform CloudFormation ARM Pulumi Helm)

• Deliver high quality PRs daily using modern software engineering development and automation tools like Git and CI/CD pipelines (i.e. Jenkins GitHub Actions)

Other

• Deliver quality and velocity of contributions using DevOps principles

• Relentless desire to automate the mundane to focus on solving the harder problems

• Experienced engineer who can put out fires under pressure when things go wrong in production environments and address the root causes of those fires for the future

• Has knowledge of a variety of modern backend software frameworks and the versatility to learn new tools and languages

About Tanium

Tanium delivers the industry's only true real-time cloud-based endpoint management and security offering. Its platform is real-time seamless and autonomous allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity cost and risk. Securing more than 32M endpoints around the world Tanium's customers include Fortune 100 organizations top US retailers top US commercial banks and branches of the U.S. Military. It also partners with the world's biggest technology companies system integrators and managed service providers to help customers realize the full potential of their IT investments. Tanium has been named to the Forbes Cloud 100 list for nine consecutive years and ranks on the Fortune 100 Best Companies to Work For. For more information on The Power of Certainty™ visit www.tanium.com and follow us on LinkedIn and X .

On a mission. Together.

At Tanium we are stewards of a culture that emphasizes the importance of collaboration respect and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges we are strengthened by our unique perspectives and by our collective actions.

We are an organization with stakeholders around the world and it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things.

Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.

What you’ll get

The annual base salary range for this full-time position is $95000 to $285000. This range is an estimate for what Tanium will pay a new hire. The actual annual base salary offered may be adjusted based on a variety of factors including but not limited to location education skills training and experience.

In addition to an annual base salary team members will receive equity awards and a generous benefits package consisting of medical dental and vision plan family planning benefits health savings account flexible spending account transportation savings account 401(k) retirement savings plan with company match life accident and disability coverage business travel accident insurance employee assistance programs disability insurance and other well-being benefits.

For more information on how Tanium processes your personal data please see our Privacy Policy .