Location
San Francisco, CA
Salary
Not specified
Type
fulltime
Posted
Today
Job Description
About Eleven Recruiting
We are a specialized technology staffing agency supporting professional and financial services companies. Why do we stand out in technology staffing? We listen and act as advisors for our candidates on how they can best add value, find interesting projects, and pave a path for career advancement. We advocate for the best pay, diversity in tech, and the best job fit for every candidate we place.
Our client, a global private equity firm, is seeking a Security Engineer to join their team in San Francisco, CA!
The ideal candidate will own the configuration, tuning, and governance of security controls across the firm's endpoint, network, identity, SIEM, asset management, and application environments. This individual will serve as the hands-on practitioner who bridges security architecture with operational execution — ensuring the firm's controls are correctly deployed, continuously tuned, and fit for purpose across a dynamic enterprise and portfolio context.
Responsibilities
Endpoint, Network \& Identity Security Controls
- Configure and maintain security controls across endpoint (EDR), network (SASE/proxy), and identity (IAM/SSO) stacks.
- Manage CrowdStrike Falcon policies including prevention settings, sensor deployment, and exclusion governance.
- Administer Prisma Access for SASE controls: URL filtering, SSL inspection, and app-level policies.
- Manage EntraID and Active Directory configurations including Conditional Access policies, MFA enforcement, privileged role governance, and directory hygiene.
- Maintain and harden Office 365 and Box security configurations, including sharing controls, external collaboration policies, and audit logging.
Technical Policy Configuration
- Author, implement, and maintain security policy configurations across EDR, authentication, and network control platforms.
- Define and enforce authentication policies (MFA, passwordless, phishing-resistant methods) via EntraID and Active Directory.
- Develop and manage network access control policies within Prisma Access and related ZTNA/SASE frameworks.
- Maintain policy documentation and change records; participate in policy exception review processes.
Application Security Assessments \& Architecture Onboarding
- Conduct security assessments for new application onboarding, evaluating controls, data flows, and integration risks.
- Produce structured security review outputs including risk ratings, architecture recommendations, and remediation requirements.
- Maintain an application security register; track remediation commitments through to closure.
- Collaborate with procurement, IT, and business stakeholders to ensure new tools meet baseline security requirements before deployment.
Troubleshooting \& Control Tuning
- Serve as the escalation point for security control issues affecting endpoint performance, authentication friction, or network connectivity.
- Investigate and remediate EDR-related performance degradation, agent conflicts, and exclusion requests using evidence-based analysis.
- Tune proxy and network policies to resolve false-positive-driven productivity issues without compromising control intent.
- Maintain metrics on control effectiveness and tuning activity; report trends to security leadership.
SIEM Management (Microsoft Sentinel)
- Own day-to-day administration of Microsoft Sentinel including workspace configuration, data connector management, and log ingestion health monitoring.
- Configure and onboard new log sources into Sentinel, including CrowdStrike, Prisma Access, EntraID, Office 365, Box, and AI platforms; validate schema normalization and ingestion fidelity.
- Build, tune, and maintain analytic rules and detection use cases aligned to threat models relevant to the enterprise and portfolio environment.
- Configure and manage alert triage workflows, incident queues, and automation rules (playbooks) to reduce analyst burden and improve response fidelity.
- Manage Sentinel data retention, table tiering (hot/cold/archive), and ingestion cost controls to balance coverage with operational budget.
- Develop and maintain custom KQL queries and workbooks to support threat hunting, control validation, and executive reporting.
- Coordinate with portfolio company security teams to extend Sentinel visibility where applicable; advise on log source onboarding for subsidiary environments.
Asset Management \& Vulnerability Prioritization (Armis)
- Administer and maintain Armis as the enterprise asset inventory platform, ensuring accurate and complete device discovery across managed, unmanaged, and OT/IoT asset classes.
- Partner with IT to validate asset data quality — reconciling Armis device records against authoritative sources (EntraID, CrowdStrike, CMDB) and driving remediation of gaps, duplicates, and stale records.
- Configure Armis policies, asset groupings, and network segmentation rules to support accurate risk scoring and operational context.
- Triage and prioritize vulnerabilities surfaced by Armis based on asset criticality, exposure, and exploitability; translate findings into actionable remediation assignments for IT and infrastructure teams.
- Track remediation progress against open vulnerability findings; maintain aging metrics and escalate stalled items through appropriate governance channels.
- Develop and maintain Armis dashboards and reports for security leadership covering asset coverage, vulnerability posture, and remediation velocity.
- Integrate Armis data into Microsoft Sentinel where applicable to enrich alert context with asset criticality and ownership information.
AI Platform Security Configuration
- Design and implement security controls for enterprise AI platform deployments including Claude (Anthropic) and ChatGPT (OpenAI).
- Configure operator-level system prompt policies, data handling restrictions, and usage governance for AI tools.
- Define acceptable use boundaries and configure enforcement mechanisms for AI tools across workforce segments.
- Assess new AI tool requests using a structured framework covering integration risk, access controls, and governance maturity.
- Stay current on AI platform security capabilities (API controls, admin console settings, audit log coverage) and apply updates proactively.
- Ensure AI platform audit logs are ingested into Sentinel and covered by appropriate detection use cases.
Required Qualifications
- Experience with an enterprise asset management or agentless discovery platform (Armis, Axonius, or equivalent); ability to assess data quality and drive remediation workflows in partnership with IT.
- Experience deploying and administering Microsoft Sentinel including data connector configuration, analytic rule development, and KQL query authoring.
- 5\+ years of hands-on security engineering experience in enterprise environments.
- Demonstrated proficiency configuring CrowdStrike Falcon including policy management, exclusions, and sensor deployment.
- Experience with Palo Alto Prisma Access or equivalent SASE/cloud-delivered security platform.
- Strong working knowledge of Microsoft EntraID, Conditional Access, and Active Directory administration.
- Familiarity with Box or comparable enterprise content platforms and associated security configuration.
- Ability to independently assess new application security architectures and produce structured risk outputs.
- Strong written communication skills; able to document policy rationale and technical decisions clearly.
Preferred Qualifications
- Prior experience configuring security controls for enterprise AI deployments (ChatGPT Enterprise, Claude for Enterprise, or equivalent).
- Exposure to PE-backed or multi-entity environments with portfolio-style oversight responsibilities.
- Relevant certifications: CISSP, CCSP, PCNSE (Palo Alto), Microsoft SC-200 (Sentinel/Defender), or vendor-specific CrowdStrike credentials.
- Familiarity with NIST CSF, SOC 2, or ISO 27001 control frameworks.
Tools/Platforms
- Armis (asset discovery, vulnerability prioritization, remediation tracking).
- Microsoft Sentinel (log ingestion, use cases, KQL, workbooks, playbooks).
- CrowdStrike Falcon (EDR, device control, vulnerability management).
- Palo Alto Prisma Access (SASE, ZTNA, URL filtering, SSL inspection).
- Microsoft EntraID (Conditional Access, PIM, SSO), Active Directory.
- Microsoft Office 365 (Exchange, Teams, SharePoint, Purview integration).
- Box (enterprise content platform, sharing controls, audit logging).
- Anthropic Claude (operator controls, API governance, enterprise deployment).
- OpenAI ChatGPT Enterprise (admin controls, data residency, usage policies).
Salary:
$200,000 - $250,000
Looking for more opportunities?
Browse thousands of graduate jobs and entry-level positions.