Senior Staff Security Engineer, Corporate Security

About The Team

This role is within our Security organization and reports directly to the CISO. Our team partners closely with IT, GRC, and Legal teams to protect Outreach’s employees, devices, and corporate data. We build practical, scalable controls across endpoint security, email security, data protection, and identity—so the business can move fast without taking on unnecessary risk.

The Role

We’re seeking a Senior Staff Security Engineer to lead and evolve our Corporate Security program. In this role, you will own and drive outcomes across email security, endpoint security, vulnerability and patch management, and data loss prevention (DLP)—with supporting work across identity controls in Okta and Entra. You’ll operate as a hands-on technical leader who can set strategy, build durable controls, and partner effectively with stakeholders to reduce enterprise risk while improving employee experience.

· Own and continuously improve our email security posture, including configuration hardening, policy management, abuse reduction, and safe enablement of business workflows.

· Design, implement, and tune Data Loss Prevention (DLP) controls to reduce accidental and intentional data exposure across endpoints and collaboration workflows (e.g., email and file sharing).

· Lead the vulnerability and patch management program for corporate endpoints and back-office systems—defining SLAs, improving coverage and accuracy, and driving remediation with IT and system owners.

· Own our endpoint security strategy for workstations, including baseline hardening, AV/EDR coverage and tuning, and continuous improvements to device posture.

· Own and lead phishing and account compromise prevention for employees, including training, periodic phishing tests, and responding to reports.

· Partner with IT and Security teammates to strengthen identity security in Okta and Entra, focusing on practical controls like MFA enforcement, conditional access patterns, and reducing over-privilege.

· Operate and improve core security tooling (e.g., AV/EDR, vulnerability management, security awareness and phishing simulation platforms), and establish metrics that clearly communicate coverage, risk reduction, and operational health.

· Provide senior technical leadership: influence standards, write clear documentation and runbooks, and drive cross-functional execution without relying on incident response ownership as the operating model.

· 5+ years of experience in enterprise security / corporate security / IT security, with demonstrated ownership of endpoint and back-office security capabilities.

· Strong hands-on background in email security concepts and operations (policy design, controls tuning, and reducing phishing/business email compromise risk).

· Practical experience implementing and maintaining DLP and data protection controls in a way that balances risk reduction with employee productivity.

· Experience running vulnerability management and patch compliance programs: defining remediation SLAs, improving asset visibility, and partnering with IT/system owners to close findings.

· Experience with a modern, cloud-based, SaaS-centered environment.

· Hands-on experience with AV/EDR operations and endpoint hardening best practices for modern workstation fleets.

· Working knowledge of identity fundamentals and enterprise identity platforms (Okta and/or Entra), including MFA and conditional access patterns.

· Excellent stakeholder management and communication skills, with the ability to turn security requirements into clear, achievable engineering work across teams.