Who you are

• 6+ years in IT systems engineering with emphasis on automation, and hands-on experience in identity access management, and security best practices
• Deep hands-on expertise with Enterprise IdP (SSO, MFA, lifecycle management, groups, API automation)
• Strong experience securing Google Workspace at an admin level
• Experience with MDM solutions and endpoint hardening
• Solid understanding of OAuth, SAML, OIDC, and modern identity and access patterns
• Experience governing SaaS applications at scale: inventory, risk assessment, integration audits
• Scripting or automation skills (Golang, Python, Bash, Terraform, or similar) for API integration work
• Ability to write and own technical design documents and risk assessments
• Strong cross-functional communication — able to work effectively with GRC, IT, legal, and non-technical stakeholders
• Experience with compliance frameworks such as SOC2 or ISO 27xxx
• Experience with Zero-Trust Network Access solutions (ZTNA) and Endpoint Detection and Response (EDR) tooling
• Familiarity with canary/deception-based detection techniques
• Experience implementing Just-in-Time (JIT) access patterns and identity-as-code practices
• Experience with implementing and rolling out Data Leak Prevention (DLP) solutions

What the job involves

• As a Corporate Security Engineer, you will be the primary technical owner of Docker's identity infrastructure, endpoint security, SaaS governance, and device compliance programs. You will work closely with the IT Operations, and GRC teams to design and implement the controls that keep Docker secure
• This role offers the opportunity to build and mature security programs at a company whose products are trusted by millions of developers worldwide. You'll work in a technically challenging environment where your security expertise directly impacts both Docker's platform and the broader container ecosystem
• Own and continuously improve Docker's Identity and Access Management infrastructure, including SSO, MFA enforcement, lifecycle management, and access governance
• Discover, map inventory and conduct security reviews on third-party integrations and drive security improvements across our SaaS application ecosystem
• Secure and harden our core collaboration as well as documentation platforms, including email, document sharing, and communication tools
• Define and enforce device compliance policies across our corporate device fleet; own the end-to-end compliant device experience
• Mature a Zero Trust security model across corporate infrastructure, enforcing conditional access based on identity
• Establish and maintain an approved application governance program across desktop, browser, developer tooling, and third-party AI services, with appropriate monitoring and risk-based controls
• Contribute to the team's incident response capability, bringing corporate IT and identity expertise to investigations and remediation efforts
• Design and deploy canaries across our endpoint fleet, for increased visibility and early-warning capabilities
• Participate in the Security team on-call rotation by managing detection and response to security events
• Own and continuously improve employee lifecycle security processes, ensuring robust controls at both onboarding and offboarding
• Maintain IT security evidence and documentation supporting compliance with SOC2 and ISO ISO 27xxx
• Take part in on-call rotation for your team; respond to incidents, debug production issues, and drive continuous improvement of system reliability
• First 30 days:
• Meet the Security, IT, and GRC teams
• Build a clear picture of Docker's tooling stack, security posture, and existing gaps
• Audit current identity, endpoint, and SaaS configurations to form an initial risk-prioritized view of the landscape
• Get up to speed on the Corporate IT Security backlog and begin contributing to active work
• Gain access to team owned systems, and internal documentation
• Complete security awareness training and compliance onboarding
• Familiarize oneself with team workflows and processes
• Shadow a fellow security engineer during their on-call rotation
• First 90 days:
• Deliver a risk-classified SaaS and integration inventory with a clear remediation roadmap
• Lead the first phase of identity infrastructure improvements, including access governance
• Begin hardening core collaboration platforms with a focus on the highest-risk configurations
• Actively participate in architecture design reviews with the team
• Be the Tech Lead for a Corporate Security initiatives
• Enhance incident response capabilities by participating in on-call rotation and post-incident activities
• Create and maintain security documentation and runbooks
• One Year Outlook
• Identity infrastructure is rationalized and improved with most of access governance being automated
• Clear security baseline for corporate devices with metrics tracking on compliance
• SaaS governance is an ongoing, repeatable process - risks documented and accepted or remediated
• Deception-based detection controls are live on endpoints in collaboration
• Enhance security monitoring and anomaly detection
• Support audits and ensure compliance with SOC 2, ISO 27xxx
• Advocate for security best practices in enterprise system management
• Lead security awareness campaigns and company-wide security events

Benefits

• 100% company paid medical premiums for employees and dependents
• Flexible Time Off Policy
• “Whaleness” Days — At least 1 company wide day off per month
• Employer Paid Holidays
• Generous Maternity and Parental Leave
• Home Office Set Up Budget
• Monthly Technology Stipend
• Training Allowances
• Life and Disability Insurance
• Retirement Plans
• Virtual and In-Person Social Events
• Docker Swag
• Quarterly Hackathons
• Virtual Coffee with Co-Workers