Senior Security Engineer

What You'll Do

• Drive the evolution of Spotify's enterprise security program by identifying gaps, proposing improvements, and implementing changes that balance strong security with a frictionless employee experience

• Design and build security automation, integrations, and internal tooling to scale enterprise security and reduce manual toil.

• Collect and analyze high-quality security data to improve detection capabilities and generate data-driven insights that shape the direction of the enterprise security program

• Define and implement security hardening, guardrails and policies for enterprise applications and SaaS platforms.

• Partner with Site Reliability, IT, and other Security teams to provide expert guidance on enterprise security best practices and drive meaningful improvements to systems and processes.

• Investigate, propose and implement changes to Spotify’s Enterprise Security posture across domains including: IAM, Single Sign-on, Endpoint Management, and Networking.

• Lead governance and oversight of enterprise security tooling, including password managers and enterprise browsers.

• Champion and enforce enterprise security best practices across endpoints, enterprise products, and network infrastructure, advising bandmates and teams along the way.

• Collaborate closely with IT, infrastructure, legal and communications to ensure a coordinated approach to enterprise security.

• Mentor and support the growth of engineers around you, raising the security bar across the organization.

Who You Are

• You have several years of experience in enterprise security at fast moving technology companies. Alternatively, you have deep expertise in enterprise systems engineering and are ready to transition into a security-focused career.

• You have demonstrated experience applying enterprise security principles across IAM, SSO, networking, and device management, and you understand how these domains interrelate to form a cohesive security foundation.

• You can think like an attacker and understand how to identify risks and implement countermeasures against threats that span identity, endpoint, network, and cloud boundaries.

• You have a solid understanding of the risks introduced by agentic AI in an enterprise context and you are eager to get hands-on identifying and mitigating these risks in our environment.

• You actively leverage AI tooling to augment your own work and are eager to explore how emerging AI capabilities can be applied to enterprise security challenges.

• You can critically evaluate tools, practices and procedures, and you're willing to advocate for improvements and change when you see opportunities or risk.   

• You have an understanding of the current threat landscape, and want to be part of a team creating and implementing state of the art security solutions in a SaaS-driven enterprise environment.

• You communicate complex security topics clearly to both technical and non-technical audiences, and you're skilled at building alignment across a global, cross-functional organization.

• You thrive in a flexible environment with broad scope and you're energized by the freedom to innovate and challenge conventional security thinking.