Enterprise Security Engineer

<div class="content-intro"><h2>Build to Protect Civilization</h2> <p>TRM is a blockchain intelligence company that’s on a mission to build a safer world for billions of people. We’re a lean, high-impact team tackling some of the world’s most critical challenges, ranging from human trafficking and financial fraud to terrorist financing. We are builders who power governments, financial institutions, and crypto companies when the clock is running and the consequences are real. This is why every TRMer is a bet on our future and has the power to change our trajectory.</p></div><p>At TRM, we're on a mission to build a safer financial system for billions of people around the globe. Our next-generation platform, which combines threat intelligence with machine learning, enables financial institutions and governments to detect cryptocurrency fraud and financial crime on an unprecedented scale.</p> <p>The Security team is responsible for and committed to securing all things at TRM. From our customers to our code, and everything in between, the security team is involved in all aspects of the business. We are looking for an Enterprise Security Engineer to join our growing team, laying the foundation for all things enterprise security. You’ll work on securing our corporate software, services, tooling, and infrastructure, having a critical part in our security posture at TRM.&nbsp;</p> <p><strong>Job Summary:</strong></p> <ul> <li>TRM’s Enterprise Security Team secures the identities, endpoints, and core SaaS infrastructure used by every employee and contractor, so the company can move fast without taking unnecessary risk. We operate at the intersection of IT and Security: building secure-by-default systems, automating controls, and reducing operational toil through engineering.</li> <li>We’re looking for an Enterprise IT &amp; Security Engineer to help harden and scale our corporate environment. You’ll design and ship identity, endpoint, and SaaS security improvements; codify controls using automation and infrastructure-as-code; and partner closely with Security, Compliance, and engineering teams to continuously raise the security baseline while preserving a great employee experience.</li> </ul> <p><strong>The impact you will have here:</strong></p> <ul> <li>Engineer secure-by-default endpoint baselines for macOS and Windows Endpoints, including encryption, firewall, application controls, device compliance, and configuration standards.</li> <li>Automate and scale identity and access controls in Entra ID and Google Workspace (SSO, SCIM, conditional access, privileged access workflows, access reviews, joiner/mover/leaver).</li> <li>Codify security controls as code (Terraform/configuration profiles/policy-as-code), with peer review, change history, testing/rollback, and measurable outcomes.</li> <li>Build and maintain automations and integrations (e.g., n8n/SlackOps/APIs/scripts) that reduce manual access grants, speed up control changes, and eliminate repetitive workflows.</li> <li>Harden SaaS and collaboration platforms by reducing unmanaged apps and enforcing strong authentication, least privilege, sharing controls, and data protection guardrails.</li> <li>Improve visibility and detection by ensuring logging coverage and telemetry for endpoint, identity, and key SaaS applications (e.g., Defender/Sentinel and vendor logs where relevant).</li> <li>Drive vulnerability and configuration drift reduction through patch compliance targets, remediation pipelines, and reporting that leadership can act on.</li> <li>Partner with compliance and risk stakeholders to produce evidence, document controls, and operationalize requirements without creating brittle, manual processes.</li> <li>Participate in an on-call rotation (every ~3 weeks) for escalations related to identity, endpoint security, and critical enterprise systems.</li> </ul> <p><strong>What we’re looking for:</strong></p> <ul> <li>Demonstrated experience engineering and scaling endpoint management (Jamf and/or Intune) and endpoint security controls for macOS and Windows.</li> <li>Strong IAM foundation: hands-on experience with Entra ID (conditional access, SSO, access governance) and Google Workspace and/or Microsoft 365 administration.</li> <li>Proven ability to automate real operational workflows using scripting and APIs (Bash, PowerShell, Python, etc.).</li> <li>Strong troubleshooting and systems thinking: able to diagnose issues across identity, endpoint, network controls, and SaaS integrations.</li> <li>Comfort balancing security and usability using a risk-based approach, communicating tradeoffs clearly to technical and non-technical stakeholders.</li> </ul> <p><strong>Strong Plus:</strong></p> <ul> <li>Working knowledge of operating Infrastructure-as-Code / configuration-as-code (Terraform preferred; policy-as-code/config profiles acceptable)</li> <li>Security Incident Response &amp; Countermeasures experience</li> <li>Security Operation Center experience</li> </ul> <p>&nbsp;</p> <div class="p-rich_text_section"><strong>The following represents the estimated range of compensation for this role:</strong></div> <ul class="p-rich_text_list p-rich_text_list__bullet p-rich_text_list--nested" data-stringify-type="unordered-list" data-list-tree="true" data-indent="0" data-border="0"> <li data-stringify-indent="0" data-stringify-border="0">Individual pay is determined by skills, qualifications, experience, and location. The compensation details listed in this posting reflect the US base salary only</li> <li data-stringify-indent="0" data-stringify-border="0">The estimated base salary range for this role is $120,000 - $140,000</li> <li data-stringify-indent="0" data-stringify-border="0">Additionally, this role may be eligible to participate in TRM’s equity plan.</li> <li data-stringify-indent="0" data-stringify-border="0">Please note – we factor in the different costs for geographies outside the United States.</li> </ul><div class="content-conclusion"><hr> <h3>Life at TRM</h3> <p>We build to protect civilization. That promise shows up in how we work every day.</p> <p>TRM runs fast. Really fast. We’re a high-velocity team that expects ownership, clarity, and follow-through. People who thrive here are inspired by hard problems, experimentation, direct feedback. If it takes months elsewhere, it often ships here in days. If you are optimizing primarily for consistent work-life balance, use the interview process to pressure-test fit. We want teammates who thrive here, not just survive here.</p> <p>We coach directly, assume positive intent, and play for the front of the jersey.</p> <h3>Leadership Principles</h3> <ul> <li>Impact-Oriented Trailblazer: We put customers first, driving for speed, focus, and adaptability.</li> <li>Master Craftsperson: We prioritize speed, high standards, and distributed ownership.</li> <li>Inspiring Colleague: We value humility, candor, and a one-team mindset.</li> </ul> <p>Want to learn more about how we interview at TRM Labs? Check out more about our leadership principles and hiring process <a href="https://www.trmlabs.com/resources/blog/interviewing-at-trm-how-we-hire-and-what-success-looks-like">here</a>.</p> <h3>What You’ll Do Here</h3> <p>This work has teeth. At TRM, your week might include:</p> <ul> <li>Driving critical investigations that can’t wait for typical business hours.</li> <li>Shipping products in days when others would schedule quarters.</li> <li>Partnering with teams across time zones to deliver insights while the story is still unfolding.</li> <li>Building new solutions from first principles when the playbook doesn’t yet exist.</li> <li>Protecting victims and customers by tracing illicit activity and disrupting criminal networks.</li> </ul> <h3>Join our Mission</h3> <p>We look for people who want their work to matter, who build with speed and rigor, and who take pride in protecting others through their craft. If you’re excited by TRM’s mission but don’t check every box, apply anyway. We hire for slope, judgment, and the will to learn fast.</p> <p>Build to protect civilization. Let’s do it together.</p> <p><strong>Recruitment agencies</strong></p> <p>TRM Labs does not accept unsolicited agency resumes. Please do not forward resumes to TRM employees. TRM Labs is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company without a signed agreement.</p> <p><strong>Privacy Policy</strong></p> <p>By submitting your application, you are agreeing to allow TRM to process your personal information in accordance with the&nbsp;<a href="https://www.trmlabs.com/policies/privacy-policy">TRM Privacy Policy</a></p> <p><strong>Learn More</strong>:&nbsp;<a href="https://www.trmlabs.com/culture">Company Values</a>&nbsp;|&nbsp;<a href="https://www.trmlabs.com/interviewing">Interviewing</a>&nbsp;|&nbsp;<a href="https://www.trmlabs.com/faq">FAQs</a></p></div>