Corporate Security Engineering Manager

Onebrief is collaboration and AI-powered workflow software designed specifically for military staffs. By transforming this work, Onebrief makes the staff as a whole superhuman - meaning faster, smarter, and more efficient.

We take ownership, seek excellence, and play to win with the seriousness and camaraderie of an Olympic team. Onebrief operates as an all-remote company, though many of our employees work alongside our customers at military commands around the world.

Founded in 2019 by a group of experienced planners, today, Onebrief’s team spans veterans from all forces and global organizations, and technologists from leading-edge software companies. We’ve raised $320m+ from top-tier investors, including Battery Ventures, General Catalyst, Sapphire Ventures, Insight Partners, and Human Capital, and today, Onebrief is valued at $2.15B. With this continued growth, Onebrief is able to make an impact where it matters most.

We're hiring a Corporate Security Engineering Manager to lead our Corporate Security Engineering team. This is a strategic role focused on the security posture of the Corporate IT environment.

You'll report to our Director of Corporate IT & Security and work closely with Corporate IT, GRC, and application owners to ensure the secure deployment of corporate SaaS and installed applications. This role blends hands-on security engineering leadership with program-level ownership of configuration standards, vulnerability management oversight, SaaS security governance, and control automation. You will balance day-to-day team leadership with long-term architectural improvements that strengthen compliance posture and reduce operational friction. You’ll help ensure the corporate environment is securely configured by default, continuously monitored for drift, and aligned to CMMC 2.0 and NIST 800-53 requirements—while driving measurable improvements in tooling coverage, enforcement consistency, and audit defensibility.

We’re looking for someone who is a steady, experienced security engineering leader who can build and run a high-performing continuous monitoring and configuration enforcement function—someone who brings structure to baseline management, drives automation to prevent drift, and ensures corporate systems and commercial infrastructure remain securely configured and audit-ready by default.

You are an experienced security engineering leader who understands that durable security comes from enforceable baselines and thoughtful automation—not one-off fixes. You have led systems engineers before and know how to create clarity around ownership, configuration standards, and measurable outcomes. You are comfortable reviewing architectures, approving secure deployment patterns, and making risk-based decisions about technical controls.

You think in systems. You understand endpoint security, SaaS configuration management, identity hardening, Zero-Trust infrastructure, GRC, and vulnerability scanning as interconnected components of a cohesive enterprise security program. You know how to align technical control implementation with frameworks like CMMC 2.0 and NIST 800-53, and you ensure documentation and evidence are clean, defensible, and audit-ready.

You are structured, accountable, and automation-minded. You push for drift detection, configuration enforcement, and scalable solutions that reduce manual effort while improving coverage and reliability.

Own the strategy and maturity roadmap for corporate security engineering, including baseline configuration standards, vulnerability management oversight, SaaS security governance, and automation priorities. Define what “secure by default” means across corporate systems and commercial infrastructure.

Lead and develop the Vulnerability Management Specialist and System Security Engineers through coaching, structured feedback, and clear technical ownership boundaries. Remove blockers, clarify priorities, and ensure the team focuses on high-impact risk reduction work.

Strengthen configuration enforcement, reduce security drift, and improve automation across endpoints, SaaS platforms, browsers, identity systems, and enterprise tooling. Ensure vulnerability management processes are consistent, measurable, and aligned to defined SLAs.

Partner with Security Operations, IT, Engineering, and Compliance to ensure corporate systems and commercial infrastructure are deployed securely and remain compliant with regulatory requirements. Provide technical control guidance during system rollouts and risk discussions.

Establish structured workflows for baseline reviews, configuration drift monitoring, vulnerability remediation oversight, and POA&M tracking. Maintain documentation, control mappings, and evidence collection processes that improve audit readiness and operational clarity.

• 6–10+ years of experience in security engineering, systems security, or enterprise security architecture

• 2+ years leading engineers or technical security teams

• Hands-on experience with endpoint security tooling (e.g., MDM platforms, browser enterprise management, secure web gateways such as Zscaler)

• Strong experience implementing and enforcing configuration baselines aligned to NIST 800-53, CMMC 2.0, DISA STIGs, or similar frameworks

• Experience overseeing or operating vulnerability management programs and defining remediation SLAs

• Demonstrated experience driving automation to prevent configuration drift and improve control coverage

• Strong understanding of SaaS security configuration, identity hardening, and enterprise access controls

• Experience partnering with Compliance teams to provide audit evidence and defensible documentation

• Proven ability to translate regulatory requirements into enforceable technical controls

• Sound judgment, strong technical credibility, and the ability to balance enforcement with enablement

Security & Privacy Roles and Responsibilities

• Act as the technical control owner for corporate security engineering functions.

• Ensure protection of the confidentiality, integrity, and availability of corporate systems and infrastructure through enforced configuration standards and control automation.

• Ensure security configurations and vulnerability remediation activities support regulatory and privacy commitments, including CMMC 2.0 and NIST 800-53.

• Ensure configuration data, vulnerability data, and remediation evidence are accurate, access-controlled, and retained in accordance with policy.

• Enforce secure-by-default deployment patterns and monitor for configuration drift across enterprise systems.

• Participate in risk evaluation and risk acceptance discussions, escalating unresolved technical risks to the Director of Corporate Security & IT.

• Ensure engineering staff follow established change management, documentation, and evidence preservation standards.

Notice to Third Party Recruitment Agencies
Please note that Onebrief does not accept unsolicited resumes from recruiters or employment agencies. In the absence of an executed Recruitment Services Agreement, there will be no obligation to any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without an agreement Onebrief explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, shall be deemed the property of Onebrief.