Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 4
TypeScript @ 4
Python @ 4
JavaScript @ 4
API @ 4
Audit @ 4
Compliance @ 4
Observability @ 4
AI @ 4
ClickHouse @ 4
Change Management @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
About ClickHouse
Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast-growing private cloud companies. With more than 3,000 customers and ARR that has grown over 250 percent year over year, ClickHouse leads the market in real-time analytics, data warehousing, observability, and AI workloads.
The Security organization at ClickHouse is built around a single mission: build customer trust through resilient, pragmatic security. We are establishing a new, centralized Security Automation capability — a dedicated function responsible for delivering automation work across all product lines and engineering dimensions at ClickHouse, acting as a technical force multiplier for our Security, Identity, and GRC functions.
Role overview
You will be an experienced Senior Security Automation Engineer responsible for building the underlying automation fabric that allows Security teams to scale. You will build a Universal Provisioning Engine and custom integration layers to satisfy external auditors while keeping internal teams focused on shipping features. The role focuses on continuous compliance, identity provisioning automation, security telemetry, and extending compliance tools into proprietary applications.
Location: United States (remote)
Responsibilities
Build the Security Telemetry and Risk Fabric
- Translate control frameworks into layered control implementations to prevent and detect risks.
- Engineer a centralized security telemetry system to capture control evidence and health in real-time (continuous data streams vs manual snapshots).
- Implement custom assurance logic that acts as a continuous audit to minimize findings and provide real-time insights into automated control performance.
- Partner with risk management to build mechanisms for agentic risk assessment workflows.
Architect Universal Identity and Access Automation
- Architect universal provisioning connectors for systems that lack native IGA support (proprietary databases, custom apps, niche SaaS) to enable automated account creation and de-provisioning.
- Design high-trust, customer-approved access workflows for support teams with time-bound, automatically revoked access.
- Centralize visibility for permissions to create a single observable permissions inventory across applications.
- Develop automation for continuous discovery and inventory of secrets, credentials, and API keys with aging and rotation tracking.
- Ensure automated de-provisioning to eliminate ghost accounts and persistent permissions across target systems.
Partner Across Security, Engineering, and Product
- Work with GRC, Finance, and Security to build custom, robust automation to meet different audit frameworks.
- Reduce manual provisioning workflows that create operational friction and interrupt engineering teams.
Requirements
Security & Automation Engineering Depth
- Strong hands-on background in security automation and identity engineering (IAM/IGA).
- Strong proficiency in at least one commonly used programming language to build scalable automation. Experience with Python, JavaScript (TypeScript highly preferred), or Go is required.
- Experience building scalable and reliable automation ecosystems.
- Familiarity with compliance automation, continuous control monitoring, and extending GRC tools to satisfy compliance frameworks.
- Understanding of risks associated with change management, logical access, and data integrity.
Execution and Delivery
- Demonstrated ability to translate complex security/GRC mandates into automated workflows and self-healing guardrails.
- Strong instincts for eliminating operational friction and reducing engineering interruptions.
- Experience delivering continuous data streams for security posture and risk validation.
Bonus
- BS, MS, or PhD in Computer Science or related field.
- Previous experience at a cloud infrastructure, database, or developer tools company.
- Experience with AI/agentic risk engines and non-deterministic risk assessments.
Compensation
- Typical US starting salary: $125,000 - $174,000 USD
- Typical US Premium Markets starting salary (e.g., San Francisco Bay Area, New York City Metro): $157,000 - $205,000 USD
These ranges reflect the employer's current view of minimum and maximum pay for this role; actual compensation may vary based on experience, qualifications, location, and other factors.
Perks
- Flexible work environment (globally distributed and remote-friendly).
- Employer contributions towards healthcare.
- Equity (stock options) for new employees.
- Flexible time off in the US; generous entitlement in other countries.
- $500 home office setup for remote employees.
- Global gatherings and company-wide offsites.
Equal Opportunity & Privacy
ClickHouse provides equal employment opportunities and prohibits discrimination and harassment. For the applicant privacy statement, see the company's privacy notice link in the original posting.