Job Description
At Docker, we make app development easier so developers can focus on what matters. Our remote‑first team spans the globe, united by a passion for innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is the #1 tool for building, sharing, and running apps—trusted by startups and Fortune 100s alike. We’re growing fast and just getting started. Come join us for a whale of a ride!
As a
Corporate Security Engineer,
you will be the primary technical owner of Docker's identity infrastructure, endpoint security, SaaS governance, and device compliance programs. You will work closely with the IT Operations, and GRC teams to design and implement the controls that keep Docker secure.
This role offers the opportunity to build and mature security programs at a company whose products are trusted by millions of developers worldwide. You'll work in a technically challenging environment where your security expertise directly impacts both Docker's platform and the broader container ecosystem.
Responsibilities:
Own and continuously improve Docker's Identity and Access Management infrastructure, including SSO, MFA enforcement, lifecycle management, and access governance
Discover, map inventory and conduct security reviews on third‑party integrations and drive security improvements across our SaaS application ecosystem
Secure and harden our core collaboration as well as documentation platforms, including email, document sharing, and communication tools
Define and enforce device compliance policies across our corporate device fleet; own the end‑to‑end compliant device experience
Mature a Zero Trust security model across corporate infrastructure, enforcing conditional access based on identity
Establish and maintain an approved application governance program across desktop, browser, developer tooling, and third‑party AI services, with appropriate monitoring and risk‑based controls
Contribute to the team's incident response capability, bringing corporate IT and identity expertise to investigations and remediation efforts
Design and deploy canaries across our endpoint fleet, for increased visibility and early‑warning capabilities
Participate in the Security team on‑call rotation by managing detection and response to security events
Own and continuously improve employee lifecycle security processes, ensuring robust controls at both onboarding and offboarding
Maintain IT security evidence and documentation supporting compliance with SOC2 and ISO 27xxx
Take part in on‑call rotation for your team; respond to incidents, debug production issues, and drive continuous improvement of system reliability
Qualifications
6+ years in IT systems engineering with emphasis on automation, and hands‑on experience in identity access management, and security best practices
Deep hands‑on expertise with Enterprise IdP (SSO, MFA, lifecycle management, groups, API automation)
Strong experience securing Google Workspace at an admin level
Experience with MDM solutions and endpoint hardening
Solid understanding of OAuth, SAML, OIDC, and modern identity and access patterns
Experience governing SaaS applications at scale: inventory, risk assessment, integration audits
Scripting or automation skills (Golang, Python, Bash, Terraform, or similar) for API integration work
Ability to write and own technical design documents and risk assessments
Strong cross‑functional communication — able to work effectively with GRC, IT, legal, and non‑technical stakeholders
Experience with compliance frameworks such as SOC2 or ISO 27xxx
Bonus
Experience with Zero‑Trust Network Access solutions (ZTNA) and Endpoint Detection and Response (EDR) tooling
Familiarity with canary/deception‑based detection techniques
Experience implementing Just‑in‑Time (JIT) access patterns and identity‑as‑code practices
Experience with implementing and rolling out Data Leak Prevention (DLP) solutions
What to expect
First 30 days:
Meet the Security, IT, and GRC teams
Build a clear picture of Docker's tooling stack, security posture, and existing gaps
Audit current identity, endpoint, and SaaS configurations to form an initial risk‑prioritized view of the landscape
Get up to speed on the Corporate IT Security backlog and begin contributing to active work
Gain access to team owned systems, and internal documentation
Complete security awareness training and compliance onboarding
Familiarize oneself with team workflows and processes
Shadow a fellow security engineer during their on‑call rotation
First 90 days:
Deliver a risk‑classified SaaS and integration inventory with a clear remediation roadmap
Lead the first phase of identity infrastructure improvements, including access governance
Begin hardening core collaboration platforms with a focus on the highest‑risk configurations
Actively participate in architecture design reviews with the team
Be the Tech Lead for a Corporate Security initiative
Enhance incident response capabilities by participating in on‑call rotation and post‑incident activities
Create and maintain security documentation and runbooks
One Year Outlook
Identity infrastructure is rationalized and improved with most of access governance being automated
Clear security baseline for corporate devices with metrics tracking on compliance
SaaS governance is an ongoing, repeatable process – risks documented and accepted or remediated
Deception‑based detection controls are live on endpoints in collaboration
Enhance security monitoring and anomaly detection
Support audits and ensure compliance with SOC 2, ISO 27xxx
Advocate for security best practices in enterprise system management
Lead security awareness campaigns and company‑wide security events
Docker does not offer visa sponsorship for this role.
We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 13, 2024.
Please see the independent bias audit report covering our use of Covey.
Perks
Freedom & flexibility; fit your work around your life
Designated quarterly Whaleness Days plus end of year Whaleness break
Home office setup; we want you comfortable while you work
16 weeks of paid parental leave
Technology stipend equivalent to $100 net/month
PTO plan that encourages you to take time to do the things you enjoy
Training stipend for conferences, courses and classes
Equity; we are a growing start‑up and want all employees to have a share in the success of the company
Docker Swag
Medical benefits, retirement and holidays vary by country
Remote‑first culture, with offices in Seattle and Paris
Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.
#LI-REMOTE
#J-18808-Ljbffr
