Corporate Security Engineer

Corporate Security Engineer

Docker has been one of the most loved brands in developer tooling, trusted by more than 20 million monthly users and over 20 billion container image pulls. From solo founders to the world's largest companies, developers rely on Docker to build, share, and run their applications across our suite of products including Docker Desktop, Docker Hub, and Docker Scout.

About the Team

We are a globally distributed, remote-first team building the tools that define how software gets built and delivered. As AI agents redefine software development, Docker is at the center of that shift, providing the sandboxed environments, verified images, and secure infrastructure that make autonomous workflows trustworthy by default.

Job Description

As a Corporate Security Engineer, you will be the primary technical owner of Docker's identity infrastructure, endpoint security, SaaS governance, and device compliance programs. You will work closely with the IT Operations, and GRC teams to design and implement the controls that keep Docker secure. This role offers the opportunity to build and mature security programs at a company whose products are trusted by millions of developers worldwide. You'll work in a technically challenging environment where your security expertise directly impacts both Docker's platform and the broader container ecosystem.

Responsibilities

• Own and continuously improve Docker's Identity and Access Management infrastructure, including SSO, MFA enforcement, lifecycle management, and access governance
• Discover, map inventory and conduct security reviews on third-party integrations and drive security improvements across our SaaS application ecosystem
• Secure and harden our core collaboration as well as documentation platforms, including email, document sharing, and communication tools
• Define and enforce device compliance policies across our corporate device fleet; own the end-to-end compliant device experience
• Mature a Zero Trust security model across corporate infrastructure, enforcing conditional access based on identity
• Establish and maintain an approved application governance program across desktop, browser, developer tooling, and third-party AI services, with appropriate monitoring and risk-based controls
• Contribute to the team's incident response capability, bringing corporate IT and identity expertise to investigations and remediation efforts
• Design and deploy canaries across our endpoint fleet, for increased visibility and early-warning capabilities
• Participate in the Security team on-