Note: The job is a remote job and is open to candidates in USA. ClickHouse is a rapidly growing cloud company recognized on the 2025 Forbes Cloud 100 list, focusing on real-time analytics and AI workloads. The Senior Security Automation Engineer will develop automation solutions to enhance security processes and compliance, ensuring efficient identity management and risk assessment.
Responsibilities
- Control Design: Translate control frameworks into layered control implementations that prevent risks from being exploited and detect possible weaknesses within control design. Shift from reactive monitoring to self-healing security, preventing compliance drift before it becomes an audit finding
- Security Telemetry: Engineer a centralized security telemetry system that programmatically captures control evidence and health in real-time, transitioning from manual snapshots to continuous data streams for an 'always-on' view of our security posture
- Custom Assurance Logic: Engineer specialized automation that acts as its own continuous audit function to minimize findings and provide real-time insights into our automated control performance. Extend visibility into our proprietary applications and complex internal workflows, ensuring our most critical controls are continuously validated
- Agentic Risk Engine: Partner with our risk management function to build a secure mechanism to generate agentic risk assessments workflows using the data and results from what is collected
- Universal Provisioning Connectors: Architect solutions for systems that lack native IGA support (proprietary databases, custom apps, and niche SaaS) to ensure instant account creation and de-provisioning—eliminating tickets, wait-times, and providing maximum observability into the state of Clickhouse identities
- Customer-Approved Access Workflows: Architect the complex, high-trust workflows required for support teams to access customer-specific instances, ensuring actions are customer-approved, strictly time-bound, and automatically revoked via a 'Trust-by-Design' model
- Centralized Security Visibility: Transition 'hidden' access managed by disparate business units into a single, observable permissions inventory, gaining 100% visibility into permissions at the authZ level across our full suite of applications
- Automated Secret Discovery & Inventory: Develop automation to continuously discover and inventory secrets, credentials, and API keys throughout the environment, providing aging and rotation intervals for long lived keys
- Eliminate 'Ghost Accounts': Mitigate audit risks by ensuring automated de-provisioning for local identities, API keys, and persistent permissions across all target systems
- Work in tandem with GRC, Finance, and Security to build custom, bulletproof automation for compliance with different audit frameworks
- Eliminate the 'Productivity Anchor' by removing manual provisioning workflows that slow down projects and flood teams with low-value administrative tickets
Skills
- Strong hands-on background in security automation and identity engineering (IAM/IGA)
- Strong proficiency in at least one commonly used programming language to build scalable automation. Experience with Python, JavaScript (TypeScript highly preferred), or Go is required
- Experience building scalable and reliable automation ecosystems
- Familiarity with compliance automation, continuous control monitoring, and extending GRC tools to meet the granular requirements of a variety of compliance frameworks
- Understanding of risks associated with change management, logical access, and data integrity
- Demonstrated ability to translate complex security/GRC mandates into automated workflows and self-healing technical guardrails
- Strong instincts for eliminating operational friction and the engineering 'interruption tax.'
- Experience delivering continuous data streams for security posture and risk validation
- BS, MS, or PhD in Computer Science or related field
- Previous experience at a cloud infrastructure, database, or developer tools company
- Experience with AI/Agentic risk engines and non-deterministic risk assessments
Benefits
- Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in over 20 countries.
- Healthcare - Employer contributions towards your healthcare.
- Equity in the company - Every new team member who joins our company receives stock options.
- Time off - Flexible time off in the US, generous entitlement in other countries.
- A $500 Home office setup if you’re a remote employee.
- Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites.
Company Overview
Company H1B Sponsorship