Corporate Security Engineer

About us:

Branch is on a mission to empower workers with financial freedom. We do this by helping companies accelerate payments and providing working Americans with accessible, free financial services. We’re committed to building and delivering more inclusive, transparent, and frictionless financial products.

Our goal of empowerment extends to our own employees, too. Have a great idea? Share it today and it might just get implemented tomorrow. As a member of our team, your voice and creativity matter—and they can directly impact our products, company, and culture.

We not only focus on attracting great talent from across the country, but also on building teams that help that talent thrive. That means valuing a diversity of opinions and working styles, while creating a shared belief in innovation, initiative, and winning together.

Come join our team as we develop new ways to improve the lives of working Americans.

About the role:

The Corporate Security Engineer is the dedicated owner of Branch’s endpoint security and insider risk programs. You will be responsible for keeping every Branch laptop, browser session, and corporate identity safe from external threats and inadvertent or malicious misuse — across a fully remote, fintech workforce.

In this role, you will operate and continuously mature our core corporate security stack — CrowdStrike Falcon for endpoint detection and response, ThreatLocker for application allowlisting and ringfencing, Island Enterprise Browser for managed web access and data egress controls, and Google Workspace for identity, mail, and collaboration security. You will partner closely with People Operations, Legal, and GRC to translate policy into enforced technical controls, investigate insider risk signals end-to-end, and respond to corporate-side security incidents in a measured, programmatic way.

This is the right role for a hands-on engineer who wants to own the corporate attack surface, build the insider risk function from a blueprint into a running program, and have visible impact on how a fast-moving fintech protects its workforce.

Responsibilities include, but are not limited to:

Endpoint Security & Engineering

• Own the day-to-day administration of CrowdStrike Falcon — prevention policies, detection tuning, custom IOAs, USB device control, and Real Time Response runbooks across the entire Branch endpoint fleet.
• Operate and mature ThreatLocker — build and maintain application allowlisting, ringfencing, storage control, and elevation policies; reduce learning-mode exceptions over time and drive measurable hardening progress.
• Administer Island Enterprise Browser — define and enforce browser-level policies for SaaS access, copy/paste, downloads, screenshot, and extension governance; align browser controls with insider risk and DLP objectives.
• Drive endpoint hardening and configuration baselines for macOS and Windows. MDM (Jam