Senior Enterprise Secruity Engineer

Responsibilities

• This role focuses on improving AI-adjacent security at Thumbtack, including the agents, identities, integrations, and data pipelines that modern AI systems depend on. It also covers broader security engineering work across the enterprise platforms and services that support them.
• Deliver high-quality security assessments and threat models for first-party and third-party AI tools, agents, and AI-integrated systems, ensuring they adhere to enterprise security principles and approved patterns, with sound authentication, authorization, data access, and observability by design.
• Harden IAM across the enterprise, with particular focus on the non-human and delegated identities behind AI systems (service accounts, agent credentials, SaaS-to-SaaS OAuth, and SCIM federation). Bring least-privilege and lifecycle hygiene to identities that increasingly act at machine speed.
• Mentor engineers and partner-team members, raising the overall security bar through guidance and example.
• Support security incident response and drive learning through post-incident analysis.
• In order to be successful, you must bring
• 6+ years of experience in security engineering, enterprise security, application security, cloud security, or a related field.
• Experience developing threat models and proposing technical guardrails for AI tooling and agentic systems, including non-human identities, tool/permission scoping, and safe defaults for agent beha

Additional Information

Thumbtack helps millions of people confidently care for their homes. Thumbtack is the one app you need to take care of and improve your home - from personalized guidance to AI tools and a best-in-class hiring experience. Every day in every county of the U.S., people turn to Thumbtack to complete urgent repairs, seasonal maintenance and bigger improvements. We help homeowners know which projects to do, when to do them and who to hire from our growing community of 300,000 local service businesses. If making an impact inspires you, join us. Imagine what we'll build together. About the Cyber Security Team The Security Engineering team at Thumbtack is focused on enabling innovation at scale by making the secure path the easiest path. We believe strong security is not a blocker to velocity, but a force multiplier when it is designed into systems, platforms, and developer workflows from the start. We partner closely with teams across the organization to shape system design, guide architectural decisions, and evolve Thumbtack's security posture as the company scales. Through collaboration, automation, and thoughtful tradeoffs, we help ensure Thumbtack can ship fast, innovate boldly, and maintain customer trust. The challenge AI is reshaping how work gets done at Thumbtack. Employees leverage AI assistants in their daily work and teams are building autonomous agents that act on their behalf - reading data, calling APIs, and making changes across enterprise systems. This introduces changes in the risk landscape. Identities now belong to agents and services as often as to people. Protocols like MCP are opening new pathways between AI and enterprise data. And the pipelines feeding AI systems cross more services, vendors, and trust boundaries than they have previously. The challenge is to evolve security controls to address these shifts in the technology and risk landscape driven by AI-adoption: hardening IAM for non-human and delegated identities, defining safe defaults for MCP servers and autonomous agents, and securing the data pipelines that feed AI systems. We package these controls as secure defaults, paved paths, and reusable patterns so teams can adopt them with confidence. The goal is straightforward - keep Thumbtack moving fast on AI while keeping customer and employee data protected.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Thumbtack? Share your experience