Senior Software Engineer, Endpoint Privilege Manager (EPM)

Description

Keeper Security is hiring a Senior Software Engineer to help build and scale our Endpoint Privilege Manager (KEPM/EPM) solution, enabling organizations to enforce least-privilege access and secure privilege elevation across endpoints. This is a 100% remote position, with an opportunity to work a hybrid schedule for candidates based in the Chicago, IL or El Dorado Hills, CA metro areas.

Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations globally. Keeper is published in 23 languages and is sold in over 150 countries. Join one of the fastest-growing cybersecurity companies and help deliver enterprise-grade endpoint privilege controls that reduce attack surface, prevent misuse of admin rights, and support audit and compliance requirements.

About Keeper

Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organizations and millions of people in over 150 countries. Keeper is a pioneer of zero-knowledge and zero-trust security built for any IT environment. Its core offering, KeeperPAM®, is an AI-enabled, cloud-native platform that protects all users, devices and infrastructure from cyber attacks. Recognized for its innovation in the Gartner Magic Quadrant for Privileged Access Management (PAM), Keeper secures passwords and passkeys, infrastructure secrets, remote connections and endpoints with role-based enforcement policies, least privilege and just-in-time access. Learn why Keeper is trusted by leading organizations to defend against modern adversaries at KeeperSecurity.com.

About the Role

As a Senior Software Engineer on the KEPM/EPM team, you will remain hands-on building core endpoint privilege capabilities from agent behavior and policy enforcement to elevation workflows, auditing, and integrations that support enterprise IT and MSP environments. You’ll work closely with Product and QA Automation to deliver features end-to-end, with a strong focus on secure systems engineering, reliability, and testability across Windows, macOS, and/or Linux.

Responsibilities

• Design, build, and maintain core KEPM/EPM capabilities, including policy evaluation, privilege enforcement, elevation workflows, and audit logging
• Develop and harden endpoint agent components (services/daemons, installers/updaters, local policy caching, secure IPC) with a focus on security, reliability, and performance
• Implement platform integrations and management-plane capabilities (APIs, admin workflows, telemetry) to support enterprise deployment, monitoring, and troubleshooting
• Partner with Product to review technical approaches, break down epics, and deliver incremental value through well-scoped releases
• Collaborate with QA Automation to expand test coverage (unit, integration, end-to-end), improve CI reliability, and build testable interfaces into agent and service components
• Participate in security reviews and threat modeling; remediate vulnerabilities and improve tamper resistance and abuse prevention
• Improve observability and diagnosability across components (structured logging, metrics, crash reporting, debug tooling)
• Participate in on-call and incident response as needed; contribute to postmortems and prevention measures

Requirements

• 5+ years of professional software engineering experience delivering production software
• Proficiency in one or more systems/backend languages such as C/C++, Rust, Go, C#/.NET, or Java, with the ability to work across a multi-language codebase
• Experience building system-level software (endpoint agents, desktop applications, services/daemons, security tooling, or device management components)
• Strong understanding of OS security concepts and privilege models (least privilege, process execution, access control, secure update/signing patterns)
• Experience debugging and optimizing complex software (concurrency, performance profiling, memory/threading issues)
• Experience building automated tests and working in CI/CD environments; strong engineering hygiene around code review, testing, and documentation
• Strong communication skills and ability to partner cross-functionally with Product, QA, and Security

Preferred Qualifications:

• Experience with endpoint privilege management, EDR/EPP, device management, or identity/security products
• Deep expertise in at least one endpoint OS ecosystem (Windows, macOS, or Linux) and its privilege/security model (services/daemons, elevation flows, packaging, and code signing)
• Experience designing policy engines (rules evaluation, precedence, auditability, and explainability)
• Familiarity with enterprise identity and integrations (SAML, OIDC, SCIM) and/or IT admin tooling and workflows (RMM/PSA, scripting, software deployment)
• Exposure to secure SDLC practices and compliance-minded engineering (e.g., SOC 2, FedRAMP, NIST)

Benefits

• Medical, Dental & Vision (inclusive of domestic partnerships)
• Employer Paid Life Insurance & Employee/Spouse/Child Supplemental Life
• Voluntary Short/Long Term Disability Insurance
• 401K (Roth/Traditional)
• A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc.)
• Above-market annual bonuses
  

Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Classification: Exempt