Search all jobs
Browse jobs › Senior Security Automation Engineer

Senior Security Automation Engineer

Clickhouse · United States (remote) · Posted Jul 6, 2026

Apply on company site   Track it in JobSkout

About ClickHouse

Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast-growing private cloud companies. With more than 3,000 customers and ARR that has grown over 250 percent year over year, ClickHouse leads the market in real-time analytics, data warehousing, observability, and AI workloads.

The company’s sustained, accelerating momentum was recently validated by a $400M Series D financing round. Over the past three months, customers including Capital One, Lovable, Decagon, Polymarket, and Airwallex have adopted the platform or expanded existing deployments. These customers join an established base of AI innovators and global brands such as Meta, Cursor, Sony, and Tesla.

We’re on a mission to transform how companies use data. Come be a part of our journey!

The Security organization at ClickHouse is built around a single mission: build customer trust through resilient, pragmatic security. We are establishing a new, centralized Security Automation capability—a dedicated function responsible for delivering automation work across all product lines and engineering dimensions at ClickHouse, acting as a technical force multiplier for our Security, Identity, and GRC functions.

This capability exists to solve a real problem: as we scale and mature, we must move beyond manual evidence gathering, point-in-time audits, and disconnected identity workflows. We are creating a focused, empowered team that owns security and identity automation end-to-end—from architecture and design through to implementation and delivery.

About the role

We are looking for an experienced Senior Security Automation Engineer to build the underlying automation fabric that allows our Security teams to scale. You will build a Universal Provisioning Engine and custom integration layers that satisfy external auditors while keeping internal teams focused on shipping features.

You will eliminate the engineering "interruption tax," provide leadership with a real-time, data-driven view of our risk posture, and ensure continuous compliance with zero audit surprises. By solving the "Last-Mile Gap" in identity provisioning and extending compliance tools into our proprietary applications, you will ensure our most critical controls are continuously validated with programmatic precision.

What you will do:

Build the Security Telemetry and Risk Fabric

Control Design: Translate control frameworks into layered control implementations that prevent risks from being exploited and detect possible weaknesses within control design. Shift from reactive monitoring to self-healing security, preventing compliance drift before it becomes an audit finding.

Security Telemetry: Engineer a centralized security telemetry system that programmatically captures control evidence and health in real-time, transitioning from manual snapshots to continuous data streams for an 'always-on' view of our security posture.

Custom Assurance Logic: Engineer specialized automation that acts as its own continuous audit function to minimize findings and provide real-time insights into our automated control performance. Extend visibility into our proprietary applications and complex internal workflows, ensuring our most critical controls are continuously validated.

Agentic Risk Engine: Partner with our risk management function to build a secure mechanism to generate agentic risk assessments workflows using the data and results from what is collected.

Architect Universal Identity and Access Automation

Universal Provisioning Connectors: Architect solutions for systems that lack native IGA support (proprietary databases, custom apps, and niche SaaS) to ensure instant account creation and de-provisioning—eliminating tickets, wait-times, and providing maximum observability into the state of Clickhouse identities.

Customer-Approved Access Workflows: Architect the complex, high-trust workflows required for support teams to access customer-specific instances, ensuring actions are customer-approved, strictly time-bound, and automatically revoked via a "Trust-by-Design" model.

Centralized Security Visibility: Transition "hidden" access managed by disparate business units into a single, observable permissions inventory, gaining 100% visibility into permissions at the authZ level across our full suite of applications.

Automated Secret Discovery Inventory: Develop automation to continuously discover and inventory secrets, credentials, and API keys throughout the environment, providing aging and rotation intervals for long lived keys.

Eliminate "Ghost Accounts": Mitigate audit risks by ensuring automated de-provisioning for local identities, API keys, and persistent permissions across all target systems.

Partner Across Security, Engineering and Product

Work in tandem with GRC, Finance, and Security to build custom, bulletproof automation for compliance with different audit frameworks.

Eliminate the "Productivity Anchor" by removing manual provis…

Apply on company site