Email Authentication Engineer (SPF / DMARC / DKIM)

About The Position

Requirements

• Must have working knowledge of Mimecast DMARC, DNS provider portals, M365Working knowledge of laboratory safety
• Practical experience working with SPF, DMARC, and DKIM across multiple domains.
• Strong understanding of Public DNS management.
• Experience with M365 / Exchange Online mail flow.
• Able to follow provided security guidance and apply it consistently across domains.
• Solid troubleshooting skills, especially around email authentication and alignment issues.
• This is a hybrid role located in Duarte, CA , requiring employees to work onsite several days per week. Applicants must be able to reliably commute to the Duarte office on required in-office days. Remote-only candidates will not be considered.

Responsibilities

• Review a provided list of domains and examine their current DNS records (SPF, DMARC, DKIM, MX, etc.).
• Identify which domains are actively sending or receiving email.
• Update Public DNS records based on internal guidance for how each domain should be secured.
• Implement or correct: SPF records, ensuring only approved senders are included.
• DMARC policies, configured with Mimecast reporting.
• DKIM records and selector publishing where required.
• Validate authentication results using Mimecast DMARC Analyzer and message header checks.
• Flag any unauthorised or misconfigured senders and help remediate them.
• Progress domains towards stronger DMARC policies (quarantine → reject) as appropriate.
• Provide clear documentation of changes and a simple handover at project completion.