IT Security Engineer

Brain Co.•San Francisco, CA

3d•Hybrid

About The Position

Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world’s most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. We are looking for leaders who want to help bring new technology into institutions that impact millions of people. As our IT Engineer, you'll own the corporate technology layer end-to-end — identity and access management, SaaS tooling, device security, and the employee-facing systems that keep a fast-growing company running safely. This is a high-ownership role at the intersection of IT engineering and corporate security: you'll own the IT execution across identity, access, device, and SaaS — contributing directly to security programs like SOC 2 and Zero Trust — while also serving as the first line of support for our team's day-to-day needs. You'll work closely with Security, HR, and Engineering to build the operational foundation that lets Brain Co. scale without sacrificing security or employee experience.

Requirements

4+ years of experience in IT engineering, corporate security, or a combined IT/SecOps role with hands-on ownership of identity and SaaS environments.
Deep, practical experience with Okta — SSO configuration, lifecycle management, MFA policies, and group-based provisioning.
Experience building or managing HRIS/IT integrations and understanding how provisioning pipelines work across HR, identity, and downstream SaaS tools.
Experience running access reviews and understanding what SOC 2 access control evidence looks like — logs, approval chains, audit trails.
Comfortable in the command line and can write scripts (Terraform, Python, Bash, or similar) to automate repetitive IT work.
Experience supporting end users at a fast-moving company and know how to balance velocity with security without being a blocker.
Think in terms of systems and workflows, not just tickets — you look for root causes and build durable fixes.
Thrive in ambiguous, high-agency environments and want to own a function, not just execute tasks.

Nice To Haves

Hands-on experience with Rippling or a similar HRIS platform.
Familiarity with MDM platforms (Jamf, Kandji, or Intune) for Mac and Windows fleets.
Experience with Google Workspace administration and security hardening.
Prior work at a startup where you wore both IT and security hats simultaneously.

Responsibilities

Own our Okta environment and consolidate SSO: migrations, managing provisioning, lifecycle automation, and federation across all departments.
Implement and improve our 3-tier access entitlement model: auto-grant for Tier 1, manager approval for Tier 2, manager + security approval for Tier 3.
Build and operationalize HRIS-triggered provisioning and offboarding automation across our identity and SaaS stack.
Support access review programs and contribute to SOC 2 compliance efforts — maintaining audit trails, approval chains, and provisioning logs.
Contribute to Zero Trust and endpoint security initiatives: device trust, EDR integration, MDM, and least-privilege access across corporate and BYOD devices.
Drive SaaS hygiene across our tooling estate — shadow IT discovery, configuration hardening, and data classification in partnership with the security team.
Build the integrations and automation that eliminate manual IT work — connecting identity, HRIS, and SaaS tooling into scalable provisioning workflows.
Own the access request process end-to-end, and maintain the runbooks, documentation, and self-service resources that keep the team unblocked.
Partner on IT support for a 70+ person team –– triaging and resolving hardware and software issues with pragmatism and good judgment.
Own device lifecycle and support new hire onboarding end-to-end, ensuring a seamless Day 1 experience.