Senior IT Engineer

About The Position

Requirements

• 5+ years in corporate IT engineering, systems administration, or similar roles in a SaaS or high-growth technology environment.
• Deep hands-on experience with: Identity/SSO and user lifecycle (e.g., Google Workspace, Okta/Rippling or equivalent IdPs, SCIM/SAML/OIDC concepts).
• Deep hands-on experience with: Endpoint management at scale (MDM/EDR, OS hardening, patching, secure baselines).
• Deep hands-on experience with: Administration of a modern SaaS stack (productivity, collaboration, ticketing/ITSM, monitoring/logging, etc.).
• Strong understanding of security and compliance frameworks (e.g., SOC 2, SOC 1, ISO 27001) and how IT controls support them.
• Proven experience implementing or improving: Access reviews and entitlement recertifications.
• Proven experience implementing or improving: Device and asset lifecycle processes.
• Proven experience implementing or improving: Change management and documentation around IT changes.
• Excellent troubleshooting skills across layers (user/device network SaaS/IdP), with a bias toward root cause analysis and durable fixes.
• Strong written and verbal communication skills; ability to produce clear runbooks, SOPs, and audit-ready documentation.

Nice To Haves

• Experience contributing directly to security questionnaires, customer/vendor risk assessments, or audits.
• Familiarity with SIEM or security analytics tools and how IT telemetry feeds them.
• Experience in a distributed or remote-first organization where async and documented processes are critical.
• Prior mentorship or informal leadership responsibilities within an IT or SecOps team.

Responsibilities

• Implement and maintain standard patterns for user lifecycle, access control, and device posture that align with security and compliance requirements, in partnership with the Director, IT.
• Contribute hands-on input to the design and continuous improvement of IT architecture for corporate endpoints, identity, and SaaS applications.
• Design and maintain hardened baseline configurations for Mac endpoints, including MDM/EDR policies, patching, and disk encryption.
• Ensure accurate, auditable asset inventories for laptops, networking gear, and key IT-managed services.
• Establish and optimize tooling and automation for device provisioning, configuration drift detection, and secure offboarding.
• Lead day-to-day identity and access management (IAM) across Google Workspace, HRIS/SSO, Salesforce, Slack, Atlassian, and other core apps.
• Implement and drive RBAC and least-privilege models, including role profiles by function and regular access reviews, in partnership with IT leadership.
• Partner with functional owners on SaaS vendor onboarding, risk reviews, renewals, and entitlement rationalization.
• Design and refine automated workflows (e.g., via HRIS/IdP/IT tooling) for joiner/mover/leaver processes.
• Act as a primary IT owner for controls related to: Endpoint security (MDM/EDR, patching, disk encryption, USB/removable media policies).
• Act as a primary IT owner for controls related to: Identity security (MFA enforcement, SSO, conditional access, OAuth governance).
• Act as a primary IT owner for controls related to: Corporate SaaS hardening (admin roles, audit logs, configuration baselines).
• Execute against the IT compliance framework defined by IT leadership, helping to maintain controls and documentation needed for SOC 2 / SOC 1 / privacy and related frameworks.
• Collaborate with auditors and internal stakeholders to provide evidence, help identify and close gaps, and support readiness for security and compliance audits and assessments.
• Help drive vulnerability management remediation across endpoints and IT-managed services; prioritize and track remediation in partnership with Dev Services and Engineering.
• Participate in incident response for account compromise, device loss, suspicious activity, or vendor breaches, including root cause analysis and follow-up improvements.
• Support responses to customer questionnaires around security and compliance of our products, in partnership with IT leadership.
• Maintain an awareness of potential risks and vulnerabilities across Nue’s systems, and proactively raise and address gaps as they arise.
• Serve as the primary point of contact for support for all employees and senior escalation point to other IT team members for complex IT issues (identity/SSO, access, networking, device security).
• Design and implement automation and scripts to reduce manual toil across IT workflows.
• Maintain and improve internal IT documentation, runbooks, and standards, ensuring they’re usable by both IT peers and business stakeholders.
• Provide input into IT capacity planning (licenses, hardware refresh, key platforms) by surfacing trends, usage data, and technical recommendations to the Director, IT.
• Implement and monitor logging and alerting systems for critical services to enable proactive support and incident detection.
• Mentor other IT team members (including interns or junior engineers) on best practices, troubleshooting approaches, and security-minded thinking.
• Model strong communication with stakeholders; help translate technical tradeoffs into clear options and recommendations.
• Influence and execute on IT projects and initiatives that align with security posture, audit requirements, and company growth, under the direction of IT leadership.