Senior IT & Security Engineer

About The Position

Requirements

• Several years of experience running IT and security in an established environment, ideally as the sole or lead owner at a regulated or fintech SaaS company.
• A track record of improving security posture, not just maintaining it.
• Experience evaluating, selecting, and rolling out security tooling.
• Experience leading a DLP rollout.
• Hands-on Okta administration experience, including managing SSO, MFA, conditional access, and lifecycle in a live directory.
• Proven management of a Mac fleet through an MDM such as Kandji or Jamf, with a strong point of view on securing macOS endpoints.
• Solid Microsoft 365 email administration experience, including Exchange Online, mail flow, and email security (anti-phishing, SPF, DKIM, DMARC).
• Operational security experience, including endpoint security, vulnerability management, and incident handling.
• Comfort maintaining and extending scripts and automation.
• Working knowledge of ISO 27001 and SOC 2 as an operator who has kept evidence current and been through audits.
• Comfort with Governance, Risk, and Compliance (GRC) tooling like Drata.
• Very good, hands-on experience using Claude and AI coding tools (such as Claude Code or Cursor) in daily work.
• Ability to reason about the security questions an agentic environment raises.
• A genuine service mindset and ability to handle people well.
• Self-directed and trustworthy with a high degree of discretion.
• Reliability and good judgment.

Nice To Haves

• Exposure to regulated financial services.
• Experience responding to investor or customer due diligence.
• AWS security experience.
• Experience securing AI or agentic systems.
• Experience that would allow mentoring and leading a junior hire.
• Relevant certifications (CISSP, Security+, or similar).

Responsibilities

• Advance the company's security posture by evaluating and rolling out new security tooling.
• Lead the Data Loss Prevention (DLP) rollout across email, endpoints, and AI tooling.
• Harden the Mac fleet for an environment with agents and AI tools running on endpoints.
• Administer Okta for identity and access management, including SSO, MFA, conditional access, and joiner-mover-leaver processes.
• Maintain least privilege and run regular access reviews.
• Manage the Apple fleet via Kandji, including onboarding, configuration, patching, device compliance, and offboarding.
• Administer Microsoft 365, including Exchange Online, mail flow, and email security (anti-phishing, anti-spam, SPF, DKIM, DMARC).
• Manage endpoint security, hardening baselines, vulnerability management, and alerting.
• Lead incident response when security events occur.
• Act as the escalation point for internal IT support for approximately 100 users.
• Secure AI tooling adoption, monitor for data leakage through LLMs and shadow AI.
• Maintain access controls for agents and internal MCP services.
• Enforce and update AI usage policies.
• Manage the ISO 27001 Information Security Management System (ISMS) day-to-day.
• Keep evidence current in Drata and support SOC 2 compliance.
• Respond promptly to customer and investor security questionnaires and Due Diligence Questionnaires (DDQs).

Benefits

• Scope to bring on a junior team member reporting to you as the company grows.