Senior IT Security Engineer

About The Position

Requirements

• 8+ years of experience in information security, cybersecurity engineering, or a GRC-focused security role
• Hands-on experience leading or supporting ISO 27001 and/or SOC 2 audit and certification processes
• Prior experience at a B2B SaaS company with responsibility spanning both product security and corporate IT security
• Strong working knowledge of compliance frameworks including ISO 27001, SOC 2, and NIST CSF
• Experience with GRC platforms and security tooling (SIEM, vulnerability scanners, IAM solutions, EDR)
• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)
• Manual Dexterity: Repetitive motion of wrists, hands and fingers for using a computer.
• Stationary Tasks: Sitting for extended periods, remaining in a stationary position.
• Must be able to work Eastern Time Zone business hours

Nice To Haves

• Professional certifications such as CISSP, CISM, CISA, or equivalent strongly preferred

Responsibilities

• Drive ISO 27001 certification and SOC 2 Type II attestation initiatives end-to-end — from initial gap analysis and control design through evidence collection, audit coordination, and successful certification to support NetBrain’s new SaaS business.
• Build and mature NetBrain’s GRC (Governance, Risk & Compliance) program — conduct risk assessments, maintain the risk register, define control owners, and produce compliance reporting that gives leadership clear visibility into security posture.
• Translate compliance framework requirements into practical, scalable security policies, standards, and procedures and partner with cross-functional teams (engineering, product, legal, IT) to embed them into daily operations and product development workflows.
• Define and enforce IAM (Identity & Access Management) standards — including SSO, MFA, RBAC, and periodic access reviews — across both corporate IT and SaaS product environments to satisfy audit requirements and enforce least-privilege principles.
• Implement and manage SIEM platforms for centralized security monitoring, log aggregation, and alerting to meet audit evidence requirements and provide real-time threat visibility across cloud and on-premise infrastructure.
• Own the vulnerability management lifecycle — deploy and operate scanning tools, define remediation SLAs, track closure rates, and report on risk reduction metrics to demonstrate continuous improvement to auditors and stakeholders.
• Develop and maintain incident response plans, playbooks, and escalation procedures aligned with ISO 27001 and SOC 2 control requirements; lead tabletop exercises and coordinate response during security events.
• Evaluate and manage third-party vendor risk — conduct security assessments of SaaS vendors and partners, manage security questionnaires, and maintain a supplier risk register aligned with compliance framework requirements.
• Design and deliver security awareness training programs that drive adoption of security best practices across the organization and satisfy compliance training requirements for both ISO 27001 and SOC 2.
• Serve as the trusted security subject matter expert across business units — communicate risks and recommendations to both technical and non-technical stakeholders, and ensure IT security readiness directly supports the launch and growth of NetBrain’s SaaS product.

Benefits

• 401k
• medical/dental coverage