Requirements
- 5+ years as a Security Engineer with 4+ years specializing in Enterprise/Corporate Security
- Identity: Deep experience with modern Identity Providers (Okta, Google Workspace) and passwordless authentication
- Endpoint: Proven track record managing enterprise EDR (CrowdStrike, SentinelOne) and MDM platforms (Jamf) at scale
- Networking: Strong understanding of non-cloud networking (switching, routing, and firewalling)
- Hardening Knowledge: Practical experience applying CIS Benchmarks or NIST standards to end-user workstations and office infrastructure
- Skills
- Automation: Proficiency in automating security tasks and API integrations between security tools
- Zero Trust: Experience moving organizations away from legacy VPNs toward ZTNA solutions (e.g., Zscaler, Netskope or Tailscale)
- Hardware Security: Familiarity with TPM/Secure Enclave technologies and disk encryption management (FileVault, BitLocker)
- Financial Services: Experience working in highly regulated environments (GDPR, BaIT, or MaRisk)
What the job involves
- As a Senior IT Security Engineer in our Security Operations team, you'll architect and maintain the defenses that protect our global workforce and internal infrastructure. You will be the primary guardian of our endpoint ecosystem, corporate network, and identity perimeters
- Endpoint Defense: Deploy and manage EDR/XDR solutions across a diverse fleet, with a primary focus on macOS alongside Windows and Linux devices
- Identity & Access Management (IAM): Architect end-user IAM workflows, including SSO integration, MFA enforcement, and automated lifecycle management (Joiners/Movers/Leavers) together with our IT team
- Network Security: Secure our physical and logical corporate networks, managing firewalls, VPNs, and SD-WAN architectures
- Zero Trust Architecture: Implement and optimize Zero Trust Network Access (ZTNA) to replace traditional perimeter-based security for internal applications
- Device Management (MDM): Define security baselines and hardening standards within MDM tools like Jamf to ensure "compliant-only" device access
- Vulnerability Management: Drive and automate the patching for all non-cloud assets, ensuring third-party software and OS vulnerabilities are remediated within SLA
- Network Access Control (NAC): Manage and monitor office network security, implementing 802.1X authentication for wired and wireless environments
- Data Loss Prevention (DLP): Implement and tune endpoint-level DLP controls to prevent unauthorized data exfiltration
- Security Awareness & Phishing: Lead technical initiatives for phishing simulations and deploy automated tools to analyze, report suspicious emails, and provide security awareness training for all employees
