IT Security & Systems Engineer

Summary

Join HackerOne's IT Engineering team as an IT Security & Systems Engineer, ensuring our infrastructure, systems, and processes are secure, resilient, and compliant. As the security point of contact, you will collaborate with Security and compliance teams to meet security and regulatory requirements. You will manage security incidents, track and remediate audit-related tasks, secure internal IT tools, and improve endpoint security, IAM, and SaaS security posture. You will also automate security controls, enforce security policies, and proactively identify risks. This role blends security engineering, IT operations, and compliance expertise, securing our cloud and on-prem environments and driving security best practices. The position is primarily remote with occasional in-person requirements in Washington DC, Austin TX, San Francisco, or Seattle WA.

Requirements

• 3+ years of experience in IT security, system administration, or security engineering within a corporate IT environment
• Experience administering IT security and access controls for SaaS applications (Google Workspace, Okta, Slack, AWS, Lumos, Monday.com , etc.)
• Familiarity with security automation and scripting (Python, Bash, PowerShell, Workato) to improve IT security processes
• Experience with MDM solutions (Kandji or similar) for securing and managing Apple devices and endpoints
• This position participates in an on call rotation

Responsibilities

• Develop, implement, and administer security controls for IT-managed infrastructure, SaaS applications, and endpoint security, ensuring best practices
• Work closely with security and compliance teams to align IT tools, applications, and processes to ensure we maintain compliance and regulatory requirements (SOC 2, ISO 27001, NIST, etc.)
• Manage and respond to IT security incidents, including investigation, remediation, and post-mortem analysis, while continuously improving response processes
• Automate security processes, monitoring, and enforcement through scripting (Python, Bash, PowerShell) and infrastructure as code (IaC) solutions like Terraform or Workato
• Enhance security and compliance across IT systems, including IAM, endpoint security (MDM solutions like Kandji or JAMF), and SaaS security for applications like Google Workspace, Okta, and AWS
• Conduct security assessments, risk analysis, and audits to identify vulnerabilities, improve security posture, and ensure compliance
• Partner with vendors and internal teams to evaluate and integrate security tools and enterprise security solutions for corporate IT
• Support operational security responsibilities, including security reviews, consulting, and on-call support, while improving automation, playbooks, and response processes

Preferred Qualifications

• Hands-on experience securing IT systems, SaaS applications, and cloud environments (AWS, GCP, or Azure), including IAM and endpoint security
• Experience developing and automating security controls using scripting (Python, Bash, PowerShell) and infrastructure as code (IaC) solutions like Terraform or Workato
• Proficiency with security tools such as EDR, SIEM, vulnerability management, and identity providers (Okta, Active Directory, etc.)
• Understanding of incident response processes and IT security monitoring, including participation in an on-call rotation for critical security events

Benefits

• Health (medical, vision, dental), life, and disability insurance*
• Equity stock options
• Retirement plans
• Paid public holidays and unlimited PTO
• Paid maternity and parental leave
• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
• Employee Assistance Program
• Flexible Work Stipend