Key skills
JamfMacOSAIClaudeAgenticOktaSSOSaaS
About this role
Role Overview
- Advancing our security posture: this is where the role earns its keep. Continuously look for ways to improve how we protect the business, evaluate and roll out new security tooling, lead our data loss prevention (DLP) rollout across email, endpoints, and AI tooling, and harden the Mac fleet for an environment where agents and AI tools are running on endpoints.
- Identity and access (Okta): Okta is our directory. Administer it day to day, keep SSO, MFA, and conditional access policy healthy, run the joiner-mover-leaver process, maintain least privilege, and run regular access reviews.
- Apple fleet via Kandji: onboarding, configuration, patching, device compliance, and offboarding across a Mac-only estate, with an eye on tightening the security model over time.
- Microsoft 365 (email): Exchange Online administration, mail flow, and email security: anti-phishing, anti-spam, SPF, DKIM, DMARC, and DLP on outbound mail.
- Endpoint and security operations: keep EDR, hardening baselines, vulnerability management, and alerting running, and lead incident response when something happens.
- Internal IT support (escalation): act as the escalation point for internal IT across roughly 100 users. The support team handles level 1; anything more complex comes to you.
- AI security and governance: keep AI tooling adopted safely across the company, watch for data leakage through LLMs and shadow AI, maintain access controls for agents and internal MCP services, and keep our AI usage policy enforced and current.
- Compliance operations: run the ISO 27001 ISMS day to day, keep evidence current in Drata, support SOC 2, and turn around customer and investor security questionnaires and DDQs promptly.
Requirements
- Several years running IT and security in an established environment, ideally as the sole or lead owner at a regulated or fintech SaaS company.
- A track record of improving security posture, not just maintaining it.
- You have evaluated, selected, and rolled out security tooling, and ideally led a DLP rollout.
- Hands-on Okta administration: managing SSO, MFA, conditional access, and lifecycle in a live directory.
- Proven management of a Mac fleet through an MDM such as Kandji or Jamf, with a real point of view on securing macOS endpoints. This is a hard requirement, not a nice-to-have.
- Solid Microsoft 365 email administration: Exchange Online, mail flow, and email security (anti-phishing, SPF, DKIM, DMARC).
- Operational security experience: endpoint security, vulnerability management, and handling incidents calmly.
- Comfort maintaining and extending scripts and automation, even if you are not building large systems from scratch.
- Working knowledge of ISO 27001 and SOC 2 as an operator who has kept evidence current and been through audits, plus comfort with GRC tooling like Drata.
- Very good, hands-on experience using Claude and AI coding tools (such as Claude Code or Cursor) in your daily work. This is a core requirement: you should already use AI as a force multiplier and be able to reason about the security questions an agentic environment raises.
- A genuine service mindset. You will be the escalation point for everyone in the company, so you need to handle people well and stay responsive.
- Self-directed and trustworthy. You will hold privileged access to everything, so reliability, judgment, and discretion matter as much as technical skill.
Tech Stack
- Jamf
- MacOS
Benefits
- No specified benefits mentioned