Skip to content
BettermentBettermentNew York, NY

Sr. Security Engineer, Corporate Information Security

Senior security engineer leading workforce IAM, endpoint security, and AI tool governance for a fintech company. Hands-on IC role focused on Okta, SaaS security, and Zero Trust architecture in a hybrid NYC environment.

165k – 185k
Hybrid6+ YOESecurity Engineering

About the role

Responsibilities

Identity & Access Architecture

  • Define and evolve the workforce IAM roadmap
  • Architect identity patterns across Okta and SaaS estate SSO at scale, RBAC design, and lifecycle automation from HRIS through joiner/mover/leaver
  • Build sustainable Identity Governance & Administration (IGA) practice including User Access Review campaigns

Security Design

  • Lead initiatives across authentication, authorization, federation, and privileged access
  • Design time-bound, just-in-time, and break-glass patterns (PIM-equivalent) for high-risk roles
  • Govern non-human identities, service accounts, API tokens, OAuth integrations, and AI agents
  • Embed Zero Trust and least-privilege principles

Securing & Monitoring Corporate Communications

  • Manage security of corporate communication platforms (email, Slack) through Abnormal Security and Proofpoint
  • DLP enforcement to protect PII
  • Conduct email investigations for spam, phishing, and other threats

Endpoint, Mobile & Browser Security

  • Define and enforce hardening standards aligned with CIS benchmarks
  • Own configuration baselines for macOS, Windows, and Linux Desktops
  • Architect enterprise browser security, extension governance, session protection, and DLP at the browser layer

Vulnerability & Posture Management

  • Lead workforce vulnerability management program for endpoints and corporate SaaS
  • Design remediation SLAs by severity and asset class
  • Run remediation campaigns to closure
  • Operate SaaS posture tooling (Wiz, Vanta, Drata, or peers)

AI Tool Security

  • Establish and enforce secure architecture for AI tool usage
  • Define data handling boundaries, connector security, identity-aware access controls
  • Implement detection for misuse with bias toward enabling business safely

Governance & Operations

  • Run UAR campaigns end-to-end
  • Drive remediation of audit findings (SOC 2, ISO 27001)
  • Partner with MDR MSP and internal teams to mature identity-related detection and incident response

Requirements

  • 6+ years in security engineering with deep experience in IAM and corporate security, ideally in a regulated environment
  • Strong command of authentication and authorization protocols (SAML, OIDC, OAuth, SCIM, LDAP)
  • Experience with enterprise IAM platforms (Okta, Entra ID), RBAC design, and lifecycle automation
  • Familiarity with endpoint management and EDR; operationalizing CIS benchmarks across macOS and Windows
  • Experience designing remediation SLAs, running remediation campaigns, and operating SaaS posture tooling (Wiz, Vanta, Drata)
  • Comfortable building tools and pipelines with Python, Go, or similar
  • Strong writing skills for RFCs, one-pagers, audit narratives
  • Experience operating in SOC 2 and ISO 27001/NIST environments
  • Experience with network monitoring & alerting, perimeter blocking, ZTNA, ACLs, firewall rules, cryptography, VPNs

Preferred Qualifications

  • Hands-on experience with Privileged Access Management (CyberArk, BeyondTrust, Delinea)
  • Identity Governance & Administration (Saviynt, SailPoint, ConductorOne, Lumos)
  • Modern secrets management (HashiCorp Vault, Doppler)
  • Zero Trust implementation experience
  • Policy-as-code (OPA / Rego)
  • Experience partnering with MDR / managed SOC
  • Security certifications (CISSP or vendor IAM certifications)

Skills

OktaEntra IdSAMLOIDCOAuthSCIMLdapPythonGoZero TrustCis BenchmarksWizVantaDrataSOC 2
Metropolis

Senior Security Engineer, Infrastructure & Network Security

MetropolisNew York, NY

Lead AWS and network security engineering for enterprise infrastructure, including firewalls, zero-trust, IAM, and cloud automation. Requires strong AWS, networking, and security engineering experience.

165k – 215k
On-site5+ YOESecurity Engineering
Metropolis

Senior Security Engineer, Product & Application Security

MetropolisSeattle, WA

Senior Security Engineer leading application security reviews, DevSecOps initiatives, and secure architecture for cloud-native systems. Requires strong product security experience and scripting background.

165k – 215k
On-site5+ YOESecurity Engineering
Tatari

Senior Application Security Engineer

TatariLos Angeles, CA +2

First dedicated AppSec Engineer defining security architecture for a SaaS TV advertising platform. Build security tooling, own SAST/DAST/SCA, conduct threat modeling, and partner with engineering teams on secure development practices.

165k – 190k
Hybrid5+ YOESecurity Engineering
Beacon AI

Senior Security Engineer

Beacon AISan Carlos, CA

As a Senior Security Engineer, you will design and implement secure architectures, protect sensitive data, and mitigate security risks for Beacon AI. You will lead incident response efforts and integrate security best practices into the SDLC.

165k – 240k
Hybrid5+ YOESecurity Engineering
NexHealth

Senior Software Engineer, Security

NexHealthSeattle, WA +1

Builds and secures backend systems for APIs, EHR integrations, and payments infrastructure. Leads threat modeling, vulnerability remediation, and security tooling integration in AWS/Google Cloud environments. Requires 5+ years engineering with security focus.

165k – 230k
On-site5+ YOESecurity Engineering