# Sr. Security Engineer, Corporate Information Security

**Company:** [Betterment](https://hotfix.jobs/companies/betterment)
**Location:** New York, NY
**Role:** Security Engineering
**Salary:** $165k – $185k/yr
**Experience:** 6+ years
**Skills:** Okta, Entra Id, SAML, OIDC, OAuth, SCIM, Ldap, Python, Go, Zero Trust, Cis Benchmarks, Wiz, Vanta, Drata, SOC 2
**Posted:** 2026-06-11

> Senior security engineer leading workforce IAM, endpoint security, and AI tool governance for a fintech company. Hands-on IC role focused on Okta, SaaS security, and Zero Trust architecture in a hybrid NYC environment.

## Job Description

## Responsibilities

**Identity & Access Architecture**
- Define and evolve the workforce IAM roadmap
- Architect identity patterns across Okta and SaaS estate SSO at scale, RBAC design, and lifecycle automation from HRIS through joiner/mover/leaver
- Build sustainable Identity Governance & Administration (IGA) practice including User Access Review campaigns

**Security Design**
- Lead initiatives across authentication, authorization, federation, and privileged access
- Design time-bound, just-in-time, and break-glass patterns (PIM-equivalent) for high-risk roles
- Govern non-human identities, service accounts, API tokens, OAuth integrations, and AI agents
- Embed Zero Trust and least-privilege principles

**Securing & Monitoring Corporate Communications**
- Manage security of corporate communication platforms (email, Slack) through Abnormal Security and Proofpoint
- DLP enforcement to protect PII
- Conduct email investigations for spam, phishing, and other threats

**Endpoint, Mobile & Browser Security**
- Define and enforce hardening standards aligned with CIS benchmarks
- Own configuration baselines for macOS, Windows, and Linux Desktops
- Architect enterprise browser security, extension governance, session protection, and DLP at the browser layer

**Vulnerability & Posture Management**
- Lead workforce vulnerability management program for endpoints and corporate SaaS
- Design remediation SLAs by severity and asset class
- Run remediation campaigns to closure
- Operate SaaS posture tooling (Wiz, Vanta, Drata, or peers)

**AI Tool Security**
- Establish and enforce secure architecture for AI tool usage
- Define data handling boundaries, connector security, identity-aware access controls
- Implement detection for misuse with bias toward enabling business safely

**Governance & Operations**
- Run UAR campaigns end-to-end
- Drive remediation of audit findings (SOC 2, ISO 27001)
- Partner with MDR MSP and internal teams to mature identity-related detection and incident response

## Requirements

- 6+ years in security engineering with deep experience in IAM and corporate security, ideally in a regulated environment
- Strong command of authentication and authorization protocols (SAML, OIDC, OAuth, SCIM, LDAP)
- Experience with enterprise IAM platforms (Okta, Entra ID), RBAC design, and lifecycle automation
- Familiarity with endpoint management and EDR; operationalizing CIS benchmarks across macOS and Windows
- Experience designing remediation SLAs, running remediation campaigns, and operating SaaS posture tooling (Wiz, Vanta, Drata)
- Comfortable building tools and pipelines with Python, Go, or similar
- Strong writing skills for RFCs, one-pagers, audit narratives
- Experience operating in SOC 2 and ISO 27001/NIST environments
- Experience with network monitoring & alerting, perimeter blocking, ZTNA, ACLs, firewall rules, cryptography, VPNs

## Preferred Qualifications

- Hands-on experience with Privileged Access Management (CyberArk, BeyondTrust, Delinea)
- Identity Governance & Administration (Saviynt, SailPoint, ConductorOne, Lumos)
- Modern secrets management (HashiCorp Vault, Doppler)
- Zero Trust implementation experience
- Policy-as-code (OPA / Rego)
- Experience partnering with MDR / managed SOC
- Security certifications (CISSP or vendor IAM certifications)

## Similar roles

- [Senior Security Engineer, Infrastructure & Network Security](https://hotfix.jobs/jobs/e5adea70-2b49-4e0f-b3ed-805a64f22011) - Metropolis - New York, NY - $165k – $215k/yr
- [Senior Security Engineer, Product & Application Security](https://hotfix.jobs/jobs/071710bf-d299-4174-b809-71abdce26363) - Metropolis - Seattle, WA - $165k – $215k/yr
- [Senior Application Security Engineer](https://hotfix.jobs/jobs/2c71d547-b042-48a2-8e4f-e3abc07b15f2) - Tatari - Los Angeles, CA - $165k – $190k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/e2ba79d7-a44d-4a8c-9d19-e67b254e1c09) - Beacon AI - San Carlos, CA - $165k – $240k/yr
- [Senior Software Engineer, Security](https://hotfix.jobs/jobs/892078d1-efa4-43d8-b478-f9442964cb91) - NexHealth - Seattle, WA - $165k – $230k/yr

**Apply:** https://hotfix.jobs/jobs/9a9306b6-f0a5-4069-91b7-75229c3b670f
**Canonical:** https://hotfix.jobs/jobs/9a9306b6-f0a5-4069-91b7-75229c3b670f