Senior Security Engineer

Role: Senior Security Engineer

Duration: 3 months (for now - could extend depending on length of time to hire FT)

Hours: 20-30 hours/hour - can increase/be flexible

Location: 176 Grand St New York NY 10013 Occasional onsite

Job Description:

Summary

• We are seeking a short-term Corporate Security consultant (20-30 hours/week for 3 months) to automate employee access and secure our devices.
• The consultant will deploy Okta-based authentication (multi-factor authentication on laptops single sign-on for critical apps) clean up device inventory and access management and automate employee onboarding and off boarding.
• Must have: hands-on Okta administration and automation experience plus macOS device management deployments. If you know someone please send them our way!

Core Experience and Skills

• Proven experience deploying Okta Verify FastPass and multi factor authentication across corporate laptops enabling seamless single sign on for SaaS applications.
• Hands on administration of MDM solutions (Rippling preferred) with device onboarding inventory management and enforcement of baseline security policies.
• Strong scripting and automation skills ( Workflows) to integrate identity providers directories and SaaS applications.
• Experience with directory hygiene and governance including group and role cleanup lifecycle management and access reviews across Okta and SaaS apps.
• Excellent communication and collaboration skills to work effectively with IT security and business stakeholders.

Core Competencies

• Identity & Access Management Architecture: designing and implementing authentication and authorization frameworks including Okta or similar identity providers MFA SSO and least privilege principles.
• Device & Endpoint Security: expertise in managing device inventory and enforcing security baselines via MDM solutions (e.g. Jamf Intune) across macOS and other devices.
• SaaS Security Posture Management: evaluation and configuration of SaaS applications to align with security best practices including secure configuration SAML/SCIM integration and vendor risk management.
• Automation & Orchestration: designing automated provisioning and de-provisioning workflows for employees using scripting and API integration for identity and SaaS services.
• Compliance & Security Standards: knowledge of frameworks such as SOC 2 and ISO 27001 and the ability to implement controls and metrics to meet compliance requirements.

Scope (projects to deliver)

• Device posture: MDM device inventory accuracy cleanup; ensure laptops meet baseline policies.
• Authentication foundation: Okta Verify/FastPass rollout; multi-factor authentication (MFA) on laptops.
• Centralized access: Put critical applications behind Okta with MFA; unify sign-on.
• Lifecycle automation: Automate off-boarding; implement role-based access; enable self-service access requests.
• Directory hygiene: Okta group identity and access cleanup (correct teams roles and mappings).

60 90 Day Success Metrics

• Inventory accuracy: 95% of active laptops present and compliant in MDM; zero unknown owner devices.
• Strong laptop auth: 90% of active users enrolled in Okta Verify/FastPass; laptops require MFA at sign-in; less than 2 laptop MFA helpdesk issues per month.
• Critical apps behind Okta: 12 business-critical apps use Okta with MFA; deactivation removes access within hours.
• Faster access flow: Self-service access requests live for top 50% most used apps; 80% of access changes completed same business day
• Correct access by role: Group and role mappings updated; monthly spot-check shows < 5% overprovisioned access.

Sample Workplan

• Week 1: Baseline MDM and Okta; confirm critical app list; pick pilot groups; draft rollout plan and comms.
• Week 2: Ship Okta Verify/FastPass pilot; fix MDM ownership gaps; draft self-service access request flow.
• Week 3: Enforce laptop MFA for pilot; move first 3 5 apps behind Okta; automate off-boarding for core systems.
• Week 4 6: Expand to remaining critical apps; finalize role-based access; complete Okta group and identity cleanup; turn on self-service; measure and harden.

  Role: Senior Security Engineer

  Duration: 3 months (for now - could extend depending on length of time to hire FT)

  Hours: 20-30 hours/hour - can increase/be flexible

  Location: 176 Grand St New York NY 10013 Occasional onsite

  Job Description:

  Summary

• We are seeking a short-term Corporate Security consultant (20-30 hours/week for 3 months) to automate employee access and secure our devices.
• The consultant will deploy Okta-based authentication (multi-factor authentication on laptops single sign-on for critical apps) clean up device inventory and access management and automate employee onboarding and off boarding.
• Must have: hands-on Okta administration and automation experience plus macOS device management deployments. If you know someone please send them our way!

• Core Experience and Skills

• Proven experience deploying Okta Verify FastPass and multi factor authentication across corporate laptops enabling seamless single sign on for SaaS applications.
• Hands on administration of MDM solutions (Rippling preferred) with device onboarding inventory management and enforcement of baseline security policies.
• Strong scripting and automation skills ( Workflows) to integrate identity providers directories and SaaS applications.
• Experience with directory hygiene and governance including group and role cleanup lifecycle management and access reviews across Okta and SaaS apps.
• Excellent communication and collaboration skills to work effectively with IT security and business stakeholders.

• Core Competencies

• Identity & Access Management Architecture: designing and implementing authentication and authorization frameworks including Okta or similar identity providers MFA SSO and least privilege principles.
• Device & Endpoint Security: expertise in managing device inventory and enforcing security baselines via MDM solutions (e.g. Jamf Intune) across macOS and other devices.
• SaaS Security Posture Management: evaluation and configuration of SaaS applications to align with security best practices including secure configuration SAML/SCIM integration and vendor risk management.
• Automation & Orchestration: designing automated provisioning and de-provisioning workflows for employees using scripting and API integration for identity and SaaS services.
• Compliance & Security Standards: knowledge of frameworks such as SOC 2 and ISO 27001 and the ability to implement controls and metrics to meet compliance requirements.

• Scope (projects to deliver)

• Device posture: MDM device inventory accuracy cleanup; ensure laptops meet baseline policies.
• Authentication foundation: Okta Verify/FastPass rollout; multi-factor authentication (MFA) on laptops.
• Centralized access: Put critical applications behind Okta with MFA; unify sign-on.
• Lifecycle automation: Automate off-boarding; implement role-based access; enable self-service access requests.
• Directory hygiene: Okta group identity and access cleanup (correct teams roles and mappings).

• 60 90 Day Success Metrics

• Inventory accuracy: 95% of active laptops present and compliant in MDM; zero unknown owner devices.
• Strong laptop auth: 90% of active users enrolled in Okta Verify/FastPass; laptops require MFA at sign-in; less than 2 laptop MFA helpdesk issues per month.
• Critical apps behind Okta: 12 business-critical apps use Okta with MFA; deactivation removes access within hours.
• Faster access flow: Self-service access requests live for top 50% most used apps; 80% of access changes completed same business day
• Correct access by role: Group and role mappings updated; monthly spot-check shows < 5% overprovisioned access.

• Sample Workplan

• Week 1: Baseline MDM and Okta; confirm critical app list; pick pilot groups; draft rollout plan and comms.
• Week 2: Ship Okta Verify/FastPass pilot; fix MDM ownership gaps; draft self-service access request flow.
• Week 3: Enforce laptop MFA for pilot; move first 3 5 apps behind Okta; automate off-boarding for core systems.
• Week 4 6: Expand to remaining critical apps; finalize role-based access; complete Okta group and identity cleanup; turn on self-service; measure and harden.