Senior IT Security Engineer
United States of America
Full Time
2 hours ago
$130,000 - $155,000 USD
H1B Sponsor Likely
Key skills
IAMSSOSaaSLeadership
About this role
NetBrain is the leader in no-code network automation, and they are seeking a Senior IT Security Engineer to drive their ISO 27001 and SOC 2 certification efforts. This role involves collaborating cross-functionally to define, implement, and enforce security requirements and standards to ensure audit readiness for their SaaS product launch.
Responsibilities:
- Drive ISO 27001 certification and SOC 2 Type II attestation initiatives end-to-end — from initial gap analysis and control design through evidence collection, audit coordination, and successful certification to support NetBrain’s new SaaS business
- Build and mature NetBrain’s GRC (Governance, Risk & Compliance) program — conduct risk assessments, maintain the risk register, define control owners, and produce compliance reporting that gives leadership clear visibility into security posture
- Translate compliance framework requirements into practical, scalable security policies, standards, and procedures and partner with cross-functional teams (engineering, product, legal, IT) to embed them into daily operations and product development workflows
- Define and enforce IAM (Identity & Access Management) standards — including SSO, MFA, RBAC, and periodic access reviews — across both corporate IT and SaaS product environments to satisfy audit requirements and enforce least-privilege principles
- Implement and manage SIEM platforms for centralized security monitoring, log aggregation, and alerting to meet audit evidence requirements and provide real-time threat visibility across cloud and on-premise infrastructure
- Own the vulnerability management lifecycle — deploy and operate scanning tools, define remediation SLAs, track closure rates, and report on risk reduction metrics to demonstrate continuous improvement to auditors and stakeholders
- Develop and maintain incident response plans, playbooks, and escalation procedures aligned with ISO 27001 and SOC 2 control requirements; lead tabletop exercises and coordinate response during security events
- Evaluate and manage third-party vendor risk — conduct security assessments of SaaS vendors and partners, manage security questionnaires, and maintain a supplier risk register aligned with compliance framework requirements
- Design and deliver security awareness training programs that drive adoption of security best practices across the organization and satisfy compliance training requirements for both ISO 27001 and SOC 2
- Serve as the trusted security subject matter expert across business units — communicate risks and recommendations to both technical and non-technical stakeholders, and ensure IT security readiness directly supports the launch and growth of NetBrain’s SaaS product
Requirements:
- 8+ years of experience in information security, cybersecurity engineering, or a GRC-focused security role
- Hands-on experience leading or supporting ISO 27001 and/or SOC 2 audit and certification processes
- Prior experience at a B2B SaaS company with responsibility spanning both product security and corporate IT security
- Strong working knowledge of compliance frameworks including ISO 27001, SOC 2, and NIST CSF
- Experience with GRC platforms and security tooling (SIEM, vulnerability scanners, IAM solutions, EDR)
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- Manual Dexterity: Repetitive motion of wrists, hands and fingers for using a computer
- Stationary Tasks: Sitting for extended periods, remaining in a stationary position
- Professional certifications such as CISSP, CISM, CISA, or equivalent strongly preferred