Senior IT Security Engineer

United States | RemoteRemotePosted 3 days ago

Job Description

<div class="content-intro">Founded in 2004, NetBrain is the leader in no-code network automation. Its ground-breaking Next-Gen platform provides IT operations teams with the ability to scale their hybrid multi-cloud connected networks by automating the processes associated with Diagnostic Troubleshooting, Outage Prevention and Protected Change Management.  Today, over 2,500 of the world’s largest enterprises and managed services providers leverage NetBrain’s platform.</div>What We Need NetBrain is looking for an analytically-inclined and detail-oriented Senior IT Security Engineer to drive our ISO 27001 and SOC 2 certification efforts, ensuring IT security is fully aligned and audit-ready for our SaaS product launch. This person will collaborate cross-functionally and define, implement and enforce security requirements and standards. What You'll Do <ul> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">You will drive ISO 27001 certification and SOC 2 Type II attestation initiatives end-to-end — from initial gap analysis and control design through evidence collection, audit coordination, and successful certification to support NetBrain’s new SaaS business.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Build and mature NetBrain’s GRC (Governance, Risk & Compliance) program — conduct risk assessments, maintain the risk register, define control owners, and produce compliance reporting that gives leadership clear visibility into security posture.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Translate compliance framework requirements into practical, scalable security policies, standards, and procedures and partner with cross-functional teams (engineering, product, legal, IT) to embed them into daily operations and product development workflows.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Define and enforce IAM (Identity & Access Management) standards — including SSO, MFA, RBAC, and periodic access reviews — across both corporate IT and SaaS product environments to satisfy audit requirements and enforce least-privilege principles.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Implement and manage SIEM platforms for centralized security monitoring, log aggregation, and alerting to meet audit evidence requirements and provide real-time threat visibility across cloud and on-premise infrastructure.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Own the vulnerability management lifecycle — deploy and operate scanning tools, define remediation SLAs, track closure rates, and report on risk reduction metrics to demonstrate continuous improvement to auditors and stakeholders.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Develop and maintain incident response plans, playbooks, and escalation procedures aligned with ISO 27001 and SOC 2 control requirements; lead tabletop exercises and coordinate response during security events.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Evaluate and manage third-party vendor risk — conduct security assessments of SaaS vendors and partners, manage security questionnaires, and maintain a supplier risk register aligned with compliance framework requirements.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Design and deliver security awareness training programs that drive adoption of security best practices across the organization and satisfy compliance training requirements for both ISO 27001 and SOC 2.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Serve as the trusted security subject matter expert across business units — communicate risks and recommendations to both technical and non-technical stakeholders, and ensure IT security readiness directly supports the launch and growth of NetBrain’s SaaS product.</li> </ul>   What You Bring <ul> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">8+ years of experience in information security, cybersecurity engineering, or a GRC-focused security role</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Hands-on experience leading or supporting ISO 27001 and/or SOC 2 audit and certification processes</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Prior experience at a B2B SaaS company with responsibility spanning both product security and corporate IT security</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Strong working knowledge of compliance frameworks including ISO 27001, SOC 2, and NIST CSF</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Experience with GRC platforms and security tooling (SIEM, vulnerability scanners, IAM solutions, EDR)</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Professional certifications such as CISSP, CISM, CISA, or equivalent strongly preferred</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Manual Dexterity: Repetitive motion of wrists, hands and fingers for using a computer.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Stationary Tasks: Sitting for extended periods, remaining in a stationary position.</li> <li style="font-size: 10pt; font-family: 'trebuchet ms', geneva, sans-serif;">Though this is a remote position, must be able to work Eastern Time Zone business hours</li> </ul>   What We Offer Our comprehensive compensation package is vital in how we recognize our people for the impact they make on us reaching our goals as a company. For this role, the estimated base is $130,000 - $155,000 + Bonus. The actual salary may vary based on a range of factors, including market and individual qualifications objectively assessed during the interview process. The range listed above is a guideline and may be modified. People Experience offers a comprehensive benefits package in addition to cash compensation that includes but is not limited to 401k and medical/dental coverage. Speak with your Recruiter for more details on our Total Rewards philosophy.  <div class="content-conclusion">NetBrain invites all interested and qualified candidates to apply for employment opportunities. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, or other characteristics protected by law. If you have a disability that prevents or limits your ability to use or access the site, or if you require any other accommodation in the application process due to a disability, you may request a reasonable accommodation. To make a request, please contact our People Team at: <a href="mailto:people@netbraintech.com">people@netbraintech.com</a> and we will be happy to assist you. In compliance with applicable laws, NetBrain conducts holistic, individual background reviews in support of all hiring decisions. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.  </div>