Staff Infrastructure Engineer

About SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint.

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.” SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Role:

We're looking for a Staff Infrastructure Engineer to own and operate the systems that keep SecurityScorecard running. This is a hands-on, senior-level role reporting directly to the CISO. You will be the primary technical owner of corporate identity, endpoint, collaboration, AI workflow tooling, and IT budget — with direct daily involvement in security operations. You'll hit the ground running on IT operations from day one and own the full stack within 90 days.

This is not a ticket-taker role. We need someone who identifies problems before they're assigned, builds automation that makes the whole organization faster, and holds the technical bar for the team around them.

What You Will Own:

• Identity & Access Management — Administer Okta as primary IdP including SSO, MFA, lifecycle management, and Workflows. Own joiner/mover/leaver processes end-to-end integrated with BambooHR and Google Workspace. Govern service accounts, API keys, and secrets lifecycle.
• Endpoint & Device Management — Manage macOS fleet via Intune and Level. Enforce security baselines and patch compliance. Serve as escalation point for device issues and coordinate with CrowdStrike Falcon for endpoint security. Own hardware procurement, provisioning, and retirement.
• Collaboration & SaaS Administration — Administer Google Workspace and Atlassian (Jira, Confluence). Serve as technical owner for corporate SaaS, including onboarding new tools and maintaining an approved software register with a lightweight security review process.
• Automation Engineering — Design and build automations that meaningfully improve how teams across the org operate — Finance, HR, Security, Engineering, GTM. Integrate across the SaaS stack using APIs, Zapier, BlinkOps, Okta Workflows, and AI-assisted tooling. Maintain a prioritized backlog of automation opportunities and drive it forward without being asked.
• IT Finance & Budget — Own the IT budget end-to-end across SaaS, hardware, and vendors. Manage contracts and renewal cycles, negotiate pricing, right-size licenses, and proactively reclaim unused seats. Build cost visibility for the CISO and forecast annual spend.
• Security Operations Support — Coordinate daily with the security team on access reviews, incident triage, and policy enforcement. Serve as first responder for endpoint compromise, account takeover, and suspicious access events. Own DLP policy at the endpoint, email, and collaboration layers. Administer email security infrastructure including DMARC, DKIM, and SPF.
• Privileged Access Management — Own governance of highly privileged accounts including break-glass accounts and service accounts. Enforce just-in-time access, session recording, and periodic privileged access reviews.
• Mentorship & Team Development — Actively mentor IT peers through 1:1s, workflow reviews, and hands-on pairing. Identify skill gaps, design development plans, and model the engineering and operational standards you want the team to grow into.
• On-Call & Incident Response — This role carries on-call responsibilities. You're expected to be reachable and responsive during active infrastructure, identity, or endpoint incidents outside business hours.

Required Qualifications:

• 8 or more years of experience operating at a Staff or Principal level in a hands-on infrastructure or IT engineering role, with a track record of owning systems and functions fully, not just contributing within them
• Expert-level Okta administration, including Lifecycle Management, Workflows, and API integration
• Hands-on experience managing macOS fleets at scale, including MDM tooling and device compliance enforcement
• Strong Google Workspace administration experience in an enterprise environment
• Proficiency in building and maintaining integrations and automations via APIs, scripting, and workflow platforms — with a portfolio of cross-functional tooling that other teams depend on
• Experience with workflow automation platforms such as Zapier, BlinkOps, or equivalent
• Experience owning an IT or SaaS budget, including vendor contract negotiation, renewal management, and license optimization
• Familiarity with endpoint security tooling — CrowdStrike Falcon or equivalent EDR platform experience required
• Experience producing audit evidence and operating within a SOC 2, ISO 27001, or equivalent compliance framework
• Prior experience mentoring or actively developing engineers, with demonstrated impact on their growth and ownership
• Comfort operating in a security-focused environment where access control, auditability, and least-privilege are non-negotiable
• Ability to manage competing priorities and operate independently in a lean, high-trust environment

Preferred Qualifications:

• Prior experience at a cybersecurity company or similarly regulated environment — you understand the cultural weight of security-first infrastructure without needing it explained
• Experience administering and governing AI tools in a corporate environment, including acceptable use policy enforcement and shadow AI controls
• Experience with HashiCorp Vault or equivalent secrets management platform
• Exposure to physical access control systems and corporate network infrastructure
• Experience building automation tooling that serves non-technical stakeholders across functions such as Finance, HR, or GTM
• Familiarity with Atlassian products (Jira and Confluence) at an administrative level
• Exposure to FedRAMP authorization environments and the infrastructure controls they require

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

The estimated total compensation range for this position is $160,000 - $195,000 (base plus bonus). Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits.

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law.

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law.

SecurityScorecard does not accept unsolicited resumes from employment agencies. Please note that we do not provide immigration sponsorship for this position.