Senior IT Engineer
Nue.io · Canada, NC · 2 mo ago
RemoteRemoteEngineeringFull-time
Responsibilities
- Implement and maintain standard patterns for user lifecycle, access control, and device posture that align with security and compliance requirements, in partnership with the Director, IT.
- Contribute hands-on input to the design and continuous improvement of IT architecture for corporate endpoints, identity, and SaaS applications.
- Design and maintain hardened baseline configurations for Mac endpoints, including MDM/EDR policies, patching, and disk encryption.
- Ensure accurate, auditable asset inventories for laptops, networking gear, and key IT-managed services.
- Establish and optimize tooling and automation for device provisioning, configuration drift detection, and secure offboarding.
- Lead day-to-day identity and access management (IAM) across Google Workspace, HRIS/SSO, Salesforce, Slack, Atlassian, and other core apps.
- Implement and drive RBAC and least-privilege models, including role profiles by function and regular access reviews, in partnership with IT leadership.
- Partner with functional owners on SaaS vendor onboarding, risk reviews, renewals, and entitlement rationalization.
- Design and refine automated workflows (e.g., via HRIS/IdP/IT tooling) for joiner/mover/leaver processes.
- Act as a primary IT owner for controls related to: Endpoint security (MDM/EDR, patching, disk encryption, USB/removable media policies); Identity security (MFA enforcement, SSO, conditional access, OAuth governance); Corporate SaaS hardening (admin roles, audit logs, configuration baselines).
- Execute against the IT compliance framework defined by IT leadership, helping to maintain controls and documentation needed for SOC 2 / SOC 1 / privacy and related frameworks.
- Collaborate with auditors and internal stakeholders to provide evidence, help identify and close gaps, and support readiness for security and compliance audits and assessments.
- Help drive vulnerability management remediation across endpoints and IT-managed services; prioritize and track remediation in partnership with Dev Services and Engineering.
- Support responses to customer questionnaires around security and compliance of our products, in partnership with IT leadership.
- Maintain an awareness of potential risks and vulnerabilities across Nue’s systems, and proactively raise and address gaps as they arise.
- Serve as the primary point of contact for support for all employees and senior escalation point to other IT team members for complex IT issues (identity/SSO, access, networking, device security).
- Design and implement automation and scripts to reduce manual toil across IT workflows.
- Maintain and improve internal IT documentation, runbooks, and standards, ensuring they’re usable by both IT peers and business stakeholders.
- Provide input into IT capacity planning (licenses, hardware refresh, key platforms) by surfacing trends, usage data, and technical recommendations to the Director, IT.
- Implement and monitor logging and alerting systems for critical services to enable proactive support and incident detection.
- Mentor other IT team members (including interns or junior engineers) on best practices, troubleshooting approaches, and security-minded thinking.
- Model strong communication with stakeholders; help translate technical tradeoffs into clear options and recommendations.
- Influence and execute on IT projects and initiatives that align with security posture, audit requirements, and company growth, under the direction of IT leadership.
Qualifications
- 5+ years in corporate IT engineering, systems administration, or similar roles in a SaaS or high-growth technology environment.
- Deep hands-on experience with: Identity/SSO and user lifecycle (e.g., Google Workspace, Okta/Rippling or equivalent IdPs, SCIM/SAML/OIDC concepts); Endpoint management at scale (MDM/EDR, OS hardening, patching, secure baselines); Administration of a modern SaaS stack (productivity, collaboration, ticketing/ITSM, monitoring/logging, etc.).
- Strong understanding of security and compliance frameworks (e.g., SOC 2, SOC 1, ISO 27001) and how IT controls support them.
- Proven experience implementing or improving: Access reviews and entitlement recertifications; Device and asset lifecycle processes; Change management and documentation around IT changes; Excellent troubleshooting skills across layers (user/device → network → SaaS/IdP), with a bias toward root cause analysis and durable fixes;
- Strong written and verbal communication skills; ability to produce clear runbooks, SOPs, and audit-ready documentation.