Senior Security Engineer
Skills
MfaSecurity ToolSoc IiInformation SecuritySecurity AutomationEndpoint SecuritySecurity AwarenessVendor SelectionEntra IdEvidence CollectionConditional AccessControl MonitoringPosture MonitoringEntraIso 27001Incident ResponseSaasBashLoggingAlertingSsoGoogle WorkspaceMonitoringAwsGcpVulnerability ManagementIamOktaEdrMdmPythonComplianceGoAccess ReviewPolicyThird-Party RiskSiemSecrets ManagementPrivileged Access
About the Role
You will be the deep technical owner of information security, designing, hardening, and automating the systems and controls the organization relies on. You will lead the information security program end-to-end, drive SOC II Type 2 and ISO 27001 readiness, run logging, monitoring, and alerting, investigate and respond to incidents, manage vulnerability and third-party risk processes, own identity and endpoint security hardening, build security and compliance automation across the SaaS estate, lead security tooling rollouts and vendor selection, help maintain a secure AWS/GCP footprint including secrets management and posture monitoring, and keep the security policy library accurate and enforced.
Requirements
- 7+ years in information security with strong IT engineering depth
- Demonstrated ownership of SOC II Type 2 and ideally ISO 27001 readiness and audit cycles
- Deep hands-on experience across IAM endpoint and at least one cloud (AWS or GCP)
- Comfortable scripting in Python Go or Bash and automating IT and security workflows
- Practical experience with SSO/IdP platforms (Okta Google Workspace Entra) MDM/EDR tooling and logging/SIEM stacks
- Strong written communication including policy and post-incident reviews
- Pragmatic about risk and process and calm under pressure with a bias to action
- Crypto or AI/ML exposure is a plus
Responsibilities
- Lead the information security program across NEAR Foundation
- Drive SOC II Type 2 and ISO 27001 readiness and ongoing compliance
- Support the needs and operation of the NEAR Security Committee
- Run logging, monitoring, and alerting and lead incident investigation and response
- Run vulnerability management and third-party risk reviews
- Deliver security awareness across the organization
- Own security architecture and hardening of identity access and endpoint stack
- Engineer security and compliance automation across the SaaS estate
- Serve as senior technical escalation point for complex security issues
- Lead security tooling rollouts and vendor selection
- Help maintain a secure cloud footprint including secrets management and posture monitoring
- Maintain and update the security policy library
Benefits
- NEAR token incentives
- Comprehensive healthcare coverage
- Remote-first work environment
- Professional development and learning budget