IT Systems & Security Engineer

• Lead the Security and IT team at Periodic Labs to ensure robust security measures are in place for identity management, endpoint protection, network defense, and SaaS applications. • Ownership of Identity services including Okta/Entra with SAML/OIDC/SCIM protocols, RBAC, and lifecycle automation processes. • Full ownership over the device lifecycle from procurement to secure deprovisioning for macOS/Windows/Linux devices using MDM solutions like CrowdStrike / SentinelOne with full disk encryption capabilities (FileVault/BitLocker). • Implement and maintain host firewall policies, USB/media controls, kernel extensions approvals, and application allow/deny lists. • Write automation scripts or use Infrastructure as Code tools like Terraform/Terragrunt with Ansible for policy codification, self-service workflow creation, CLI tooling development. • Manage cloud IAM services across AWS, GCP, Azure integrating systems and users effectively within these environments. • Administer SaaS applications such as Google Workspace (G Suite), Slack, GitHub to define groups, workflows, and guardrails for minimizing permissions sprawl. • Handle secrets management by managing KMS solutions, password vault services like 1Password or k8s secrets handling mechanisms. • Implement Zero Trust principles through identity-aware access controls, secure Wi-Fi setups, DNS/certificate security measures and network segmentation strategies to protect against unaut09: Responsibilities (bullet points): • Lead the Security and IT team at Periodic Labs. Ownership of Identity services including Okta or Entra with SAML/OIDC/SCIM protocols, robust RBAC, and lifecycle automation processes for identity management systems. • Full ownership over device procurement to secure deprovisioning process using MDM solutions like CrowdStrike / SentinelOne ensuring full disk encryption (FileVault/BitLocker) is applied where necessary on macOS/Windows/Linux devices, and manage USB/media controls along with kernel extensions approvals. • Implement host firewall policies to secure the network infrastructure of Periodic Labs while managing user access through application allow/deny lists for enhanced security posture. • Write automation scripts or use Infrastructure as Code tools like Terraform, Ansible, Python with Bash scripting language and libraries such as Boto3 (AWS), Google Cloud SDK (GCP) to codify policy settings, create self-service workflows, develop CLI tooling for efficient system management. • Manage cloud IAM services across AWS, GCP, Azure by integrating systems and users effectively