IT Security & Infrastructure Engineer

What You'll Do:

• Security Architecture & Network Defense:
• Design and enforce perimeter defense using Palo Alto NGFWs, NAT rules, VPN tunnels, and threat profiles
• Segment and secure internal networks using Meraki switches, VLANs, and SSID policy controls
• Harden AWS environments (VPC, IAM roles, GuardDuty, SCP, S3 controls) and implement secure connectivity


• Endpoint Security & MDM:
• Lead the deployment and policy management of Workspace ONE MDM across laptops and mobile devices (+++)
• Manage and support endpoint protection tools including CrowdStrike, DLP configurations, and USB controls
• Enforce patching across devices with tools like Automox, and manage full asset lifecycle


• Identity & Access Management:
• Administer and optimize Okta for SSO, MFA, group-based access, and SCIM provisioning
• Define and maintain least privilege access policies across apps, cloud services, and infrastructure


• Threat & Vulnerability Management:
• Own TVM tooling (e.g., Rapid7 InsightVM) and drive risk-based remediation workflows
• Collaborate with IT, DevOps, and Engineering to track remediation SLAs and patch compliance


• IT Support & Help Desk Escalation:
• Provide onsite support for senior management and teams across hardware, software, and connectivity issues
• Perform basic diagnosis and resolution for Windows, Linux, and macOS systems
• Coordinate with outsourced help desk services and act as Tier 2/3 escalation for time-sensitive issues
• Maintain working knowledge of AV systems used for conferencing, board meetings, and team collaboration


• Enablement & Collaboration:
• Deliver periodic security and onboarding training for users in partnership with the IT and People teams
• Contribute to SOPs, runbooks, and IT-security integration plans for new labs, offices, and infrastructure
• Partner with Facilities and Operations for secure device provisioning, inventory, and access enforcement

What you'll Need:

• A first-principles mindset — you question assumptions, reframe problems from the ground up, and approach challenges with a foundational understanding rather than relying solely on precedent.
• 6-10 years of experience in infrastructure or IT security roles
• Deep experience in perimeter and endpoint security (Palo Alto, CrowdStrike, Meraki, etc.)
• Proven deployment and management experience with Workspace ONE or equivalent MDM (+++)
• Proficiency with Okta, AWS IAM policies, and secure network segmentation
• Experience with vulnerability scanners and patching tools (e.g., Rapid7, Automox)
• Comfortable supporting Mac, Linux, and Windows in an IT-secured environment
• Hands-on with hardware/software troubleshooting, especially for senior staff and R&D users
• Willingness to be onsite full time in Santa Clara with travel to Berkeley as needed

Bonus Points For:

• Certifications: PCNSA, AWS Security Specialty, Okta Certified Admin, CISSP, etc.
• Familiarity with SOC 2, ISO 27001, or NIST 800-53 controls
• Experience supporting OT or R&D environments, including AV and lab equipment
• Scripting or automation knowledge (e.g., Bash, Python, Ansible, Terraform)
• Strong documentation skills using Jira, Confluence, or similar tools