IT Security Engineer

We are seeking an experienced IT Security Engineer to keep Lazarus’s internal systems secure, reliable, and well-run. You’ll be the connective tissue across our SaaS and cloud stack—monitoring and triaging issues, administering core tools, and steadily taking ownership of our security posture. You’ll start hands-on with day-to-day operations and grow into owning infrastructure, tooling strategy, and compliance work as you build depth. It’s a high-trust role for someone who pairs sound judgment with technical drive—translating big-picture strategy into the tactical work that keeps a fast-moving, highly regulated company running safely.

• →Monitor Slack alert channels, observability tooling (such as Datadog), and security signals; triage issues, action them within scope, and escalate when needed
• →Help organize, administer, and enforce the organization’s vulnerability scanning program across SAST, DAST, and runtime tooling—managing tool configuration and coverage, tracking findings through to remediation, and helping uphold the standards and SLAs that govern how issues get resolved
• →Triage and route incoming work and helpdesk requests into Jira and Jira Service Management (JSM), resolving the tickets you own and keeping queues moving
  Administer and maintain core SaaS and infrastructure tooling—including Tailscale, Doppler, Iru (MDM), Atlassian, Slack, GitHub, and Google Workspace—managing access, ACLs, and routine configuration
• →Maintain identity and access hygiene across Okta, Google Workspace, and related systems—managing SSO, provisioning, group rules, and MFA policy, cleaning up orphaned groups, building smart and dynamic groups, and enforcing least-privilege access
• →Support Microsoft Azure administration, including budget reporting, tenant organization, and standing up straightforward infrastructure
• →Serve as a reviewer and editor on IT and security policy, helping keep policies practical, current, and enforceable
• →Grow into ownership of core systems and the company’s overall security posture—including infrastructure design, tooling strategy, and compliance initiatives

• 5+ years in IT, security, or a related technical or operational discipline (including equivalent military or government service), plus a degree in a related field or equivalent training and certifications
• Active, current security certifications such as SANS/GIAC (e.g., GSEC, GCIH, GCIA) or equivalent
• Foundational knowledge of IT administration and security operations sufficient to ramp quickly on our stack, run day-to-day operations independently, and take ownership of core systems over time
• Comfortable working in Unix/Linux command-line environments and with version control (git) for day-to-day administration and automation
• Ability to administer cloud and SaaS platforms—identity and access management (including SSO and identity providers), device management, version control, and collaboration tools—and to learn the specifics of ours quickly
• Clear written and verbal communication suited to a fully remote team, with the discipline to take ownership of work and carry it through from start to finish without close supervision
• Sound judgment and the ability to translate strategic priorities into well-prioritized tactical execution

• Active TS/SCI security clearance—a strong plus given our public-sector work, supporting cleared contracts and in-person engagements
• Hands-on experience with one or more of our core tools: Okta, Datadog, Tailscale, Doppler, Atlassian/JSM, Microsoft Azure, or Kandji/Iru
• Familiarity with security and compliance frameworks relevant to regulated industries (e.g., CMMC, SOC 2, NIST)
• Background in a technically rigorous, high-accountability environment (such as military, defense, or critical infrastructure) where judgment under pressure mattered