[Hiring] Senior IT Security Engineer @NetBrain

Role Description

NetBrain is looking for an analytically-inclined and detail-oriented Senior IT Security Engineer to drive our ISO 27001 and SOC 2 certification efforts, ensuring IT security is fully aligned and audit-ready for our SaaS product launch. This person will collaborate cross-functionally and define, implement and enforce security requirements and standards.

• Drive ISO 27001 certification and SOC 2 Type II attestation initiatives end-to-end — from initial gap analysis and control design through evidence collection, audit coordination, and successful certification to support NetBrain’s new SaaS business.
• Build and mature NetBrain’s GRC (Governance, Risk & Compliance) program — conduct risk assessments, maintain the risk register, define control owners, and produce compliance reporting that gives leadership clear visibility into security posture.
• Translate compliance framework requirements into practical, scalable security policies, standards, and procedures and partner with cross-functional teams (engineering, product, legal, IT) to embed them into daily operations and product development workflows.
• Define and enforce IAM (Identity & Access Management) standards — including SSO, MFA, RBAC, and periodic access reviews — across both corporate IT and SaaS product environments to satisfy audit requirements and enforce least-privilege principles.
• Implement and manage SIEM platforms for centralized security monitoring, log aggregation, and alerting to meet audit evidence requirements and provide real-time threat visibility across cloud and on-premise infrastructure.
• Own the vulnerability management lifecycle — deploy and operate scanning tools, define remediation SLAs, track closure rates, and report on risk reduction metrics to demonstrate continuous improvement to auditors and stakeholders.
• Develop and maintain incident response plans, playbooks, and escalation procedures aligned with ISO 27001 and SOC 2 control requirements; lead tabletop exercises and coordinate response during security events.
• Evaluate and manage third-party vendor risk — conduct security assessments of SaaS vendors and partners, manage security questionnaires, and maintain a supplier risk register aligned with compliance framework requirements.
• Design and deliver security awareness training programs that drive adoption of security best practices across the organization and satisfy compliance training requirements for both ISO 27001 and SOC 2.
• Serve as the trusted security subject matter expert across business units — communicate risks and recommendations to both technical and non-technical stakeholders, and ensure IT security readiness directly supports the launch and growth of NetBrain’s SaaS product.

Qualifications

• 8+ years of experience in information security, cybersecurity engineering, or a GRC-focused security role.
• Hands-on experience leading or supporting ISO 27001 and/or SOC 2 audit and certification processes.
• Prior experience at a B2B SaaS company with responsibility spanning both product security and corporate IT security.
• Strong working knowledge of compliance frameworks including ISO 27001, SOC 2, and NIST CSF.
• Experience with GRC platforms and security tooling (SIEM, vulnerability scanners, IAM solutions, EDR).
• Professional certifications such as CISSP, CISM, CISA, or equivalent strongly preferred.
• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).

Requirements

• Manual Dexterity: Repetitive motion of wrists, hands and fingers for using a computer.
• Stationary Tasks: Sitting for extended periods, remaining in a stationary position.

Benefits

• Estimated base salary: $130,000 - $155,000 + Bonus.
• Comprehensive benefits package including 401k and medical/dental coverage.