1.639 Empregos para It Security - Brasil

We are looking for a key member to join Sungrow’s Latin America team as a IT & Security Analyst - Latam, based in São Paulo, Brazil. This role will support our operations across Latin America and act as the main IT liaison with our headquarters in China.

Main Responsibilities:

• Ensure regional compliance with IT governance and cybersecurity standards across LATAM sales, product, engineering, and operations.
• Monitor current information systems, enterprise applications, and hardware infrastructure to maintain cybersecurity compliance.
• Support ERP/CRM system deployment, digital initiatives, and their ongoing development.
• Coordinate with the China HQ IT team on software and hardware projects, and assist in building local IT protocols and cybersecurity processes.
• Manage user accounts and software licenses, supporting due diligence for new software acquisitions.
• Facilitate cross-regional communication regarding IT strategy and execution.
• Manage and monitor third-party IT service providers to ensure service quality.

Required Knowledge and Experience:

• Bachelor’s degree in Information Technology or a related field.
• Experience with ERP/CRM systems, cybersecurity, and data privacy compliance.
• Ability to work effectively across multiple time zones.
• Proficiency in English and Spanish is required.

Core Competencies:

• Strong initiative and self-motivation.
• Highly organized with attention to detail.
• Service-oriented mindset with a focus on technical support.

Work Location and Status:

Compensation and Benefits:

• Competitive salary based on experience.
• Opportunities for career growth and professional development.

Application:

Please submit your CV in English.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Engineering and Quality Assurance
• Industries Renewable Energy Semiconductor Manufacturing and Oil and Gas

Referrals increase your chances of interviewing at Sungrow Power Supply Co., Ltd. by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Job Title: IT Security Engineer

Level: Junior | Mid Level

Working Hours: Full Time(40h/Week)

Contract: Contractor

Location: LATAM

Your Team

You will report to our Head of Security and join the Security team. On TheOrg you can view the complete structure of our organisation, including information about every team member, hiring managers and the size of each department.

Who We Are Looking For

The IT Security Engineer plays a key role at the intersection of cybersecurity and IT operations. This position supports day-to-day IT and security functions, contributes to compliance and governance initiatives, and assists in strengthening the organisation's security posture. The ideal candidate is a hands-on problem solver who is comfortable working across infrastructure, cloud, identity, and security domains.

Mandatory Hard Skills

• Solid understanding of Identity and Access Management (IAM) principles and practices.
• Knowledge of compliance frameworks and regulations such as ISO 27001, SOC 2, GDPR/LGPD, NIST, etc.
• Familiarity with cloud platforms (AWS, Azure, or GCP) and their associated security risks and controls.
• Exposure to endpoint management, MDM solutions, and IT support tools.
• Exposure to security operations, monitoring tools (e.g., SIEM, EDR), and incident response processes.
• Strong problem-solving skills and ability to work cross-functionally with different teams.
• Advanced English for collaborating with remote team members and customers.

Desirable Hard Skills

• IT and cybersecurity certifications are a plus, but not required.
• Scripting skills with languages such as Python, PowerShell, Go, and/or Bash.

Soft Skills

• Passion: Genuine enthusiasm for what you do and how it contributes to our company's mission;
• Dream: Proactively seek out opportunities and challenges to achieve extraordinary results. If you're someone who takes initiative and is always striving to improve, you'll fit right in;
• Own: Take ownership of your work, set high standards for yourself, and be accountable for outcomes demonstrating a strong sense of responsibility and commitment;
• Trust: Recognizing the importance of trust and support and actively working towards a collaborative and inclusive workplace;
• Share: Communicating openly and transparently, ensures clarity and honesty in interactions.

What You'll Do

• Support compliance and audit activities by collecting evidence, maintaining documentation, and ensuring security controls are in place.
• Perform regular user access reviews and enforce identity and access management (IAM) policies.
• Administer and manage Mobile Device Management (MDM) platforms, endpoint security tools, and related IT systems.
• Participate in blue team activities, including security monitoring, incident response, and threat analysis.
• Assist with cloud security reviews, configuration hardening, and monitoring.
• Provide IT support for security-related tasks, such as endpoint onboarding, secure configuration, and troubleshooting.
• Collaborate with engineering, compliance and other teams to implement security best practices and resolve technical issues.
• Contribute to the development and maintenance of security documentation, policies, and procedures.

Benefits

• Fully Remote & Flexible Working Hours
• Flexible Paid Time Off, Holidays and Vacation
• Company Laptop
• Remote Benefit
• iTalki, Courses and Books
• Stock Options
• Multicultural Environment
• Vibrant Company Culture

Check out our handbook to dive into each of our awesome benefits At Rocket.Chat, we have tailored base pay ranges according to work locations. This approach ensures that we can competitively and consistently compensate our employees across different geographic markets.

Note: While we define an initial seniority level and budget for each role, this can be adjusted during the hiring process. The selection process itself — including interviews and assessments — helps us better understand where the candidate fits within our career framework and which grade they should be positioned in.

About Rocket.Chat

Rocket.Chat is the world's largest open-source communications platform. Built for organizations needing more control over their communications, Rocket.Chat Secure CommsOS is a communication platform that unifies messaging, voice, video, AI, and mission-critical applications—ensuring uncompromising security, compliance, and operational efficiency for governments, defense, and critical infrastructure organizations operating in highly-regulated environments.

Tens of millions of users in over 150 countries and organizations such as Deutsche Bahn, the U.S. Navy and Credit Suisse trust Rocket.Chat every day to keep their communications completely private and secure. As Rocket.Chat we believe in reconnecting the world, one conversation at a time

See yourself in that? So apply nowCheck out our handbook for more information about our rocket.

Overview

You will report to our Head of Security and join the Security team. On TheOrg you can view the complete structure of our organisation, including information about every team member, hiring managers and the size of each department.

The IT Security Engineer plays a key role at the intersection of cybersecurity and IT operations. This position supports day-to-day IT and security functions, contributes to compliance and governance initiatives, and assists in strengthening the organisation’s security posture. The ideal candidate is a hands-on problem solver who is comfortable working across infrastructure, cloud, identity, and security domains.

• Support compliance and audit activities by collecting evidence, maintaining documentation, and ensuring security controls are in place.
• Perform regular user access reviews and enforce identity and access management (IAM) policies.
• Administer and manage Mobile Device Management (MDM) platforms, endpoint security tools, and related IT systems.
• Participate in blue team activities, including security monitoring, incident response, and threat analysis.
• Assist with cloud security reviews, configuration hardening, and monitoring.
• Provide IT support for security-related tasks, such as endpoint onboarding, secure configuration, and troubleshooting.
• Collaborate with engineering, compliance and other teams to implement security best practices and resolve technical issues.
• Contribute to the development and maintenance of security documentation, policies, and procedures.

• Solid understanding of Identity and Access Management (IAM) principles and practices.
• Knowledge of compliance frameworks and regulations such as ISO 27001, SOC 2, GDPR/LGPD, NIST, etc.
• Familiarity with cloud platforms (AWS, Azure, or GCP) and their associated security risks and controls.
• Exposure to endpoint management, MDM solutions, and IT support tools.
• Exposure to security operations, monitoring tools (e.g., SIEM, EDR), and incident response processes.
• Strong problem-solving skills and ability to work cross-functionally with different teams.
• Advanced English for collaborating with remote team members and customers.
• IT and cybersecurity certifications are a plus, but not required.
• Scripting skills with languages such as Python, PowerShell, Go, and/or Bash.
• Other behavioral attributes: Passion, Drive, Ownership, Trust, and Collaboration.

• Fully Remote & Flexible Working Hours
• Flexible Paid Time Off, Holidays and Vacation
• Company Laptop
• iTalki, Courses and Books
• Stock Options
• Vibrant Company Culture

Rocket.Chat is the world's largest open-source communications platform. Built for organizations needing more control over their communications, Rocket.Chat Secure CommsOS is a communication platform that unifies messaging, voice, video, AI, and mission-critical applications—ensuring uncompromising security, compliance, and operational efficiency for governments, defense, and critical infrastructure organizations operating in highly-regulated environments.

Tens of millions of users in over 150 countries and organizations such as Deutsche Bahn, the U.S. Navy and Credit Suisse trust Rocket.Chat every day to keep their communications completely private and secure. As Rocket.Chat we believe in reconnecting the world, one conversation at a time!

See yourself in that? So apply now! Check out our handbook for more information about our rocket.

• Seniority level: Entry level
• Employment type: Full-time
• Job function: Information Technology
• Industries: Software Development

Overview

The Company
Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit

We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• English level - C1 or C2
• 5+ years managing macOS and Windows in an enterprise environment.
• Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji.
• Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
• Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
• Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
• Exchange Online security/compliance settings.
• Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
• Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
• Comfortable with CLI tooling and automation for policy deployment and monitoring.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.

• Microsoft Intune / Endpoint Manager
• Kandji
• Microsoft Defender for Endpoint / Microsoft 365 Defender
• PowerShell, Bash (Python optional)
• Azure AD / Entra ID
• Security endpoint tools (firewall/proxy)
• Exchange Online & M365 Security & Compliance Center

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer.

Overview

The Company
Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit

We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• English level - C1 or C2
• 5+ years managing macOS and Windows in an enterprise environment.
• Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji.
• Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
• Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
• Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
• Exchange Online security/compliance settings.
• Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
• Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
• Comfortable with CLI tooling and automation for policy deployment and monitoring.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.

• Microsoft Intune / Endpoint Manager
• Kandji
• Microsoft Defender for Endpoint / Microsoft 365 Defender
• PowerShell, Bash (Python optional)
• Azure AD / Entra ID
• Security endpoint tools (firewall/proxy)
• Exchange Online & M365 Security & Compliance Center

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer.

Overview

The Company
Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit

We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• English level - C1 or C2
• 5+ years managing macOS and Windows in an enterprise environment.
• Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji.
• Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
• Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
• Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
• Exchange Online security/compliance settings.
• Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
• Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
• Comfortable with CLI tooling and automation for policy deployment and monitoring.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.

• Microsoft Intune / Endpoint Manager
• Kandji
• Microsoft Defender for Endpoint / Microsoft 365 Defender
• PowerShell, Bash (Python optional)
• Azure AD / Entra ID
• Security endpoint tools (firewall/proxy)
• Exchange Online & M365 Security & Compliance Center

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer.

Overview

The Company
Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit

We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• English level - C1 or C2
• 5+ years managing macOS and Windows in an enterprise environment.
• Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji.
• Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
• Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
• Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
• Exchange Online security/compliance settings.
• Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
• Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
• Comfortable with CLI tooling and automation for policy deployment and monitoring.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.

• Microsoft Intune / Endpoint Manager
• Kandji
• Microsoft Defender for Endpoint / Microsoft 365 Defender
• PowerShell, Bash (Python optional)
• Azure AD / Entra ID
• Security endpoint tools (firewall/proxy)
• Exchange Online & M365 Security & Compliance Center

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer.

Overview

The Company
Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit

We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• English level - C1 or C2
• 5+ years managing macOS and Windows in an enterprise environment.
• Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji.
• Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
• Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
• Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
• Exchange Online security/compliance settings.
• Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
• Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
• Comfortable with CLI tooling and automation for policy deployment and monitoring.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.

• Microsoft Intune / Endpoint Manager
• Kandji
• Microsoft Defender for Endpoint / Microsoft 365 Defender
• PowerShell, Bash (Python optional)
• Azure AD / Entra ID
• Security endpoint tools (firewall/proxy)
• Exchange Online & M365 Security & Compliance Center

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer.

Overview

The Company
Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit

We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• English level - C1 or C2
• 5+ years managing macOS and Windows in an enterprise environment.
• Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji.
• Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
• Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
• Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
• Exchange Online security/compliance settings.
• Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
• Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
• Comfortable with CLI tooling and automation for policy deployment and monitoring.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.

• Microsoft Intune / Endpoint Manager
• Kandji
• Microsoft Defender for Endpoint / Microsoft 365 Defender
• PowerShell, Bash (Python optional)
• Azure AD / Entra ID
• Security endpoint tools (firewall/proxy)
• Exchange Online & M365 Security & Compliance Center

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer.