IT Security Engineer
The Company
Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit www.cmgx.io.The Role
We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.Responsibilities
- Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
- Serve as an escalation for endpoint issues impacting security, patching, and configuration.
- Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
- Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
- Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
- Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
- Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
- Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
- Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
- Document policies, scripts, runbooks, and patch procedures; keep them current.
What We're Looking For
- 5+ years managing macOS and Windows in an enterprise environment.
- Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji. Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
- Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
- Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
- Exchange Online security/compliance settings.
- Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
- Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
- Comfortable with CLI tooling and automation for policy deployment and monitoring.
Nice to Have
- Experience with compliance automation (CIS Benchmarks, custom compliance policies).
- Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
- Familiarity with EDR platforms (e.g., Defender).
- Experience supporting a globally distributed user/device base.
- Python for light tooling; Git-based workflows for scripts/profiles.
Our Tech Stack
- Microsoft Intune / Endpoint Manager
- Kandji
- Microsoft Defender for Endpoint / Microsoft 365 Defender
- PowerShell, Bash (Python optional)
- Azure AD / Entra ID
- Security endpoint tools (firewall/proxy)
- Exchange Online & M365 Security & Compliance Center
Our Values
- We innovate with purpose
- We focus on outcomes vs. output
- We believe diverse and inclusive teams fuel innovation
- We are humble yet candid
- We do right by the customer
What We Offer
- 2 year+ contract
- 15 business days of vacation
- Tech courses and conferences
- Top-of-the-line MacBook
- Fully remote working environment
- Flexible working hours
Originally posted on Himalayas
Apply To this Job