Infrastructure Security Engineer

At Sage, our mission is to use technology to drive innovation and bring lasting impact for our customers. From day one, we’ve been on a path to build an indispensable product that our clients rely on to keep their operations running smoothly. We believe in moving fast while keeping an eye on long-term sustainability—this is a marathon, not a sprint.

We’re a small, dedicated team with big goals and a modern approach to solving problems. As our business grows, so do our security and compliance needs. That’s where you come in.

About This Role

We’re looking for an ambitious and capable security professional to take the lead in establishing and managing Sage’s security practices. This role will focus on immediate priorities such as improving access controls, tightening infrastructure security, and helping ensure compliance with frameworks like SOC2 and HIPAA. You’ll be the go-to expert for all things security, with the opportunity to define and grow our security program from the ground up.

In this role, you’ll roll up your sleeves to solve pressing challenges while laying the foundation for a secure, scalable future. As the company grows, so will the scope of your responsibilities—this position has the potential to evolve into a broader leadership role as we continue to mature our security posture.

If you’re excited by the opportunity to take ownership of security in a high-growth environment, enjoy solving complex problems, and are eager to grow with us, we’d love to hear from you.

Key Responsibilities

Immediate Priorities (First 3–6 Months):

• Assess Current Security Posture: Conduct a full internal security audit to identify vulnerabilities and produce a prioritized list of actionable improvements.
• Develop Incident Response Plan: Help define and implement a security incident response plan to handle breaches effectively.
• Kickstart Compliance Efforts: Collaborate on a well-defined compliance program that meets SOC2 and HIPAA standards, ensuring it has clear ownership, actionable steps, and supporting artifacts.
• Improve Identity and Access Management: Evaluate and enhance the current SSO implementation, with a potential migration to Okta, to streamline access controls and reduce identity-related risks.
• Educate and Advocate: Act as a security advocate across the company, conducting training sessions and fostering a culture of security awareness to reduce risks such as phishing, social engineering, and insider threats.

Short-Term Goals (Year One):

• Prepare for Real-World Threats: Partner with the CloudOps team to address identified vulnerabilities, harden critical infrastructure, and implement best practices ahead of a professional red-team exercise. Ensure our systems, processes, and incident response capabilities are resilient to external threats and align with industry-leading security standards.
• Embed Security Into the Workflow: Create and implement processes, controls, and tooling to prevent risks like data exfiltration, cloud vulnerabilities, and software dependency issues.

Growth Opportunities (Beyond Year One):

• Strategic Security Leadership: Develop and execute long-term security strategies aligned with business goals, scaling processes and tooling as the company grows.
• Build the Security Program: Work with CloudOps to establish a security and compliance program with a track record of consistent follow-through on commitments.
• Expand Security Team: Partner with leadership to assess and grow the security function, potentially hiring additional team members to support Sage’s expanding needs.

Minimum Requirements

• Education: Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Experience: At least 5 years of direct experience in security engineering, information security, or similar roles, with a proven track record of securing cloud-based systems.
• Technical Expertise:
• Solid understanding of AWS security best practices (e.g., IAM, Security Groups, VPC design).
• Experience implementing identity and access management solutions, including single sign-on (SSO).
• Familiarity with compliance frameworks such as SOC2 and HIPAA, with exposure to implementing controls or policies.
• Problem-Solving & Autonomy: Comfortable owning security from the ground up, making decisions independently, and thriving amidst ambiguity in a high-growth environment.
• Communication Skills: Strong ability to communicate technical concepts effectively to non-technical stakeholders and collaborate across teams.

Preferred Qualifications

• Experience with:
• SSO Implementations using providers such as Google, Okta, Azure AD, or Auth0.
• Infrastructure as Code (IaC), container security (ECS), and securing serverless architectures (AWS Lambda).
• Incident Response and forensics tools, plus leading investigations.
• Prior success in obtaining or maintaining HIPAA/SOC2 compliance certifications in a cloud-centric environment.
• Passion for building security cultures, training programs, and collaborating with engineers on best practices.

Benefits and Pay

Our headquarters are located in New York City's Union Square. We believe in cross team collaboration. We think good ideas can come from anyone, and we've designed our processes to encourage participation from all. While we take our mission seriously, we don't take ourselves too seriously. We like to host offsites, outings, and team meals where we can connect as people, not just as colleagues. We offer office lunch and a fully stocked snack bar. While we are an in office culture, we allow up to 2 remote days per week.

Our benefits package for employees includes competitive base compensation along with stock options. The expected annual salary range for this role is $160,000-$200,000 USD, depending upon the job level, which will depend on your level of expertise, your experience, and your qualifications. We also provide fully-paid health and dental insurance coverage for all of our employees, along with other health benefits including vision insurance, membership to premium primary and urgent care, and online medical health providers. We also have a take as you need time off policy, in addition to 7 paid holidays and a company wide winter break during the holidays.

EEO Statement

Sage is an equal opportunity employer committed to creating a diverse and inclusive workplace. We do not discriminate on the basis of race, color, religion, gender, sexual orientation, national origin, disability, veteran status, or any other protected characteristic. All employment decisions are based on business needs, qualifications, and merit. We welcome and encourage candidates of all backgrounds and experiences to apply.