Senior IT Support Engineer

About EarnIn

As one of the first pioneers of earned wage access, our passion at EarnIn is building products that deliver real-time financial flexibility for those with the unique needs of living paycheck to paycheck. Our community members access their earnings as they earn them, with options to spend, save, and grow their money without mandatory fees, interest rates, or credit checks.

We’re fortunate to have an incredibly experienced leadership team, combined with world-class funding partners like A16Z, Matrix Partners, DST, Ribbit Capital, and a very healthy core business with a tremendous runway. We’re growing fast and are excited to continue bringing world-class talent onboard to help shape the next chapter of our growth journey.

POSITION SUMMARY
EarnIn is scaling the systems and automations that power our people and protect our data. As a Senior IT Engineer (IC4), you’ll be a hands-on technical lead across identity and access, endpoint engineering, and SaaS/platform integrations. You’ll own high‑impact projects end‑to‑end, mentor teammates, and raise the bar on reliability, security, and employee experience. This role is designed for a seasoned IT professional who operates independently, drives complex initiatives to completion, and models our values in cross‑functional collaboration and customer-centricity.
This role is designed for a seasoned IT professional who operates independently, drives complex initiatives to completion, and models our values in cross‑functional collaboration and customer-centricity. This position will be hybrid from our Mexico City office and requires at least two days a week in the office. EarnIn offers excellent employee benefits, including healthcare, internet and cell phone reimbursement, a learning and development stipend, and potential opportunities to travel to our headquarters in Mountain View. Our salary ranges are determined by role, level, and location.

WHAT YOU'LL DO

Identity and access (Okta/Entra)

• Design and operate secure, scalable identity architecture (SSO/MFA, RBAC, SCIM, lifecycle automation, role/group modeling).
• Implement device trust (certificate-based authentication, posture checks) and context-aware access for web/SaaS applications.
• Enforce least‑privilege access and lead periodic access reviews aligned to audit requirements. 

 Endpoint engineering (macOS and Windows)

• Own MDM platforms—Jamf Pro (macOS) and Intune (Windows)—including zero‑touch provisioning (ABM/Autopilot), baselines, CIS-aligned configuration, patching, and self‑service.
• Deploy and maintain Jamf Connect, kernel/system extensions, FileVault/BitLocker escrow, and secure Wi‑Fi/VPN profiles.
• Drive EDR/DLP coverage, policy-as-code, and timely compliance reporting. \

 Automation and platform integrations

• Automate joiner–mover–leaver, SaaS provisioning, software deployment, and remediation (Python/PowerShell/Bash, Okta Workflows, Tonkean).
• Deliver Infrastructure as Code for internal IT (Terraform) and manage changes via Git.
• Build resilient integrations between financial systems (e.g., NetSuite, Carta, expensify) and data platforms (e.g., Tableau/Power BI) to enable business intelligence and comprehensive financial reporting with data quality, lineage, and reconciliation controls

Reliability, security, and compliance

• Implement and sustain controls mapped to SOC 2 and PCI (as applicable) with repeatable evidence collection.
• Define SLIs/SLOs for core IT services; add monitoring/alerting, configuration drift detection, and incident runbooks.
• Serve as Tier 2/3 escalation for identity/endpoint/integration issues and lead incident reviews to drive corrective actions. 

Collaboration and leadership

• Lead cross‑functional projects with IT, Security, People Ops, Finance, and Engineering from design through steady state.
• Mentor junior engineers through design reviews, code reviews, and operational best practices.
• Produce clear documentation and internal guides that support reliable operations. 

AI enablement

• Evaluate and deploy AI tools for IT/productivity (ChatGPT, Glean, Gemini, Cursor) with guardrails and measurable outcomes.
• Automate helpdesk workflows (triage, summarization, routing, knowledge search) with an access-controlled knowledge base.
• Define and track AI value metrics (adoption, deflection rate, CSAT, MTTR improvement, time saved), and lead continuous improvement based on experiments and user feedback. 

WHAT WE'RE LOOKING FOR 

• 4+ years in IT systems/infrastructure engineering with a record of independently delivering large, complex projects.
• Hands‑on expertise with: ○ Identity: Okta and/or Microsoft Entra ID (SSO/MFA, RBAC, SCIM, app integrations, policies, device trust)
• Endpoints: Jamf Pro (macOS) and Intune (Windows), zero‑touch provisioning, modern management, patching at scale
• Collaboration: Google Workspace, Slack, and Zoom administration
• Strong automation skills (Python and/or PowerShell), API/OpenAPI proficiency, and event‑driven workflows (e.g., Okta Workflows).
• Experience with AI Toolings and implementation (e.g., ChatGPT, Glean, Cursor)
• Infrastructure as Code experience (Terraform) and Git‑based change management. 
• Security mindset: DLP/EDR fundamentals, hardening baselines, audit readiness (SOC 2, PCI), and incident response.
• Excellent written and verbal communication, and the ability to influence decisions across functions
  
  

At EarnIn, we believe that the best way to build a financial system that works for everyday people is by hiring a team that represents our diverse community. Our team is diverse not only in background and experience but also in perspective. We celebrate our diversity and strive to create a culture of belonging. EarnIn does not unlawfully discriminate based on race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity, gender expression, national origin, ancestry, citizenship, age, physical or mental disability, legally protected medical condition, family care status, military or veteran status, marital status, registered domestic partner status, sexual orientation, genetic information, or any other basis protected by local, state, or federal laws. EarnIn is an E-Verify participant. 

EarnIn does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or HR team.