Back to jobs
New

Infrastructure Security Engineer

New York, New York, United States

At Sage, our mission is to use technology to drive innovation and bring lasting impact for our customers. From day one, we’ve been on a path to build an indispensable product that our clients rely on to keep their operations running smoothly. We believe in moving fast while keeping an eye on long-term sustainability—this is a marathon, not a sprint.

We’re a small, dedicated team with big goals and a modern approach to solving problems. As our business grows, so do our security and compliance needs. That’s where you come in.

About This Role

We’re looking for an ambitious and capable security professional to take the lead in establishing and managing Sage’s security practices. This role will focus on immediate priorities such as improving access controls, tightening infrastructure security, and helping ensure compliance with frameworks like SOC2 and HIPAA. You’ll be the go-to expert for all things security, with the opportunity to define and grow our security program from the ground up.

In this role, you’ll roll up your sleeves to solve pressing challenges while laying the foundation for a secure, scalable future. As the company grows, so will the scope of your responsibilities—this position has the potential to evolve into a broader leadership role as we continue to mature our security posture.

If you’re excited by the opportunity to take ownership of security in a high-growth environment, enjoy solving complex problems, and are eager to grow with us, we’d love to hear from you.

Key Responsibilities

Immediate Priorities (First 3–6 Months):

  • Assess Current Security Posture: Conduct a full internal security audit to identify vulnerabilities and produce a prioritized list of actionable improvements.
  • Develop Incident Response Plan: Help define and implement a security incident response plan to handle breaches effectively.
  • Kickstart Compliance Efforts: Collaborate on a well-defined compliance program that meets SOC2 and HIPAA standards, ensuring it has clear ownership, actionable steps, and supporting artifacts.
  • Improve Identity and Access Management: Evaluate and enhance the current SSO implementation, with a potential migration to Okta, to streamline access controls and reduce identity-related risks.
  • Educate and Advocate: Act as a security advocate across the company, conducting training sessions and fostering a culture of security awareness to reduce risks such as phishing, social engineering, and insider threats.

Short-Term Goals (Year One):

  • Prepare for Real-World Threats: Partner with the CloudOps team to address identified vulnerabilities, harden critical infrastructure, and implement best practices ahead of a professional red-team exercise. Ensure our systems, processes, and incident response capabilities are resilient to external threats and align with industry-leading security standards.
  • Embed Security Into the Workflow: Create and implement processes, controls, and tooling to prevent risks like data exfiltration, cloud vulnerabilities, and software dependency issues.

Growth Opportunities (Beyond Year One):

  • Strategic Security Leadership: Develop and execute long-term security strategies aligned with business goals, scaling processes and tooling as the company grows.
  • Build the Security Program: Work with CloudOps to establish a security and compliance program with a track record of consistent follow-through on commitments.
  • Expand Security Team: Partner with leadership to assess and grow the security function, potentially hiring additional team members to support Sage’s expanding needs.

Minimum Requirements

  • Education: Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
  • Experience: At least 5 years of direct experience in security engineering, information security, or similar roles, with a proven track record of securing cloud-based systems.
  • Technical Expertise:
    • Solid understanding of AWS security best practices (e.g., IAM, Security Groups, VPC design).
    • Experience implementing identity and access management solutions, including single sign-on (SSO).
    • Familiarity with compliance frameworks such as SOC2 and HIPAA, with exposure to implementing controls or policies.
  • Problem-Solving & Autonomy: Comfortable owning security from the ground up, making decisions independently, and thriving amidst ambiguity in a high-growth environment.
  • Communication Skills: Strong ability to communicate technical concepts effectively to non-technical stakeholders and collaborate across teams.

Preferred Qualifications

  • Experience with:
    • SSO Implementations using providers such as Google, Okta, Azure AD, or Auth0.
    • Infrastructure as Code (IaC), container security (ECS), and securing serverless architectures (AWS Lambda).
    • Incident Response and forensics tools, plus leading investigations.
  • Prior success in obtaining or maintaining HIPAA/SOC2 compliance certifications in a cloud-centric environment.
  • Passion for building security cultures, training programs, and collaborating with engineers on best practices.

Benefits and Pay

Our headquarters are located in New York City's Union Square. We believe in cross team collaboration. We think good ideas can come from anyone, and we've designed our processes to encourage participation from all. While we take our mission seriously, we don't take ourselves too seriously. We like to host offsites, outings, and team meals where we can connect as people, not just as colleagues. We offer office lunch and a fully stocked snack bar. While we are an in office culture, we allow up to 2 remote days per week.

Our benefits package for employees includes competitive base compensation along with stock options. The expected annual salary range for this role is $160,000-$200,000 USD, depending upon the job level, which will depend on your level of expertise, your experience, and your qualifications. We also provide fully-paid health and dental insurance coverage for all of our employees, along with other health benefits including vision insurance, membership to premium primary and urgent care, and online medical health providers. We also have a take as you need time off policy, in addition to 7 paid holidays and a company wide winter break during the holidays.

EEO Statement

Sage is an equal opportunity employer committed to creating a diverse and inclusive workplace. We do not discriminate on the basis of race, color, religion, gender, sexual orientation, national origin, disability, veteran status, or any other protected characteristic. All employment decisions are based on business needs, qualifications, and merit. We welcome and encourage candidates of all backgrounds and experiences to apply.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Sage’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.