Medellin, Colombia On-site Full-time

Kaseya is hiring a Sr. IT Security Engineer

Responsibilities

  • Evaluate the overall security health of identity, network, cloud, and endpoint systems and report findings.
  • Create and review security architectures using zero trust, least privilege, and layered defense principles.
  • Assess the strength and compliance of access controls, authentication methods, and authorization frameworks.
  • Examine change, configuration, and release management procedures to maintain secure system baselines.
  • Help shape and execute IT security strategies that support business and technology goals.
  • Deploy and verify technical controls that protect data confidentiality, integrity, availability, authentication, and accountability.
  • Collaborate with identity specialists to build and enhance identity and privileged access management solutions.
  • Establish role-based access, conditional access rules, and least privilege models across enterprise platforms.
  • Support identity lifecycle processes such as onboarding, role changes, offboarding, and automated access provisioning.
  • Deploy and test multi-factor authentication, passwordless login methods, and privileged session workflows.
  • Carry out regular access reviews, entitlement validations, and audits of privileged accounts.
  • Detect and correct identity risks including overprivileged accounts, inactive users, and flawed access policies.
  • Conduct vulnerability scans and security evaluations in coordination with security operations teams.
  • Manage vulnerability remediation through patches, configuration updates, or alternative controls.
  • Address or formally document accepted risks from security assessments and audits.
  • Verify that applications, infrastructure, and cloud services meet minimum security standards.
  • Monitor evolving threats, identity-based attack techniques, and advancements in security technologies.
  • Assess and suggest tools that enhance security monitoring and control performance.
  • Keep current and accurate records of security designs, system diagrams, and operational runbooks.
  • Deliver clear, practical security advice and risk intelligence to management.
  • Assist in creating and enforcing security policies, standards, and procedures with governance and security teams.
  • Ensure security practices comply with legal regulations and industry benchmarks.

Responsibilities

  • Analyze and report on organizational security posture, including identity, endpoint, network, and cloud environments.
  • Design and assess security architectures and control frameworks aligned to least privilege, zero trust, and defense‑in‑depth principles.
  • Evaluate access controls, authentication mechanisms, and authorization models for effectiveness and compliance.
  • Review configuration, change, and release management processes to ensure secure system configurations.
  • Contribute to the development and execution of IT security strategies aligned with business and technology objectives.
  • Implement and validate security controls to ensure confidentiality, integrity, availability, authentication, and non‑repudiation.
  • Partner with Identity Engineers to implement, operate, and mature IAM and Privileged Access Management (PAM) platforms.
  • Design and enforce role‑based access control (RBAC), conditional access, and least‑privilege models across enterprise systems.
  • Support lifecycle identity management including joiner/mover/leaver processes and access provisioning automation.
  • Implement and validate MFA, passwordless authentication, and privileged elevation workflows.
  • Conduct periodic access reviews, entitlement certifications, and privileged account audits.
  • Identify and remediate identity‑related risks such as excessive privileges, stale accounts, and misconfigured access policies.
  • Perform vulnerability assessments and security reviews in partnership with SecOps.
  • Coordinate remediation of vulnerabilities through patching, configuration changes, or compensating controls.
  • Mitigate or document risk acceptance for security deficiencies identified during assessments or audits.
  • Validate minimum security requirements for applications, infrastructure, and cloud services.
  • Stay current on emerging threats, identity attack vectors, and security technologies.
  • Evaluate and recommend tools to improve security visibility and control effectiveness.
  • Maintain accurate security documentation, architecture diagrams, and operational procedures.
  • Provide actionable security recommendations and risk insights to leadership.
  • Support the development and enforcement of security policies, standards, and procedures in collaboration with GRC and Security teams.
  • Ensure alignment with regulatory requirements and industry best practices.
About company
Kaseya
Kaseya is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide.
All jobs at Kaseya Visit website
Job Details
Category security
Posted 2 hours ago