IT Systems & Network Engineer

FLAM
Bengaluru, Karnataka

Quick apply

Job details

2 days ago

Qualifications

Jira
CI/CD
SSO
Azure
Encryption
Slack
Git
Bash (Unix shell)
Firewall
AWS
Continuous integration
DNS
ISO 27002
GitHub
ISO 27001
Python
Master data management
Intune
Identity & access management
Network security
VPN

Full job description

About Flam :

Flam is an AI-native content platform building the future of interactive experiences. Our proprietary AI models power four product lines — Flam Instant App (mixed reality advertising), Flam AI Visual Agent (real-time avatar interactions), Flam Native Ads, and Flowy.ai (AI creative canvas) — serving Fortune 500 brands across the US and India. We are a 100+ person organisation running on GCP and Modal.com, actively

pursuing ISO 27001:2022 and SOC 2 Type I certification.

The Opportunity :

We are looking for a hands-on IT Admin & Security Engineer who is equally comfortable setting up a newemployee's MacBook as they are configuring GCP firewall rules. This is a dual-hat role: you will own the day-to-day IT operations for 100+ employees across two offices — device management, SaaS tool administration,onboarding and offboarding — while simultaneously implementing the technical security controls required for

our ISO 27001 and SOC 2 certification. You will work closely with the GRC Lead.

What You'll Own

Device & Endpoint Management (Primary) :

Own the full device lifecycle for all 100+ employees — procurement, configuration, deployment, andsecure disposal of MacBooks and any other endpoints
Deploy, configure, and maintain an MDM solution (Jamf, Kandji, Microsoft Intune, or equivalent) across all employee devices
Enforce security policies via MDM: full-disk encryption, screen lock, automatic OS updates, antivirus/EDR installation, and remote wipe capability
Maintain a real-time device inventory in Scrut's Asset Management module — every device tagged with owner, classification, and compliance status
Conduct and document quarterly MDM compliance audits showing 100% policy enforcement across all devices

Onboarding & Offboarding :

Own the technical onboarding checklist — new joiner gets their device configured, all SaaS accounts provisioned, and MFA enrolled before Day 1
Own offboarding — access revocation across all systems within 24 hours of departure, device retrieval,and remote wipe if required
Maintain joiners/leavers/movers log as evidence for ISO 27001 A.5.18 and SOC 2 access control criteria
Work with HR to ensure zero orphaned accounts — monthly reconciliation of IDP user list against HR active employee records

Identity & Access Management :

Administer the Identity Provider (Google Workspace, Okta, or equivalent) — user provisioning, group management, SSO configuration for all SaaS tools
Enforce MFA across all accounts — export and maintain 100% MFA enrollment report as ongoing audit evidence in Scrut
Conduct quarterly access reviews across all systems — coordinate with department heads to confirm access is still required for each user
Manage service account inventory in GCP — ensure all service accounts have named human owners and minimum necessary permissions

SaaS Tool Administration:

Administer and secure all company SaaS tools — Google Workspace, Slack, Notion, GitHub, Jira, Scrut,and others
Maintain an approved SaaS tool register — track what tools are in use, who owns them, what data they hold, and their security configuration
Enforce SSO and MFA on every SaaS tool where the platform supports it
Identify and remove shadow IT — tools being used by teams without IT awareness or approval

GCP & Cloud Security :

Work alongside DevOps to implement and maintain GCP security configurations: VPC firewall rules, IAM policies, org-level security policies, and Cloud Audit Logs
Connect GCP and Modal.com to Scrut's Cloud module and maintain automated security posture scanning — track and remediate misconfigurations
Ensure encryption at rest is enabled on all GCS buckets containing customer data and model weights
Maintain centralised logging in GCP Cloud Logging — confirm audit logs are enabled across all projects, retained for 12 months, and tamper-protected
Run regular vulnerability scans using GCP Security Command Center or equivalent — document findings and track remediation to closure

Network & Office Security :

Manage office network security at both the HSR Layout (Bengaluru) office — VLAN segmentation, guest Wi-Fi isolation, DNS filtering
Deploy and maintain VPN for remote access to internal systems and production infrastructure
Configure and maintain web filtering (Cloudflare Gateway or equivalent) covering both office and remote workers
Maintain network diagrams and data flow diagrams as required by Scrut control AST-04

Security Controls & Audit Evidence :

Own all technical controls in Scrut across the Endpoint Security, Identification & Authentication, Network Security, Cloud Security, and Asset Management domains — 60+ controls directly under your remit
Collect, upload, and maintain evidence in Scrut for every assigned control — screenshots, exports, scan reports, configuration files
Respond to evidence requests from the GRC Lead and external auditors during ISO 27001 Stage 1/Stage 2 audits and SOC 2 assessment
Implement and test the remote wipe procedure for lost or stolen devices — document test results as audit evidence

What We're Looking For :

3–4 years of experience in an IT admin, IT operations, or junior security engineer role
Hands-on experience with at least one MDM platform — Jamf, Kandji, Microsoft Intune, or equivalent
Experience administering Google Workspace or Microsoft 365 at an organisational level — user management, group policies, security settings
Familiarity with GCP or AWS — comfortable navigating IAM, VPC, storage, and audit log configurations
Experience with identity providers and SSO — Okta, Google Workspace, Azure AD
Understanding of endpoint security fundamentals — disk encryption, EDR, antivirus, patch management
Comfortable working in a fast-moving startup where you will own problems end-to-end without a large team behind you

Nice to Have :

Experience supporting a SOC 2 or ISO 27001 audit — collecting evidence, responding to auditor requests
Familiarity with a GRC platform (Scrut.io, Vanta, Drata, or equivalent)
Google Workspace Administrator certification or GCP Associate Cloud Engineer certification
Experience with CI/CD security tooling — GitHub Actions security, container image scanning, SAST integration
Knowledge of network security fundamentals — VLANs, firewall rules, DNS filtering, VPN
Scripting ability (Python or Bash) for automating IT operations tasks — account provisioning, compliance reporting
Prior experience at a startup or high-growth tech company

Quick apply

Jobseeker tools

Employer Tools

Browse

Stay Connected