IT & Security Engineer

For more than seventeen years, Smule is on a mission to bring the world together through music. Music is much more than listening, it’s about creating, sharing, discovering, and connecting with people. With dozens of millions of monthly active users creating over 20 million songs every day, Smule is spreading the joy of creative expression

Main Responsibilities:

Infrastructure & endpoints - Manage the full lifecycle of IT hardware and software across Linux, Windows, and macOS. Own VPNs, backups, disaster recovery, MDM, and endpoint security. Be the escalation point for complex issues across global teams.

Security operations - Drive Smule's security posture aligned with ISO 27001 and NIST CSF 2.0. Own vulnerability management, the HackerOne VDP, and security incident response. Administer Wazuh HIDS/SIEM, HashiCorp Vault (secrets + PKI), and run phishing simulations and awareness training.

Cloud & network security -  Own GCP IAM and Security Command Center. Manage Cloudflare Access (Zero Trust), WAF rules, and Kubernetes security — including RBAC, pod security standards, and workload reviews.

Identity & compliance - Administer Okta for SSO, MFA, and provisioning. Enforce least privilege across all systems and support ISO 27001 / NIST CSF 2.0 audit activities.

Platforms & vendors - Own SaaS procurement, licence audits, and renewals. Administer Google Workspace, Atlassian, and other core tools — ensuring configurations meet security standards. Projects & support Run IT and security projects from scoping to delivery. Resolve issues via ticketing and in-person support, maintain SLAs, and keep documentation and runbooks current.

Requirements:

• 5+ years in IT system administration and/or security engineering across Windows, Linux, and macOS
• Working knowledge of ISO 27001 and NIST CSF 2.0 frameworks and their practical application
• Hands-on experience with Okta, Google Workspace, and Jira/Atlassian
• Hands-on GCP experience - IAM, Security Command Center, org-level security policies, and audit logging
• Experience with Cloudflare - WAF/security rules, Access (Zero Trust), DNS, and API protection
• Experience managing a VDP or bug bounty programme (HackerOne or equivalent)
• Hands-on experience with Wazuh Security Platform or a comparable HIDS/security monitoring platform
• Experience with HashiCorp Vault for secrets management and PKI/certificate authority operations
• Experience operating a SIEM (Splunk or equivalent) — rule authoring, alert triage, and incident reporting
• Familiarity with Kubernetes security - RBAC, pod security, and workload hardening
• Vulnerability management experience - scanning, triage, and remediation tracking
• MDM platform experience - Jamf or equivalent
• Demonstrable commitment to least privilege access and access lifecycle management
• Proven ability to deliver IT and security projects independently
• Excellent written and verbal English; comfortable across global, cross-functional teams
  
  

Nice to have:

• Security certification - CISSP, CompTIA Security+, Google Professional Cloud Security Engineer, or equivalent
• ISO 27001 Lead Implementer or Auditor certification
• Experience designing or implementing a full Zero Trust network architecture
• Scripting ability in Python or Bash for security automation and tooling
• Experience with asset management tools - SnipeIT or equivalent
• Familiarity with container security tooling - Trivy, Falco, or equivalent
• Prior experience in a high-growth tech or scale-up environment
  
  

We offer:

♫ Additional Health and Dental Insurance

♫ 22 Vacation Days, increasing to 28 for all loyal employees

♫ Food vouchers and Multisport card fully covered 

♫ Growth and Learning Opportunities

♫ Attractive „Refer a talent“ program with bonuses

♫ Stock Options Plan♫ Discount Program

♫ Recreation Area (you can play music) and Relax Zone