IT Security Engineer

Capital Markets Gateway LLC (CMG) is a capital markets-focused fintech transforming global equity capital markets (ECM) through data, technology, and connectivity. As the preferred source for ECM analytics and the first network connecting the buy-side and sell-side for ECM workflows, we are committed to reshaping how capital markets operate. Founded in 2017 by a team of ECM practitioners, CMG has completed three successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 22 global investment banks. For more information, please visit www.cmgx.io.

We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• English level - C1 or C2
• 5+ years managing macOS and Windows in an enterprise environment.
• Deep, hands-on experience with at least one MDM: Intune, Jamf, Kandji.
• Strong scripting: PowerShell (Windows) and Bash/Zsh (macOS).
• Expert in patch management (OS + third-party), deployment rings, and compliance reporting.
• Working knowledge of Microsoft 365 security: Defender for Endpoint, Microsoft 365 Defender, O365 threat policies (Anti-phish, Anti-spam, Safe Links, Safe Attachments)
• Exchange Online security/compliance settings.
• Familiar with Conditional Access, device compliance, and certificate/secure storage (BitLocker/FileVault).
• Excellent cross-functional collaboration and written/verbal communication; ability to simplify complex problems.
• Comfortable with CLI tooling and automation for policy deployment and monitoring.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.

• Microsoft Intune / Endpoint Manager
• Kandji
• Microsoft Defender for Endpoint / Microsoft 365 Defender
• PowerShell, Bash (Python optional)
• Azure AD / Entra ID
• Security endpoint tools (firewall/proxy)
• Exchange Online & M365 Security & Compliance Center

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents. We will accept nothing less than equity, inclusion, and belonging for all. With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities. CMG is proud to be an Equal Opportunity Employer.