Sr. Security Engineer, Corporate Information Security

About the role

Betterment is hiring a Sr. Security Engineer, Corporate Information Security to be a principal member of the Workforce Security team. We're responsible for managing identity and logical access across the company, owning change management for the systems employees and contractors rely on every day, and operating the technologies that secure them: Okta, Google Workspace, Slack, Atlassian, Glean, Jamf, and the SaaS portfolio that surrounds them. As we extend centralized management to a small Windows and Linux footprint, you'll help shape how we do that securely from day one. This is a hands-on senior IC role focused on designing, implementing, and continuously improving identity architecture, privileged access controls, endpoint hardening standards, and our overall workforce security posture. You'll embed secure access patterns across SaaS, managed browser, mobile, and workstation environments partnering closely with other Security teams, IT, Legal, Compliance, and the business units we serve. In parallel, you'll partner with our AI Governance & enablement team to evaluate, enable, and secure the use of AI tools (ChatGPT, Claude, Glean Assistant, and the agentic tooling that's coming next) establishing practical guardrails that let employees move quickly without compromising data or systems. This role is based out of our NYC office. Below we've reflected the base salary range for this position. Actual salaries may vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Betterment's total compensation package for employees. New York City: $165,000-185,000 This job may also be eligible for variable compensation in the form of a company incentive bonus. A Day in the Life Your weeks blend strategic architecture, hands-on implementation, and operational support: Identity & Access Architecture: Define and evolve the workforce IAM roadmap. Architect identity patterns across Okta and our SaaS estate SSO at scale, RBAC that holds up under growth, and lifecycle automation that reaches every downstream system from HRIS through joiner/mover/leaver. Build a sustainable Identity Governance & Administration (IGA) practice, including User Access Review campaigns that produce real evidence rather than rubber stamps. Security Design: Lead initiatives across authentication, authorization, federation, and privileged access. Design time-bound, just-in-time, and break-glass patterns (PIM-equivalent) for high-risk roles so standing privilege trends toward zero. Govern non-human identities, service accounts, API tokens, OAuth integrations, and the AI agents that increasingly act on users' behalf. Embed Zero Trust and least-privilege principles into every workforce system you touch. Securing & Monitoring Corporate Communications: Manage the security of corporate communication platforms, including email and Slack, through tools such as Abnormal Security and Proofpoint. Responsibilities include DLP enforcement to protect PII and conducting email investigations for spam, phishing and other threats. Endpoint, Mobile & Browser Security: Define and enforce hardening standards aligned with CIS benchmarks. Own configuration baselines for macOS, Windows, and Linux Desktops, with mobile and managed browser controls layered on top. Architect enterprise browser security, extension governance, session protection, and DLP at the browser layer. Vulnerability & Posture Management: Lead the workforce vulnerability management program for endpoints and corporate SaaS. Design remediation SLAs by severity and asset class, run remediation campaigns that actually close findings, and partner with IT Systems to surface and fix identity and configuration misconfigurations. Operate SaaS posture tooling (e.g., Wiz, Vanta, Drata, or peers) as the connective tissue across our SaaS estate. AI Tool Security: Establish and enforce a secure architecture for AI tool usage, data handling boundaries, connector security, identity-aware access controls, and detection for misuse with a bias toward enabling the business safely rather than gating it. Governance & Operations: Run UAR campaigns end-to-end, drive remediation of audit findings (SOC 2, ISO 27001), and partner with our MDR MSP and internal teams to mature identity-related detection and incident response. Augment and assist with cross-functional GRC capabilities What

Benefits

Additional Information

About Betterment Betterment is a leading, technology-driven financial services company that offers investing, savings and retirement solutions for retail investors and investment advisors as well as financial wellness solutions, including a 401(k) for small and medium-sized businesses. Our team is passionate about our mission, to empower people to build wealth with confidence and ease. We're headquartered in NYC and offer hybrid NY-based positions (four days/week in-office, with no required office days during the summer and winter holidays).

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Betterment? Share your experience