Information Security Engineer
Stateaffairs · Washington, DC · Posted Jul 1, 2026
Apply on company site Track it in JobSkout
State Affairs is the nation’s leading news and policy intelligence platform focused on state governments. We combine nonpartisan coverage of Statehouses across the country alongside state government data and AI-native tools into a singular platform.
We inform and empower decision makers, policy professionals and citizens through our award-winning journalism and data – delivering profound insights to help our customers decode and act on state politics and policy. We’re building a category-defining business that will reshape America as we strengthen visibility into what’s happening and why at the state level.
We are hiring a Information Security Engineer to own and improve the security systems that protect State Affairs’ employees, devices, SaaS applications, corporate network, and internal data. This role will be responsible for identity and access management, endpoint security, security alert triage, device compliance, security automation, and corporate IT security operations.
This is a role for someone who is comfortable operating across security engineering, IT operations, automation, and employee support. You will manage the systems that enable secure onboarding, offboarding, device management, access control, monitoring, and audit readiness across a fast-growing organization.
As the Information Security Engineer you will:
Own identity and access management across SSO, directory systems, MFA, SCIM provisioning, and corporate SaaS applications.
Manage secure onboarding, offboarding, access changes, and recurring access reviews across employee systems.
Administer and improve endpoint security controls across macOS and Windows devices, including MDM, disk encryption, patch compliance, EDR coverage, and device posture reporting.
Provision, manage, and de-provision laptops and employee devices using automated MDM tools.
Triage and investigate security alerts from identity providers, endpoint security tools, firewalls, VPN/Zero Trust systems, SIEM/logging platforms, and SaaS applications.
Support phishing response, suspicious login investigations, endpoint security events, and other corporate security incidents.
Maintain and improve corporate network security, including secure Wi-Fi, VLAN basics, VPN/Zero Trust access, firewall hygiene, and office network troubleshooting.
Diagnose and resolve multi-platform hardware, software, access, and local network issues for onsite, hybrid, and distributed teams.
Build scripts and automations using Python, Bash, PowerShell, or REST APIs to reduce manual work across onboarding, offboarding, access reviews, device compliance, system telemetry collection, and audit evidence collection.
Use REST APIs to pull metrics, reconcile access, integrate administrative systems, and automate security operations workflows.
Support routine security patch management, vulnerability remediation tracking, and corporate compliance validation.
Support SOC 2 and other compliance efforts by producing evidence for access controls, device management, security monitoring, patching, and user lifecycle management.
Maintain security runbooks, IT/security documentation, administrative scripts, and Git-backed operational procedures.
Utilize Git for documentation, change tracking, and sharing administrative source code.
Partner with engineering and operations teams on secure access to internal systems, VPN/private network access, least-privilege permissions, and security process improvements.
Provide escalation-level IT support for employee devices, account access, local network issues, and corporate systems.
Essential Qualifications for this position include:
Bachelor’s degree in computer science, engineering, or related field
Prior professional experience in corporate security, IT security operations, security operations, endpoint security, identity administration, or a security-focused IT engineering role.
Experience administering identity providers, SSO, MFA, directory systems, and SaaS access controls.
Experience managing endpoint security controls across macOS and/or Windows devices using MDM, EDR, disk encryption, and patch management tools.
Knowledge common corporate security workflows, including onboarding/offboarding, access reviews, phishing response, suspicious login investigation, and endpoint alert triage.
Knowledge of networking fundamentals, including TCP/IP, DNS, DHCP, routing, VPNs, firewall rules, and secure Wi-Fi.
Ability to write, modify, and run scripts in Python, Bash, PowerShell, or a comparable language to automate workflows.
Ability to use REST APIs to integrate administrative systems, export security data, pull metrics, or automate operational workflows.
Ability to use Git for documentation, scripts, configuration tracking, or operational change management.
Communication skills and the ability to document repeatable security and IT procedures.
Preferred Qualifications for this position include:
Prior startup experience in a security, IT, infrast…