About Flam :
Flam is an AI-native content platform building the future of interactive experiences. Our proprietary AI models power four product lines — Flam Instant App (mixed reality advertising), Flam AI Visual Agent (real-time avatar interactions), Flam Native Ads, and Flowy.ai (AI creative canvas) — serving Fortune 500 brands across the US and India. We are a 100+ person organisation running on GCP and Modal.com, actively
pursuing ISO 27001:2022 and SOC 2 Type I certification.
The Opportunity :
We are looking for a hands-on IT Admin & Security Engineer who is equally comfortable setting up a newemployee's MacBook as they are configuring GCP firewall rules. This is a dual-hat role: you will own the day-to-day IT operations for 100+ employees across two offices — device management, SaaS tool administration,onboarding and offboarding — while simultaneously implementing the technical security controls required for
our ISO 27001 and SOC 2 certification. You will work closely with the GRC Lead.
What You'll Own
Device & Endpoint Management (Primary) :
- Own the full device lifecycle for all 100+ employees — procurement, configuration, deployment, andsecure disposal of MacBooks and any other endpoints
- Deploy, configure, and maintain an MDM solution (Jamf, Kandji, Microsoft Intune, or equivalent) across all employee devices
- Enforce security policies via MDM: full-disk encryption, screen lock, automatic OS updates, antivirus/EDR installation, and remote wipe capability
- Maintain a real-time device inventory in Scrut's Asset Management module — every device tagged with owner, classification, and compliance status
- Conduct and document quarterly MDM compliance audits showing 100% policy enforcement across all devices
Onboarding & Offboarding :
- Own the technical onboarding checklist — new joiner gets their device configured, all SaaS accounts provisioned, and MFA enrolled before Day 1
- Own offboarding — access revocation across all systems within 24 hours of departure, device retrieval,and remote wipe if required
- Maintain joiners/leavers/movers log as evidence for ISO 27001 A.5.18 and SOC 2 access control criteria
- Work with HR to ensure zero orphaned accounts — monthly reconciliation of IDP user list against HR active employee records
Identity & Access Management :
- Administer the Identity Provider (Google Workspace, Okta, or equivalent) — user provisioning, group management, SSO configuration for all SaaS tools
- Enforce MFA across all accounts — export and maintain 100% MFA enrollment report as ongoing audit evidence in Scrut
- Conduct quarterly access reviews across all systems — coordinate with department heads to confirm access is still required for each user
- Manage service account inventory in GCP — ensure all service accounts have named human owners and minimum necessary permissions
SaaS Tool Administration:
- Administer and secure all company SaaS tools — Google Workspace, Slack, Notion, GitHub, Jira, Scrut,and others
- Maintain an approved SaaS tool register — track what tools are in use, who owns them, what data they hold, and their security configuration
- Enforce SSO and MFA on every SaaS tool where the platform supports it
- Identify and remove shadow IT — tools being used by teams without IT awareness or approval
GCP & Cloud Security :
- Work alongside DevOps to implement and maintain GCP security configurations: VPC firewall rules, IAM policies, org-level security policies, and Cloud Audit Logs
- Connect GCP and Modal.com to Scrut's Cloud module and maintain automated security posture scanning — track and remediate misconfigurations
- Ensure encryption at rest is enabled on all GCS buckets containing customer data and model weights
- Maintain centralised logging in GCP Cloud Logging — confirm audit logs are enabled across all projects, retained for 12 months, and tamper-protected
- Run regular vulnerability scans using GCP Security Command Center or equivalent — document findings and track remediation to closure
Network & Office Security :
- Manage office network security at both the HSR Layout (Bengaluru) office — VLAN segmentation, guest Wi-Fi isolation, DNS filtering
- Deploy and maintain VPN for remote access to internal systems and production infrastructure
- Configure and maintain web filtering (Cloudflare Gateway or equivalent) covering both office and remote workers
- Maintain network diagrams and data flow diagrams as required by Scrut control AST-04
Security Controls & Audit Evidence :
- Own all technical controls in Scrut across the Endpoint Security, Identification & Authentication, Network Security, Cloud Security, and Asset Management domains — 60+ controls directly under your remit
- Collect, upload, and maintain evidence in Scrut for every assigned control — screenshots, exports, scan reports, configuration files
- Respond to evidence requests from the GRC Lead and external auditors during ISO 27001 Stage 1/Stage 2 audits and SOC 2 assessment
- Implement and test the remote wipe procedure for lost or stolen devices — document test results as audit evidence
What We're Looking For :
- 3–4 years of experience in an IT admin, IT operations, or junior security engineer role
- Hands-on experience with at least one MDM platform — Jamf, Kandji, Microsoft Intune, or equivalent
- Experience administering Google Workspace or Microsoft 365 at an organisational level — user management, group policies, security settings
- Familiarity with GCP or AWS — comfortable navigating IAM, VPC, storage, and audit log configurations
- Experience with identity providers and SSO — Okta, Google Workspace, Azure AD
- Understanding of endpoint security fundamentals — disk encryption, EDR, antivirus, patch management
- Comfortable working in a fast-moving startup where you will own problems end-to-end without a large team behind you
Nice to Have :
- Experience supporting a SOC 2 or ISO 27001 audit — collecting evidence, responding to auditor requests
- Familiarity with a GRC platform (Scrut.io, Vanta, Drata, or equivalent)
- Google Workspace Administrator certification or GCP Associate Cloud Engineer certification
- Experience with CI/CD security tooling — GitHub Actions security, container image scanning, SAST integration
- Knowledge of network security fundamentals — VLANs, firewall rules, DNS filtering, VPN
- Scripting ability (Python or Bash) for automating IT operations tasks — account provisioning, compliance reporting
- Prior experience at a startup or high-growth tech company