openashbyhqparadigmxyz
IT Systems Engineer
Tempo
LocationNYC Office
WorkplaceHybrid
EmploymentFullTime
Posted2026-06-04T15:04:25.929+00:00
Last observed2026-06-13 05:25:02.674489
Job idparadigmxyz-tempo-xyz:ashbyhq:e937cb12-e98e-4f99-8c32-70e61f5958e5
Tempo is a layer-1 blockchain purpose-built for stablecoins and real-world payments, born from Stripe’s experience in global payments and Paradigm’s expertise in crypto tech. Tempo’s payment-first design provides a scalable, low-cost predictable backbone that meets the needs of high-volume payment use cases. Our goal is to move money reliably, cheaply, and at scale. Our north star is simplicity for users: fintechs, traditional banks, merchants, platforms, and anyone else looking to move their payments into the 21st century. We're building Tempo with design partners who are global leaders in AI, e-commerce, and financial services: Anthropic, Coupang, Deutsche Bank, DoorDash, Mercury, Nubank, OpenAI, Revolut, Shopify, Standard Chartered, Visa, and more. We’re a team of crypto-optimists, building the infrastructure needed to bring real, substantial economic flows onchain. We like to move fast and swing for the fences — join us! THE ROLE You'll own and build Tempo's corporate IT infrastructure — identity, device management, endpoint security, and the automation that ties it all together. This is a hands-on engineering role, not a help desk seat. You'll bring software-engineering rigor to IT systems and help secure a company operating at the frontier of crypto. RESPONSIBILITIES - Architect and automate the full identity lifecycle — HRIS → Okta → SaaS apps — eliminating manual provisioning and off boarding gaps - Complete and maintain SSO/SCIM integrations across the entire SaaS stack - Own Jamf Pro end to end: PreStage enrollment, configuration profiles, software updates, certificate distribution - Deploy and tune endpoint security (SentinelOne) — policy management, MDM-driven deployment, alert triage - Expand SIEM coverage and write detection/alerting rules with a detection-as-code approach - Build toward infrastructure-as-code management of all IT tooling (Terraform, GitHub Actions) - Resolve hard identity, device, and access escalations that get past first-line support - Drive SOC 2 readiness — unified audit trails across identity, device, and security systems QUALIFICATIONS - 4+ years in IT engineering roles - Hands-on Okta administration: SSO, SCIM, SAML/OIDC integrations, lifecycle policies, Okta Workflows. Understands HRIS-as-source-of-truth (Rippling or similar) - Production Jamf Pro experience: PreStage enrollment, configuration profiles, software update management, certificate distribution. macOS-first - Deployed and operated an EDR platform (SentinelOne or comparable) — policy tuning, MDM deployment, alert triage - Strong scripting (Python/Bash/Go preferred), comfortable with REST APIs, webhooks, JSON, auth flows, and event-driven workflows - Git-based config management, CI/CD pipelines (GitHub Actions), Terraform or equivalent - Solid grasp of DNS, certificates/PKI, ZTNA (Tailscale or similar), and modern access control models NICE-TO-HAVES - Crypto/blockchain security exposure — multisig/hardware-wallet workflows (Fireblocks or similar), phishing/lookalike-domain campaigns, high-value signer threat models - Detection-as-code: SIEM detections as version-controlled rules (Panther Python models, Sigma, or equivalent) - Apple platform depth beyond basic Jamf — DDM, MDM protocol internals, notarization/signing/packaging, macOS security frameworks (TCC, system extensions) - Mapped controls to SOC 2, ISO 27001, NIST CSF, or CIS — understands what audit-ready evidence looks like - Built Slack-driven workflows, bots, or self-service internal tooling - Public open-source contributions to IT/security tooling
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.