Staff IT & Security Engineer
Indexed description
At Flow, we’re reimagining what it means to live, work, and connect. More than just a real estate company, Flow is a brand, a technology platform, and an operations ecosystem spanning condominiums, hotels, multifamily residences, and office spaces. We’re building a new kind of living experience: one that’s flexible, connected, and designed to create genuine community and real value for the people who call Flow home.
Our mission is oneness: prioritizing our residents and their experiences, and fostering connection with ourselves, their neighbors, and the natural world. By putting people at the center of everything we do, we’re creating vibrant, human-centered communities where life, work, creativity, and play all come together in one place.
About The Role
Flow is seeking an experienced Staff IT & Security Engineer to lead and own our internal IT systems, security posture, automation efforts, and enterprise AI tool ecosystem. This role will serve as the central technical owner for all internal AI platforms, including OpenAI (ChatGPT Enterprise/APIs), Anthropic Claude, Cursor, and other AI-assisted developer environments. You will manage vendor relationships, licensing, access control, secure configuration, and establish best practices for safe AI adoption across teams, while monitoring usage for compliance, privacy, and risk management. As AI becomes core to how work gets done, this role will help define the future of secure, scalable AI enablement across the organization.
In addition, you will provide security and infrastructure leadership across device management, identity systems (SSO, RBAC, Okta/Google Workspace), endpoint and network security, SaaS administration, and employee onboarding/offboarding. You will develop and enforce AI and security policies, partner cross-functionally with Legal, Engineering, and Operations on governance frameworks, and lead audits, reviews, and incident response planning.
The role also includes serving as the escalation point for complex IT challenges, troubleshooting and resolving advanced issues across systems, networks, identity, and employee environments to ensure smooth day-to-day operations. You will design and deliver automation projects using tools to improve efficiency, build workflows for provisioning, monitoring, access systems, and AI compliance enforcement, while acting as a trusted partner who trains employees, mentors teammates, and ensures the company can scale confidently with strong IT and security foundations.
Responsibilities
Enterprise AI Tools Ownership & Governance
- Serve as the central technical owner for all internal enterprise AI platforms, including large language model tools, AI-assisted developer environments, and internally developed AI-powered systems
- Manage vendor relationships, licensing, access controls, and secure configuration for all AI platforms
- Establish and enforce org-wide best practices for safe AI adoption; monitor usage for compliance, privacy, and data protection risk
- Maintain and extend the organization's internal AI automation platform — new capabilities, bug fixes, codebase documentation, and knowledge transfer to the team
- Stay current on the enterprise AI tooling landscape; bring recommendations to the Head of IT on new tools, risks, and adoption opportunities
- Develop and enforce security policies covering AI usage and data protection, endpoint standards, identity and access control, and acceptable use
- Partner with Legal, Engineering, and Operations on governance frameworks and any applicable compliance requirements
- Lead internal security reviews, access audits, and incident response planning across all properties and corporate systems
- Own the organization's security posture roadmap — identify gaps, prioritize remediation, and track progress over time
- Own the architecture and governance layer for all identity systems:
- Yesh ID — SSO Configuration, SAML integrations, app provisioning
- Google Workspace — organizational structure, admin policies, OU management, API restrictions
- Design and maintain RBAC structures, access tiers, and least-privilege policies across all platforms
- Own identity governance: periodic access reviews, privilege audits, and lifecycle policy enforcement
- Day-to-day provisioning and account ops are handled by the support and field technician team — this role owns the policies, configurations, and standards they execute against
- Own the SaaS portfolio: licensing, renewals, vendor relationships, and spend governance
- Maintain accurate license counts across all platforms; surface consolidation or optimization opportunities to the Head of IT
- Evaluate new SaaS tools through a security-first lens; own the procurement and onboarding process for new platforms
- Manage vendor escalations for critical systems when issues exceed field team resolution
- Own telecom platform relationships — UCaaS, VoIP, and business communication systems — including migrations, contract renewals, and platform consolidation opportunities
- Partner with the Head of IT to build and maintain the annual IT budget — tracking spend by category (hardware, software/SaaS, professional services, telecom, cloud infrastructure, and contingency) and by property
- Maintain ongoing spend visibility across corporate IT card expenses, vendor invoices, and SaaS subscriptions; flag variances against budget in a timely manner
- Support Finance on IT audit requests, spend reconciliations, and inception-to-date cost reporting by property or cost center
- Own the IT SaaS renewal calendar — alert the Head of IT well in advance of renewals, flag price increases, and recommend renegotiation or replacement where warranted
- Track cloud infrastructure costs (GCP, AWS) and identify rightsizing or commitment optimization opportunities
- Support project-level budget tracking — monitor budget vs. actual for active IT projects and surface overruns early
- Design and build IT automation that reduces manual overhead and improves security posture across the organization
- Build and maintain workflows for:
- Automated user provisioning and access request management
- AI cpmliance enforcement and usage monitoring
- Infrastructure monitoring, alerting, and incident notification
- IT spend reporting and operational dashboards for leadership
- Write production-quality Python; maintain and extend existing automation, scripts, and integrations—
- Serve as the engineering lead on cross-functional IT initiatives from design through delivery and handoff
- Serve as the senior technical mentor for IT Support and Field Technician staff — technical guidance, escalation support, and professional development
- Own documentation standards for the IT organization: ensure runbooks, SOPs, network diagrams, and system inventories are complete, accurate, and maintained
- Act as a trusted technical advisor to the Head of IT — support vendor evaluations, technology roadmap planning, and cross-functional IT initiatives
- Translate technical work into clear updates for IT leadership and cross-functional stakeholders
- 7+ years of experience in IT engineering, security engineering, infrastructure, or a closely related senior role—
- Deep knowledge of identity and access management — SSO, SAML, RBAC, Google Workspace administration, and MDM policy design (Addigy, JumpCloud, Jamf, or equivalent)
- Hands-on experience with cloud platforms (GCP, AWS, or Azure) — deploying and maintaining services in production cloud environments
- Direct experience owning enterprise AI tools at an organizational level — governance, access control, usage monitoring, and policy enforcement
- Ability to write production-quality Python automation; proven ability to read, maintain, and extend existing codebase
- Experience supporting or contributing to IT budget development, spend tracking, and Finance-facing reporting
- Proven ability to create security and acceptable-use policies that are practical, enforceable, and appropriate for the organization's scale
- Experience managing IT strategy across multiple sites simultaneously — architectural ownership, not just field execution
- Strong project ownership: ability to run cross-functional initiatives end-to-end with clear communication and handoff documentation
- Availability for occasional evening or weekend work during critical incidents or maintenance windows
- Experience building or maintaining AI-powered internal tools — REST APIs, LLM integrations, Slack bots, or cloud-hosted automation services
- Familiarity with physical security system architecture — video management systems, IP access control platforms, or intercom/visitor management systems
- Ubiquiti/UniFi network architecture experience — VLAN design, firewall policy, multi-site wireless
- ITSM platform administration — Freshservice, Jira Service Management, or equivalent
- Experience with cloud FinOps practices — billing export analysis, committed use discount modeling, cost allocation tagging
- UCaaS or VoIP platform experience — Zoom Phone, RingCentral, or equivalent
- Residential or hospitality property technology environment experience
- Bilingual English/Spanish
- Comprehensive Benefits Package (Medical / Dental / Vision / Disability / Life)
- Paid time off and 13 paid holidays
- 401(k) retirement plan
- Healthcare and Dependent Care Flexible Spending Accounts (FSAs)
- Access to HSA-compatible plans
- Pre-tax commuter benefits
- Employee Assistance Program (EAP), free therapy through SpringHealth, acupuncture, and other wellness offerings
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search