Infrastructure Security Engineer

Title: Infrastructure Security Engineer

Job Type: Direct-hire

Location: Downtown Denver, 3 days per week onsite

Salary Range: 140-165K + 10% bonus

Summary

The Infrastructure Security Engineer is responsible for designing, securing, and supporting enterprise infrastructure with a strong emphasis on identity, networking, and server security. This role works closely with IT, Security, and Network teams to implement secure, scalable solutions across on premises and virtualized environments. The ideal candidate brings hands-on technical depth, project ownership experience, and the ability to clearly explain design and operational decisions.

Responsibilities

• Partner with infrastructure, security, and network teams to deliver secure technology solutions.


• Lead and execute infrastructure security initiatives, taking clear ownership of assigned deliverables and outcomes.


• Manage and secure enterprise identity platforms, including Entra ID, Active Directory, and IAM technologies.


• Administer and harden Active Directory environments.


• Design and support Zero Trust architectures, including conditional access and identity-driven controls.


• Architect and maintain secure VPN and remote access solutions for data center connectivity.


• Oversee the build, configuration, and security of Windows and Linux server environments.


• Support current-generation server operating systems and modernization efforts.


• Operate and troubleshoot virtualized environments, including VMware infrastructure.


• Design and support highly available and fault-tolerant systems, including Remote Desktop Services.


• Manage firewall platforms, including rule reviews, configuration updates, and access validation.


• Evaluate and improve firewall policies, removing outdated or unnecessary configurations.


• Apply strong networking fundamentals to support IP design, subnetting, and traffic flow analysis.


• Implement and support cryptographic solutions, including encryption standards and secure communications.


• Manage secrets, PKI certificates, and secure API integrations.


• Participate in security investigations and incident response activities, including phishing analysis.


• Perform log collection, searching, and analysis to support detection and response efforts.


• Develop scripts and automation to improve operational efficiency.


• Participate in an on-call rotation on a limited basis and support ticket-based workflows.

Skills

Required

• Proven experience collaborating with security, IT, and network teams.


• Demonstrated ownership of infrastructure implementation projects, including vendor coordination.


• Strong hands-on experience with Entra ID, Active Directory, and IAM platforms.


• Advanced Active Directory administration skills.


• Deep understanding of Zero Trust principles, conditional access, and identity-based networking.


• Experience designing and securing VPN solutions.


• Solid understanding of Windows and Linux server administration.


• Working knowledge of VMware and virtualization concepts.


• Expertise in high availability, fault tolerance, and RDS architectures.


• Experience managing firewalls, including rule lifecycle management and access reviews.


• Strong TCP/IP networking fundamentals, including subnetting and protocol behavior.


• Practical cryptography knowledge (AES, SHA, symmetric vs. asymmetric encryption).


• Experience managing secrets, certificates, PKI, and secure APIs.


• Strong troubleshooting, investigative, and problem-solving skills.


• Experience participating in security investigations and incident response.


• Automation and scripting experience.

Additional Skills (Training Provided)

• Solution architecture and design fundamentals.


• Threat modeling concepts.


• Understanding of identity tiering models.


• Incident response processes.


• Change management and change control practices.


• Vulnerability management and patching methodologies.


• Experience working within ticket queues and operational workflows.

Nice to Have

• Experience with common enterprise security tools and platforms.


• Exposure to Palo Alto, Cisco, or similar network technologies.


• Security-by-design or secure architecture experience.


• Advanced network or infrastructure design background.


• Knowledge of the Purdue Model.


• Data center operations experience.


• Familiarity with NIST, ISO 27001, and CIS frameworks.


• Relevant certifications (CCNA, Network+, Azure, Microsoft, or similar).

All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance.