Sr. Infrastructure Security Engineer

Location: Denver, CO

Schedule: Hybrid (3 days onsite)

Travel: up to 25%

Compensation: $148,000 to $160,000 base salary + Bonus

Must be eligible to work in the United States.

Must pass comprehensive background screening.

Must be willing to work flexible hours across time zones.

Must be willing to participate in an on-call rotation to ensure 24/7/365 coverage.

THE POSITION:

The Sr Infrastructure Security Engineer is a key member of the team responsible for multiple aspects of IT cybersecurity and support of Operational Technology cybersecurity needs. The Sr Infrastructure Security Engineer position requires expertise in support of running a highly available, secure, and scalable environment. The position will require the development and maintenance of our datacenter environments. Technologies will include, but not be limited to firewalls, IDS/IPS, switches, routers, VPNs, edge security architectures, Windows and Linux servers/appliances, archiving and backup, encryption, business continuity, security risk assessment, and support of Operational Technology applications. The position works under minimal direction with considerable latitude as part of a global security team where the use of critical analysis, initiative, and independent judgment are highly desirable. The position will be required to utilize project management and time management skills to ensure timely delivery of business and departmental objectives.

RESPONSIBILITIES:

Responsibilities may include:

• Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the company's Infrastructure's data, systems, and networks.


• Monitor and triage critical IT infrastructure for irregular behavior/weaknesses and respond with robust countermeasures to prevent future incidents.


• Zero Trust Implementation: Champion a Zero Trust security model across the company's network and datacenter environments. Architect solutions that enforce least-privilege access, continuous verification, and micro-segmentation of services - ensuring no implicit trust at any layer.


• Install and maintain security tools that monitor critical infrastructure (systems and networks) for security breaches and intrusions.


• Leading or collaborating with peers on project management to accomplish the goals set by leadership.


• Providing SME-level advice and expertise regarding various technologies and enable leadership to drive security objectives and improve our overall security posture.


• Triage and investigate security and user high-risk events.


• Lead/participate in incident response and investigation of IT/OT security detections and incidents.


• Infrastructure and Network OS security hardening


• Monitoring and optimization of security tools


• DNS management


• Penetration testing remediation


• Policy enforcement


• Attack surface management and threat hunting


• Participation in an on-call rotation with your team to ensure 24/7/365 coverage.


• Work closely with cross-functional teams, including IT Support, IT Infrastructure, and Critical Operations teams, to ensure systems and networks are secure, compliant with applicable regulations, and protected against unauthorized access


• Serve as a point of escalation and support for Information Technology and international IT administrators security needs.


• Other duties as assigned

MUST-HAVE QUALIFICATIONS:

• 10-15 years hands-on network security engineering experience, specializing in Firewalls and Infrastructure security.


• Strong Palo Alto and Panorama experience. Other enterprise firewall experience accepted but Palo Alto is preferred.


• Exposure and experience with International and multi-country IT security programs.


• Certifications in one or more of the following disciplines/providers preferred: CISSP, CEH, GIAC (GSEC, GCIH, etc.), ISACA, Other Networking/Network Security related certifications.


• Experience and familiarity with cyber incident response, SIEM, vulnerability scanning tools, security operations workflow, IPS, Browser security, Cloud security, and Endpoint Security.


• Familiarity with security-related compliance such as NIST CSF, CIS Critical Security Controls, ISO 27001/27002 and regulations such as GDPR, HIPAA, SOC1/2, and PCI-DSS.


• Strong understanding of MITRE ATT&CK framework.


• An analytical security-focused mind, outstanding problem-solving skills, and strong threat assessment and mitigation skills.


• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders. Exceptional documentation and report generation skills.


• Great awareness of cybersecurity trends, emerging threats, and techniques.

THIS MIGHT BE RIGHT FOR YOU IF:

• You're at the senior level of the technical path in Networking or Network Security, with a strong understanding of server infrastructures.


• You have a strong interest or specialization in enterprise datacenter technologies.


• You're passionate about IT and Cybersecurity.


• You're persuasive and clear, blending analytics with experience in decision-making.


• You're highly adaptable in an ever-changing environment and enjoy change and growth.


• You're naturally curious and driven toward continual improvement. While you celebrate your successes, you take time to review and analyze campaigns for future learning.

BENEFITS:

• We offer a competitive compensation package with strong benefits, including medical, dental, and vision insurance, a 401K program and flexible spending accounts


• We foster a culture of appreciation, including company Assembly recognition.


• Fun is part of our DNA, with events, game nights, happy hours, and barbecues.


• We're growing - this is a great time to join and make an impact!

All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance. For unincorporated Los Angeles county, to the extent our customers require a background check for certain positions, the Company faces a significant risk to its business operations and business reputation unless a review of criminal history is conducted for those specific job positions.