Infrastructure Security Engineer
STACK Infrastructure · Denver Metropolitan Area · 2 wk ago
Information Technology$128k–$145k/yrFull-time
Responsibilities
- Planning, implementing, managing, monitoring, and upgrading security measures for the protection of STACK Infrastructure’s data, systems, and networks.
- Monitor and triage critical IT infrastructure for irregular behavior/weaknesses and respond with robust countermeasures to prevent future incidents.
- Zero Trust Implementation: Champion a Zero Trust security model across STACK’s network and datacenter environments.
- Architect solutions that enforce least-privilege access, continuous verification, and micro-segmentation of services – ensuring no implicit trust at any layer.
- Install and maintain security tools that monitor critical infrastructure (systems and networks) for security breaches and intrusions.
- Leading or collaborating with peers on project management to accomplish the goals set by leadership.
- Provide SME-level advice and expertise regarding various technologies and enable leadership to drive security objectives and improve STACK’s overall security posture.
- Triage and investigate security and user high-risk events.
- Lead/participate in incident response and investigation of IT/OT security detections and incidents.
- Infrastructure and Network OS security hardening.
- Maintain and optimize security tools.
- DNS management.
- Penetration testing remediation.
- Policy enforcement.
- Attack surface management and threat hunting.
- Participation in an on-call rotation with your team to ensure 24/7/365 coverage.
- Work closely with cross-functional teams, including IT Support, IT Infrastructure, and Critical Operations teams, to ensure systems and networks are secure, compliant with applicable regulations, and protected against unauthorized access.
- Serve as a point of escalation and support for Information Technology and international IT administrators security needs.
Qualifications
- 10-15 years hands-on network security engineering experience, specializing in Firewalls and Infrastructure security.
- Strong Palo Alto and Panorama experience.
- Exposure and experience with International and multi-country IT security programs.
- Certifications in one or more of the following disciplines/providers preferred: CISSP, CEH, GIAC (GSEC, GCIH, etc.), ISACA, Other Networking/Network Security related certifications.
- Experience and familiarity with cyber incident response, SIEM, vulnerability scanning tools, security operations workflow, IPS, Browser security, Cloud security, and Endpoint Security.
- Familiarity with security-related compliance such as NIST CSF, CIS Critical Security Controls, ISO 27001/27002 and regulations such as GDPR, HIPAA, SOC1/2, and PCI-DSS.
- Strong understanding of MITRE ATT&CK framework.
- An analytical security-focused mind, outstanding problem-solving skills, and strong threat assessment and mitigation skills.
- Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
- Exceptional documentation and report generation skills.
- Natural curiosity and drive toward continual improvement.