IT & Security Engineer
Go Digital Technology Consulting LLP · Michigan, United States · 1 mo ago
Information TechnologyFull-time
About the role
We are seeking a hands-on IT Security & Infrastructure Engineer to manage and secure our day-to-day IT environment, while growing alongside us as we mature our security and compliance program.
Responsibilities
- Manage and secure our day-to-day IT environment
- Grow alongside the organization as we pursue ISO 27001:2022 and SOC 2 certification
- Configure and manage Azure Virtual Networks and AWS VPCs at a moderate level
- Execute Windows and macOS patch cycles end-to-end
- Enroll new machines into the Active Directory domain and apply baseline GPOs and security policies
- Manage user onboarding and offboarding cleanly
- Administer the MDM platform for iOS and Android devices — enrollment, policy enforcement, and remote control
- Run mobile OS patch management through the MDM platform — schedule, deploy, and verify OS and app updates across the mobile fleet
- Enforce baseline mobile security policies — passcode requirements, encryption, app restrictions, and remote wipe readiness
- Track mobile device compliance and remediate non-compliant devices
- Perform day-to-day firewall administration — rules, NAT, web filtering, traffic shaping, and log review
- Configure and monitor VPN services — site-to-site tunnels and remote-access connectivity
- Use the XDR / endpoint security console to triage alerts, investigate incidents, and document findings
- Help maintain the synchronized multi-firewall configuration, ensuring rules and policies remain in sync across devices
- Support hybrid connectivity, basic cloud identity, and resource access controls
- Deploy and manage enterprise access points, including SSID configuration, wireless security, and coverage troubleshooting
- Diagnose and resolve end-to-end LAN/WAN connectivity issues
- Plan and execute the IT scope for new locations — cabling layout, switch and AP placement, firewall provisioning, and Wi-Fi coverage planning
- Rack, stack, and configure new server hardware; install operating systems, baseline configurations, and security tooling
- Establish domain connectivity, VPN links to HQ, endpoint enrollment, and biometric access at new sites
- Coordinate with ISPs, electricians, AMC partners, and equipment vendors throughout the rollout
- Prepare site readiness checklists, IT bills of quantity, and post-deployment documentation
- Be available for on-site work, including occasional evenings or weekends during cutover windows
- Help implement and maintain technical controls aligned with ISO 27001:2022 Annex A and SOC 2 Trust Services Criteria
- Collect and maintain audit evidence — configurations, logs, change records, and access reviews
- Support internal audits, gap assessments, and external auditor engagements
- Maintain policies, runbooks, SOPs, asset registers, and risk treatment documentation
- Conduct periodic access reviews and firewall rule audits
- Manage biometric access control devices — enrollment, data sync, and basic troubleshooting
- Cook up with vendors and OEM support partners for escalations
- Contribute to security awareness initiatives across the organization
Requirements
- Practical hands-on IT, infrastructure, or security operations experience
- Confident troubleshooting on both Windows and macOS at the end-user level
- Working experience with a unified endpoint management platform (such as ManageEngine Endpoint Central, Intune, or SCCM) for patch management, software deployment, and asset tracking
- Working experience with an MDM platform for iOS and Android, including mobile OS patch management, policy enforcement, and device compliance tracking
- Hands-on with Active Directory — domain join, GPO basics, and user/computer object management
- Practical exposure to firewall administration — rule configuration, NAT, and VPN setup (experience with any major vendor acceptable; Sophos, Fortinet, Cisco, or Meraki)
- Strong networking fundamentals — TCP/IP, DNS, DHCP, VLANs, NAT, routing, and wireless concepts
- Comfortable with physical and hardware work — racking, basic cabling, and on-site deployments
- Bachelor's degree in Computer Science, Information Technology, Electronics, or a related discipline; or a diploma supported by equivalent practical experience
- Direct experience with an integrated security ecosystem (firewall + XDR + VPN from a single vendor)
- Cloud networking exposure — Azure VNets or AWS VPCs, NSGs / security groups, site-to-site VPN
- Exposure to ISO 27001 or SOC 2 environments, even at a supporting or evidence-collection level
- Prior site-rollout or office-setup experience, including IT scoping, cabling layout, and BoQ preparation
- Vendor-specific firewall or endpoint certifications
- Familiarity with biometric attendance and access control systems
- CCNA, AZ-104, AZ-500, AWS Certified Cloud Practitioner, or comparable certifications
- Basic scripting (PowerShell, Python, or Bash) for routine automation
- Awareness of SIEM concepts
- ITIL awareness
- Practical and curious — prefers learning by doing
- Growth-oriented — interested in progressing into cloud security and compliance
- Clear communicator — produces documentation others can use
- Reliable and accountable — someone Operations can count on when a site goes live
Qualifications
- Not a pure network engineering role focused on BGP/OSPF or carrier-grade environments
- Not a SOC L1 monitoring-only role
- Not an application security or penetration testing role
- Not a senior or lead position — we are looking for someone hungry to grow, not someone already at the top of their career
- Not a pure helpdesk role — end-user support is one part of a broader scope