Jobs · Information Technology · Minnesota

VP - IT Infrastructure & Security

Verus Mortgage Capital · Bloomington, MN · 1 mo ago
On-siteInformation Technology$160k–$175k/yrFull-time

Responsibilities

  • Enterprise Architecture & Zero Trust Design
  • Design and implement end-to-end enterprise architecture across on-prem and cloud environments (Azure-first strategy).
  • Lead adoption of Zero Trust Architecture (ZTA): Identity-driven access (Azure AD / Entra ID), Device trust enforcement (Intune / MDM compliance), Network segmentation & micro-segmentation, Continuous verification and least-privilege access.
  • Establish defense-in-depth strategy across: Perimeter (firewalls, NAC), Internal network (segmentation, NAC), Endpoint (EDR/XDR), Identity (MFA, Conditional Access), Data (DLP, encryption).
  • Advanced Network Engineering & Security
  • Architect and manage enterprise-grade networking across Netgear, Cisco Meraki, and hybrid WAN environments.
  • Configure and optimize Fortinet FortiGate Firewalls: Advanced threat protection (IPS, SSL inspection), ZTNA enforcement, Application control and traffic shaping.
  • Deploy and manage FortiNAC: Device profiling and posture assessment, Automated quarantine/remediation policies.
  • Implement and manage RADIUS / 802.1X authentication for secure network access.
  • Perform deep network analysis including packet capture, traffic inspection, and anomaly detection.
  • Integrate network telemetry into centralized logging / SIEM pipelines.
  • Cloud Infrastructure & Hybrid Identity (Azure)
  • Architect and manage Microsoft Azure environments: VMs, VNets, NSGs, load balancers, private endpoints, Hybrid connectivity (VPN, ExpressRoute).
  • Design secure identity architecture using Azure AD (Entra ID): Conditional Access policies, MFA enforcement (Duo/YubiKey integration), Identity Protection & risk-based access.
  • Implement role-based access control (RBAC) and privileged identity management (PIM).
  • Drive infrastructure-as-code (IaC) and automation strategies.
  • Endpoint Security, MDM & Device Governance
  • Architect enterprise endpoint strategy using: Microsoft Intune (MDM/MAM), Device compliance policies, configuration profiles, and security baselines.
  • Enforce Zero Trust device posture validation before granting access.
  • Implement full device lifecycle management (provisioning → compliance → decommissioning).
  • Secure both corporate and BYOD environments with strict policy enforcement.
  • Advanced Threat Protection & Data Security
  • Lead deployment and optimization of CrowdStrike Falcon (EDR/XDR platform): Policy creation and tuning, Behavioral threat detection and threat hunting, Automated containment and response.
  • Design and enforce data protection strategies: Data classification and labeling, Encryption (at rest, in transit).
  • Implement multi-layered security controls across all attack surfaces.
  • Conduct vulnerability management and coordinate remediation using enterprise tools.
  • Email Security & Domain Protection
  • Architect and enforce email authentication and anti-spoofing controls: DMARC, DKIM, SPF.
  • Monitor and respond to phishing campaigns and domain abuse.
  • Manage DNS security, domain configurations, and SSL/TLS certificates via GoDaddy or enterprise DNS providers.
  • Oversee certificate lifecycle management across infrastructure.
  • Maintain monitoring, observability & performance engineering
  • Implement enterprise monitoring using PRTG and advanced observability tools.
  • Integrate logs into centralized SIEM/XDR platforms for correlation and threat detection.
  • Develop proactive alerting, anomaly detection, and performance baselines.
  • Conduct capacity planning and infrastructure optimization.
  • Incident Response, Risk & Compliance
  • Lead incident response and digital forensics investigations.
  • Perform root cause analysis (RCA) and implement preventive controls.
  • Design and test disaster recovery (DR) and business continuity (BCP) strategies.
  • Align infrastructure and controls with: NIST, CIS Controls, ISO 27001, FFIEC.
  • Support audits, risk assessments, and compliance reporting.
  • Automation, DevSecOps & Innovation
  • Develop automation pipelines using PowerShell, Bash.
  • Implement DevSecOps principles for secure infrastructure deployment.
  • Reduce manual operations through orchestration and scripting.
  • Continuously evaluate and integrate new technologies for security and performance.
  • Technical Leadership & Strategy
  • Serve as Tier 3/4 escalation point and technical authority.
  • Mentor engineers and define engineering standards and best practices.
  • Lead large-scale infrastructure projects, migrations, and security transformations.
  • Documentation & Governance
  • Maintain enterprise-level architecture diagrams, system documentation, and SOPs.
  • Define and enforce IT governance frameworks and security policies.
  • Ensure documentation supports audit readiness and operational continuity.

Similar jobs

VP, IT Infrastructure

Compass DatacentersDallas, TX· 1 mo ago
Information Technologyapply on compass-datacenters.breezy.hr

VP – IT Operations

Grocery OutletEmeryville, CA· 1 wk ago
Information Technology$220k–$250k/yrapply on recruiting.ultipro.com