VP - IT Infrastructure & Security
Verus Mortgage Capital · Bloomington, MN · 1 mo ago
On-siteInformation Technology$160k–$175k/yrFull-time
Responsibilities
- Enterprise Architecture & Zero Trust Design
- Design and implement end-to-end enterprise architecture across on-prem and cloud environments (Azure-first strategy).
- Lead adoption of Zero Trust Architecture (ZTA): Identity-driven access (Azure AD / Entra ID), Device trust enforcement (Intune / MDM compliance), Network segmentation & micro-segmentation, Continuous verification and least-privilege access.
- Establish defense-in-depth strategy across: Perimeter (firewalls, NAC), Internal network (segmentation, NAC), Endpoint (EDR/XDR), Identity (MFA, Conditional Access), Data (DLP, encryption).
- Advanced Network Engineering & Security
- Architect and manage enterprise-grade networking across Netgear, Cisco Meraki, and hybrid WAN environments.
- Configure and optimize Fortinet FortiGate Firewalls: Advanced threat protection (IPS, SSL inspection), ZTNA enforcement, Application control and traffic shaping.
- Deploy and manage FortiNAC: Device profiling and posture assessment, Automated quarantine/remediation policies.
- Implement and manage RADIUS / 802.1X authentication for secure network access.
- Perform deep network analysis including packet capture, traffic inspection, and anomaly detection.
- Integrate network telemetry into centralized logging / SIEM pipelines.
- Cloud Infrastructure & Hybrid Identity (Azure)
- Architect and manage Microsoft Azure environments: VMs, VNets, NSGs, load balancers, private endpoints, Hybrid connectivity (VPN, ExpressRoute).
- Design secure identity architecture using Azure AD (Entra ID): Conditional Access policies, MFA enforcement (Duo/YubiKey integration), Identity Protection & risk-based access.
- Implement role-based access control (RBAC) and privileged identity management (PIM).
- Drive infrastructure-as-code (IaC) and automation strategies.
- Endpoint Security, MDM & Device Governance
- Architect enterprise endpoint strategy using: Microsoft Intune (MDM/MAM), Device compliance policies, configuration profiles, and security baselines.
- Enforce Zero Trust device posture validation before granting access.
- Implement full device lifecycle management (provisioning → compliance → decommissioning).
- Secure both corporate and BYOD environments with strict policy enforcement.
- Advanced Threat Protection & Data Security
- Lead deployment and optimization of CrowdStrike Falcon (EDR/XDR platform): Policy creation and tuning, Behavioral threat detection and threat hunting, Automated containment and response.
- Design and enforce data protection strategies: Data classification and labeling, Encryption (at rest, in transit).
- Implement multi-layered security controls across all attack surfaces.
- Conduct vulnerability management and coordinate remediation using enterprise tools.
- Email Security & Domain Protection
- Architect and enforce email authentication and anti-spoofing controls: DMARC, DKIM, SPF.
- Monitor and respond to phishing campaigns and domain abuse.
- Manage DNS security, domain configurations, and SSL/TLS certificates via GoDaddy or enterprise DNS providers.
- Oversee certificate lifecycle management across infrastructure.
- Maintain monitoring, observability & performance engineering
- Implement enterprise monitoring using PRTG and advanced observability tools.
- Integrate logs into centralized SIEM/XDR platforms for correlation and threat detection.
- Develop proactive alerting, anomaly detection, and performance baselines.
- Conduct capacity planning and infrastructure optimization.
- Incident Response, Risk & Compliance
- Lead incident response and digital forensics investigations.
- Perform root cause analysis (RCA) and implement preventive controls.
- Design and test disaster recovery (DR) and business continuity (BCP) strategies.
- Align infrastructure and controls with: NIST, CIS Controls, ISO 27001, FFIEC.
- Support audits, risk assessments, and compliance reporting.
- Automation, DevSecOps & Innovation
- Develop automation pipelines using PowerShell, Bash.
- Implement DevSecOps principles for secure infrastructure deployment.
- Reduce manual operations through orchestration and scripting.
- Continuously evaluate and integrate new technologies for security and performance.
- Technical Leadership & Strategy
- Serve as Tier 3/4 escalation point and technical authority.
- Mentor engineers and define engineering standards and best practices.
- Lead large-scale infrastructure projects, migrations, and security transformations.
- Documentation & Governance
- Maintain enterprise-level architecture diagrams, system documentation, and SOPs.
- Define and enforce IT governance frameworks and security policies.
- Ensure documentation supports audit readiness and operational continuity.