Cybersecurity Engineer – Infrastructure & Cloud

Job Summary

The Cybersecurity Engineer helps protect the company’s systems, cloud services, and devices from security threats. This role serves as the executing arm of our virtual CISO (vCISO) and Director of Cybersecurity and Infrastructure, translating security strategy into hands-on, day-to-day action across our environment. It works closely with the Cloud, Infrastructure, and Help Desk teams to ensure systems are secure, monitored, and quickly remediated when issues arise. The position focuses on monitoring security alerts, investigating threats, managing vulnerabilities, and supporting incident response. This role will also work with the company’s 24-hour Security Operations Center (SOC) to review alerts and investigate suspicious activity. A near-term priority for this role will be partnering directly with the vCISO to close remaining gaps and drive the organization toward ISO 27001 certification.

RESPONSIBILITY BREAKDOWN

• 45% Vulnerability Management: Ongoing testing, patching, and hardening of our environment
• 30% Monitoring & Incident Response: Detecting and responding to threats across endpoints and the network
• 15% Compliance Support: Working alongside the vCISO on audits and compliance priorities
• 10% Security Awareness: Training exercises and keeping the company informed on threats

Key Responsibilities

Infrastructure and Network Security

• Configure and maintain security systems such as firewalls, network security tools, and intrusion detection systems.
• Help ensure servers, networks, and cloud systems are configured securely.
• Support Cisco security tools including FirePower firewalls and Meraki SD-WAN environments.
• Work with IT teams to fix security risks found in infrastructure systems.

Endpoint Security

• Manage endpoint security tools such as Microsoft Defender for Endpoint, Cisco AMP.
• Monitor alerts from laptops, servers, and other devices.
• Investigate suspicious activity on company devices and respond when threats are detected.
• Isolate or remediate compromised systems when necessary.

Security Monitoring and SOC Coordination

• Work with the 24-hour Security Operations Center to review and investigate security alerts.
• Analyze system logs and security events to detect possible threats.
• Help improve alert rules to reduce false alarms and improve threat detection.

Cloud Security

• Monitor the security of Azure cloud systems using tools such as Microsoft Defender for Cloud.
• Identify security risks or misconfigurations in cloud environments.
• Work with the cloud administration team to fix security issues.

Identity Security Monitoring

• Monitor alerts and suspicious login activity related to Microsoft Entra ID accounts.
• Investigate unusual sign-ins, risky logins, or possible credential misuse.
• Work with the Cloud Administration team to review identity security settings when issues are identified.
• Assist with investigations involving compromised accounts.
• Recommend improvements to strengthen identity security based on observed activity.

Vulnerability Management

• Run vulnerability scans across servers, devices, and cloud systems.
• Identify security weaknesses and help IT teams prioritize fixes.
• Track progress on remediation of security vulnerabilities.

Incident Response

• Help investigate and respond to security incidents.
• Assist with containment and recovery when systems are compromised.
• Document incidents and help identify ways to prevent similar issues in the future.

Security Compliance and Reviews

• Help ensure systems follow company security policies and industry best practices.
• Partner with the vCISO to support ISO 27001 certification efforts and ongoing compliance maintenance.
• Assist with internal security reviews and external audits when required.
• Familiarity with compliance frameworks such as NIST or CMMC is a plus but not required.
• Maintain documentation of security processes and configurations.

Security Awareness

• Provide guidance to employees and IT teams on security best practices.
• Help support company security awareness efforts.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
• 5+ years of experience in cybersecurity, network security, or system security roles.
• Relevant certifications such as Security+, CISSP, CISM, CEH, or equivalent.
• DoD IAT Level II certification or ability to obtain.

Technical Skills

• Experience with Microsoft security tools: Defender for Endpoint, Defender for Cloud, Defender for Office 365, and Entra ID security monitoring.
• Experience with Abnormal AI Email Security a plus
• Experience analyzing security alerts and logs using SIEM platforms.
• Hands-on experience with Cisco security technologies including FirePower, IDS/IPS, Cisco AMP, Cisco Umbrella, Cisco Secure Cloud Analytics, and Cisco XDR.
• Familiarity with Meraki SD-WAN and enterprise WiFi environments.
• Understanding of networking concepts such as TCP/IP, VPNs, VLANs, routing, switching, and SD-WAN. Working knowledge of Zscaler zero-trust is a plus.
• Experience with vulnerability scanning and remediation processes.

Soft Skills

• Strong troubleshooting and analytical skills.
• Ability to investigate and resolve technical security issues.
• Clear communication with both technical and non-technical teams.
• Ability to work closely with infrastructure, networking, and cloud teams.

THIS POSITION DESCRIPTION IN NO WAY SATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THE EMPLOYEE(S) INCUMBENT IN THIS POSITION. EMPLOYEES WILL BE REQUIRED TO FOLLOW ANY JOB-RELATED INSTRUCTIONS AND TO PERFORM ANY OTHER JOB-RELATED DUTIES REQUESTED BY ANY PERSON AUTHORIZED TO GIVE INSTRUCTIONS OR ASSIGNMENTS.

EEOC: Stephen Gould is an equal opportunity employer