Senior Infrastructure Security Engineer
New York, New York
Full Time
$150k - $220k
One of our clients is seeking an experienced Infrastructure Security Engineer to help design, implement, and maintain the security of their cloud and on-premises infrastructure. You will be responsible for safeguarding their systems, networks, and services by applying security best practices, building automation to enforce policies, and partnering closely with infrastructure and application teams to proactively identify and mitigate risks.
This role is ideal for someone who thrives at the intersection of security and infrastructure engineering—comfortable working hands-on with cloud services, Kubernetes, and automation tooling while also driving security strategy and compliance.
Responsibilities-
Security Architecture & Hardening
-
Design, implement, and maintain secure infrastructure across cloud (AWS, GCP, or Azure) and on-prem environments.
-
Harden Kubernetes clusters, container runtimes, Linux/Windows hosts, and network configurations.
-
Build and maintain infrastructure-as-code (Terraform, Pulumi, CloudFormation) with security guardrails.
-
-
Monitoring & Detection
-
Deploy and manage security monitoring tools (SIEM, IDS/IPS, endpoint protection, vulnerability scanners).
-
Develop automated detection and alerting for anomalous activities in infrastructure and network layers.
-
-
Identity & Access Management
-
Implement and enforce least-privilege access policies across infrastructure, including IAM, secrets management, and certificate lifecycles.
-
Support SSO, MFA, and role-based access across cloud and internal systems.
-
-
Incident Response & Threat Mitigation
-
Collaborate with security and ops teams to investigate and remediate security incidents.
-
Conduct post-mortems and implement lessons learned into infrastructure tooling and processes.
-
-
Collaboration & Enablement
-
Partner with DevOps, Platform, and Engineering teams to integrate security into CI/CD pipelines.
-
Build automation and self-service tooling that enables developers to adopt secure patterns without friction.
-
Contribute to security training and best-practice documentation for engineers.
-
Required:
-
3–5+ years of experience in infrastructure, DevOps, or security engineering.
-
Strong knowledge of cloud platforms (AWS, GCP, or Azure).
-
Experience with Kubernetes, container security, and infrastructure-as-code (Terraform preferred).
-
Proficiency in securing Linux/Windows systems and core networking protocols.
-
Hands-on experience with vulnerability management, intrusion detection, and log analysis.
-
Proficiency in scripting or programming languages (Python, Go, or Bash).
Preferred:
-
Familiarity with zero-trust architecture and secure network design.
-
Experience implementing compliance frameworks (SOC 2, ISO 27001, FedRAMP, HIPAA, etc.).
-
Contributions to open-source security or DevSecOps tooling.
-
Knowledge of modern CI/CD pipelines and integrating security controls into them.