Infrastructure Security Engineer

Position Overview

Key Responsibilities

AWS Cloud Security

• Design, implement, and maintain security controls across AWS environments including IAM policies, security groups, NACLs, and VPC configurations
• Configure and manage AWS security services such as CloudTrail, GuardDuty, Security Hub, Config, and Inspector
• Implement Infrastructure as Code (IaC) security best practices using CloudFormation, Terraform, or CDK
• Conduct regular security assessments of cloud architectures and recommend improvements
• Manage AWS compliance frameworks and ensure adherence to industry standards (SOC 2, ISO 27001, etc.)
  

Vulnerability Management

• Lead enterprise-wide vulnerability assessment programs using tools such as Nessus
• Develop and maintain vulnerability and patch management policies, procedures, and SLAs, regular reporting
• Coordinate with IT and development teams to prioritize and remediate security vulnerabilities
• Generate executive-level reports on vulnerability metrics and risk exposure
• Conduct regular penetration testing and security assessments of applications and infrastructure
  

Patch Management

• Design and implement automated patch management strategies across Windows, Linux, and cloud environments
• Coordinate with system administrators to schedule and deploy critical security patches
• Maintain patch testing procedures to minimize business disruption
• Monitor patch compliance across the enterprise and report on patch deployment status
• Develop rollback procedures and incident response plans for patch-related issues
  

Endpoint Security

• Deploy and manage endpoint detection and response (EDR) solutions such as CrowdStrike
• Configure and tune endpoint security policies including antivirus, application control, and device encryption
• Investigate and respond to endpoint security incidents and malware infections
• Implement mobile device management (MDM) and bring-your-own-device (BYOD) security policies
• Conduct forensic analysis of compromised endpoints when required
  

Required Qualifications

Education & Experience

• Bachelor's degree in computer science, Information Security, or related field
• Minimum 5+ years of hands-on experience in information security roles
• 3+ years of experience with AWS cloud security architecture and services
  

Technical Skills

• Cloud Security: Deep expertise in AWS security services, IAM, VPC security, and cloud compliance frameworks
• Vulnerability Management: Proficiency with vulnerability scanners (Qualys, Nessus, Rapid7) and risk assessment methodologies
• Patch Management: Experience with automated patching tools (WSUS, Red Hat Satellite, AWS Systems Manager)
• Endpoint Security: Hands-on experience with EDR/XDR platforms and endpoint management tools
• SIEM/SOAR: Advanced skills in log analysis, correlation rule development, and security orchestration
• Operating Systems: Strong knowledge of Windows and Linux security hardening and administration
• Security Certifications (Preferred)
• AWS Certified Security - Specialty
• CISSP (Certified Information Systems Security Professional)
• GCIH (GIAC Certified Incident Handler)
• CEH (Certified Ethical Hacker)
  

Key Competencies

• Strong analytical and problem-solving skills with attention to detail
• Excellent communication skills and ability to explain complex security concepts to technical and non-technical stakeholders
• Project management capabilities with experience leading cross-functional security initiatives
• Ability to work in fast-paced environments and manage multiple priorities
• Strong understanding of regulatory compliance requirements (PCI-DSS, HIPAA, SOX, GDPR)
• Experience with risk assessment frameworks and security governance
• Reporting Structure