VP - IT Infrastructure & Security

Job Description

Job Description

Description

We are seeking a VP - IT Infrastructure & Security to architect, secure, and operate a modern hybrid enterprise infrastructure. This role operates at the intersection of network engineering, cloud architecture, endpoint security, and cybersecurity governance.

You will be responsible for designing and enforcing a defense-in-depth security model, implementing Zero Trust Architecture, and ensuring end-to-end protection of identity, devices, networks, applications, and data across the organization.

This is a hands-on technical leadership role with ownership of architecture, security strategy, and operational excellence.

This position requires 24/7 on-call availability, with regular working hours of Monday through Friday, 8:00 AM to 5:00 PM.
Responsibilities and Duties:

Enterprise Architecture & Zero Trust Design

• Design and implement end-to-end enterprise architecture across on-prem and cloud environments (Azure-first strategy). 
• Lead adoption of Zero Trust Architecture (ZTA): 
  • Identity-driven access (Azure AD / Entra ID) 
  • Device trust enforcement (Intune / MDM compliance) 
  • Network segmentation & micro-segmentation 
  • Continuous verification and least-privilege access 
• Establish defense-in-depth strategy across: 
  • Perimeter (firewalls, NAC) 
  • Internal network (segmentation, NAC) 
  • Endpoint (EDR/XDR) 
  • Identity (MFA, Conditional Access) 
  • Data (DLP, encryption) 

Advanced Network Engineering & Security

• Architect and manage enterprise-grade networking across Netgear, Cisco Meraki, and hybrid WAN environments. 
• Design and enforce multi-tier VLAN architecture, segmentation, and secure routing strategies. 
• Configure and optimize Fortinet FortiGate Firewalls: 
  • Advanced threat protection (IPS, SSL inspection) 
  • ZTNA enforcement 
  • Application control and traffic shaping 
• Deploy and manage FortiNAC: 
  • Device profiling and posture assessment 
  • Automated quarantine/remediation policies 
  • Integration with AD, RADIUS, and endpoint tools 
• Implement and manage RADIUS / 802.1X authentication for secure network access. 
• Perform deep network analysis including packet capture, traffic inspection, and anomaly detection. 
• Integrate network telemetry into centralized logging / SIEM pipelines. 

Cloud Infrastructure & Hybrid Identity (Azure)

• Architect and manage Microsoft Azure environments: 
  • VMs, VNets, NSGs, load balancers, private endpoints 
  • Hybrid connectivity (VPN, ExpressRoute) 
• Design secure identity architecture using Azure AD (Entra ID): 
  • Conditional Access policies 
  • MFA enforcement (Duo/YubiKey integration) 
  • Identity Protection & risk-based access 
• Integrate on-prem Active Directory with Azure AD for hybrid identity governance. 
• Implement role-based access control (RBAC) and privileged identity management (PIM). 
• Drive infrastructure-as-code (IaC) and automation strategies. 

Endpoint Security, MDM & Device Governance

• Architect enterprise endpoint strategy using: 
  • Microsoft Intune (MDM/MAM)
  • Device compliance policies, configuration profiles, and security baselines 
• Enforce Zero Trust device posture validation before granting access. 
• Implement full device lifecycle management (provisioning → compliance → decommissioning). 
• Secure both corporate and BYOD environments with strict policy enforcement. 

Advanced Threat Protection & Data Security

• Lead deployment and optimization of CrowdStrike Falcon (EDR/XDR platform): 
  • Policy creation and tuning 
  • Behavioral threat detection and threat hunting 
  • Automated containment and response 
• Design and enforce data protection strategies: 
  • Data classification and labeling 
  • Encryption (at rest, in transit) 
• Implement multi-layered security controls across all attack surfaces. 
• Conduct vulnerability management and coordinate remediation using enterprise tools. 

Email Security & Domain Protection

• Architect and enforce email authentication and anti-spoofing controls: 
  • DMARC, DKIM, SPF
• Monitor and respond to phishing campaigns and domain abuse. 
• Manage DNS security, domain configurations, and SSL/TLS certificates via GoDaddy or enterprise DNS providers. 
• Oversee certificate lifecycle management across infrastructure. 

Monitoring, Observability & Performance Engineering

• Implement enterprise monitoring using PRTG and advanced observability tools. 
• Integrate logs into centralized SIEM/XDR platforms for correlation and threat detection. 
• Develop proactive alerting, anomaly detection, and performance baselines. 
• Conduct capacity planning and infrastructure optimization. 

Incident Response, Risk & Compliance

• Lead incident response and digital forensics investigations. 
• Perform root cause analysis (RCA) and implement preventive controls. 
• Design and test disaster recovery (DR) and business continuity (BCP) strategies. 
• Align infrastructure and controls with: 
  • NIST, CIS Controls, ISO 27001, FFIEC
• Support audits, risk assessments, and compliance reporting. 

Automation, DevSecOps & Innovation

• Develop automation pipelines using PowerShell, Bash,. 
• Implement DevSecOps principles for secure infrastructure deployment. 
• Reduce manual operations through orchestration and scripting. 
• Continuously evaluate and integrate new technologies for security and performance. 

Technical Leadership & Strategy

• Serve as Tier 3/4 escalation point and technical authority. 
• Mentor engineers and define engineering standards and best practices. 
• Lead large-scale infrastructure projects, migrations, and security transformations. 
• Provides leadership and direct oversight for the Network & Systems Administrator.

Documentation & Governance

• Maintain enterprise-level architecture diagrams, system documentation, and SOPs. 
• Define and enforce IT governance frameworks and security policies. 
• Ensure documentation supports audit readiness and operational continuity.

Education and Experience:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related technical field preferred
• Equivalent combination of advanced technical experience, military training, or industry certifications may be considered in lieu of a degree
• 7+ years of progressive experience in systems engineering, network engineering, cloud infrastructure, or cybersecurity roles
• Expert-level knowledge of: 
  • Linux & Windows systems administration
  • Azure cloud architecture
  • Fortinet (FortiGate, FortiNAC)
  • CrowdStrike Falcon (EDR/XDR)
  • Microsoft Intune (MDM/MAM)
• Deep understanding of: 
  • Zero Trust Architecture
  • Network protocols (TCP/IP, VLANs, DHCP, DNS, RADIUS, 802.1X)
  • Email authentication (DMARC, DKIM, SPF)
• Strong experience with: 
  • SSL/TLS certificate management
  • DNS/domain security (GoDaddy or enterprise providers)
• Advanced scripting and automation expertise 

Preferred Certifications

• CCNP / CCNA
• Microsoft Azure (AZ-104, AZ-500) 

Key Competencies: 

• Enterprise Architecture Leadership: Designs secure, scalable infrastructure aligned with business and security objectives 
• Cybersecurity Expertise: Implements advanced security frameworks and defense-in-depth strategies 
• Cloud & Network Engineering: Demonstrates deep expertise across hybrid infrastructure and enterprise networking 
• Technical Leadership: Serves as a trusted technical authority and mentor across the organization 
• Automation & Innovation: Continuously improves operational efficiency through automation and modern engineering practices

How This Role Demonstrates Our Values: 

• Integrity: Protects company systems, data, and infrastructure through disciplined security and governance practices 
• Collaboration: Partners across IT, Security, and business teams to deliver secure and scalable solutions 
• Excellence: Maintains high standards for infrastructure reliability, performance, and operational maturity 
• Critical Curiosity: Evaluates emerging technologies and continuously improves enterprise architecture and security posture

Benefits

• Competitive compensation package, including base salary and performance-based bonus opportunities
• 401(k) plan with 100% company match up to 4%
• Comprehensive health coverage: medical, dental, vision, HSA, and FSA options
• Generous paid time off: 20 days PTO, company holidays, and sick time
• Paid parental leave
• Company-paid life insurance and disability coverage
• Employee Assistance Program (EAP): mental health, financial, and wellness support
• Professional development: tuition reimbursement and growth opportunities
• Commuter and transit benefits

Successful applicants will exemplify strong ethics, integrity, respect for others, accountability for decisions and actions, and good citizenship.

Maintaining a reliable, uninterrupted high speed internet connection is a requirement of hybrid or remote positions.

All job duties and responsibilities must be performed within the guidelines of the Verus Residential Mortgage Employee Handbook and established company policies and procedures. It is the responsibility of each employee to maintain confidentiality of the company, its clients and to follow applicable laws and regulations in the performance of duties.

Verus Mortgage Capital is an equal opportunity employer. All qualified applicants are welcomed to apply and will receive consideration for employment without unlawful discrimination because of a person’s race, religious creed, color, national origin, citizenship status, ancestry, marital status, sex, age, or sexual orientation, or because of a person’s disability or medical condition.