Senior Infrastructure & Security Engineer

Kurv is executing a fundamental digital transformation, moving from legacy monolithic systems to a resilient, cloud-native enterprise leveraging AWS and Databricks., We are seeking a Senior Infrastructure & Security Engineer to join our team as a full-time, permanent stakeholder. This role is for a long-term owner who will bridge the gap between our robust on-premise networking foundation and our future cloud state. Your primary responsibilities include the expert operational management of our newly established SQL Server High-Availability (HA) Cluster, the maintenance of our Cisco and Palo Alto networking core, and the ongoing build-out of our AWS Landing Zone.

Key Responsibilities

1. Networking & Hybrid Connectivity (Physical & Cloud)

• Core Network Management: Maintain and optimize the existing physical network stack, including Cisco, PaloAlto, and Brocade networking equipment

• Perimeter Security: Manage Palo Alto firewalls, ensuring all inter-VLAN and inter-company traffic is scanned and secured.

• Connectivity Resilience: Oversee internet circuits and connectivity for the organization.

• Hybrid Integration: Implement and govern AWS Transit Gateway and Direct Connect (or IPsec VPN tunnels) to ensure seamless, secure communication across our hybrid environment.

2. SQL HA Cluster Operations (Mission Critical)

• Operational Ownership: Serve as the primary owner for the newly created SQL Server HA environment, managing Windows Failover Clustering and Always On/Basic Availability Groups.

• Performance Optimization: Maintain a working understanding of performance characteristics within a high-utilization SQL Server environment, including memory configuration, tempDB structure, and index health, to support troubleshooting and prevent resource saturation.

• Licensing & RPO: Manage SQL Server licenses with Software Assurance (SA) and conduct regular failover drills to guarantee zero data loss (Zero RPO) for our payments business.

3. Cloud Architecture

• Infrastructure as Code (IaC): Maintain and expand our "Zero-Touch" production environment using Terraform to manage all AWS and Databricks resources.

• Landing Zone Governance: Govern the AWS Organization through Control Tower and Service Control Policies (SCPs) to ensure multi-account security.

• FinOps: Monitor real-time cloud spend; enforce mandatory tagging for departmental showback and manage auto-shutdown scripts for non-prod environments.

4. Security, Identity & PCI Compliance

• PCI-DSS 4.0 Compliance: Lead the technical maintenance of strict network segmentation and isolation for PCI-scoped systems.

• Identity-Based Perimeter: Maintain AWS IAM Identity Center and Databricks Unity Catalog to enforce granular, identity-based access.

• Threat Management: Drive remediation of security findings (e.g., XSS, NTLMv2) and monitor real-time events via Splunk and AWS Security Hub.

5. Backup & Recovery Architecture (Enterprise Resilience)

• Air-Gapped Data Protection: Maintain and manage enterprise backup operations using Veeam, ensuring secure, immutable backups within an air-gapped architecture to protect against ransomware and catastrophic data loss.

• Recovery Assurance: Validate backup integrity through routine restore testing and verification procedures to support business continuity, disaster recovery objectives, and regulatory compliance requirements.

• Operational Governance: Monitor backup job health, retention policies, and storage lifecycle management to ensure consistent protection across on-premise and hybrid workloads.

• 7+ years of enterprise experience in infrastructure, networking, and security.

• Networking Mastery: Advanced hands-on experience with Cisco switching/routing and Palo Alto firewall administration.

• SQL Clustering Expertise: Proven experience managing multi-node production SQL Server clusters (HA/DR).

• AWS & IaC: Hands-on experience with AWS core services and Terraform for multi-account environments.

• Practical PCI Experience: Proven track record of supporting and passing audits in PCI-compliant environments.

• Hybrid Systems Knowledge: Strong background in VMware vSphere and Windows Server (AD/GPO).

Valuable Certifications

The following certifications are highly desired for this permanent role:

• Networking & Security:

• CCNP (Routing and Switching) or PCNSE (Palo Alto Networks Certified Network Security Engineer)

• PCI Professional (PCIP) or Internal Security Assessor (ISA)

• CISSP or CISM

• Cloud & DevOps:

• AWS Certified Solutions Architect - Associate (SAA-C03)

• HashiCorp Certified: Terraform Associate

• AWS Certified Security - Specialty

• FinOps Certified Practitioner (FCP)

What We're Looking For

• A Full-Time Stakeholder: Someone who wants to take long-term pride in Kurv's stability.
• The "Bridge" Engineer: Someone comfortable configuring a physical Cisco switch one hour and writing Terraform for an AWS Transit Gateway the next.
• Knowledge Capture: A willingness to collaborate with subject matter experts to translate deep institutional and technical knowledge into automated, scalable cloud patterns.

• 401(k)
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance