Security Infrastructure Engineer/Architect

WiSuite is a leading manufacturer of wireless HVAC sensors and controls for commercial applications. Work is on site in our Warren, Michigan facility. Periodic remote work opportunities may be available depending upon project requirements.

We are looking for an IT professional to lead our infrastructure team and manage compliance with client IT security policies. This is a hands-on position that will participate in design, implementation, and maintenance of a comprehensive defense-in-depth security architecture across our cloud infrastructure, production networks, and internal systems. This will require identification of deficiencies, development of solutions, and verification of compliance. The ideal candidate should have a diverse skill set with solution implementation experience in SIEM, intrusion detection/prevention, vulnerability management, endpoint security, identity and access management, cloud security controls, as well as server administration and management.

Responsibilities

Security Architecture & Design:

· Design and implement layered security architecture (defense-in-depth)

· Develop security strategies for AWS cloud environments

· Create security roadmaps and implementation plans

· Evaluate and select security tools and technologies

· Design secure network architectures with proper segmentation

· Document security architecture and standards

Security Operations & Implementation:

· Deploy and configure SIEM solutions

· Implement and manage intrusion detection/prevention systems (IDS/IPS)

· Configure and manage vulnerability scanning tools

· Deploy and manage EDR/EPP solutions

· Implement and manage Web Application Firewalls (AWS WAF, etc.)

· Configure network security controls (firewalls, security groups, NACLs)

Identity & Access Management:

· Secure Active Directory environments (on-premises or AWS Managed AD)

· Implement zero-trust network access solutions

· Configure multi-factor authentication and SSO

· Design and implement privileged access management (PAM)

· Create and enforce access control policies

Cloud Security:

· Secure AWS environments

· Implement cloud security posture management (CSPM)

· Configure VPC security, subnet design, and network segmentation

· Manage IAM roles, policies, and least privilege access

· Implement logging and monitoring for cloud resources
Monitoring & Response:

· Tune SIEM rules and alerts to minimize false positives

· Develop security use cases and detection logic

· Integrate security tools with centralized logging platforms

· Create security dashboards and reports

· Participate in incident response activities and help to build out IR plans

Compliance & Risk Management:

· Ensure compliance with security frameworks (CIS, NIST, PCI-DSS, HIPAA, etc.)

· Conduct security assessments and risk analysis

· Perform vulnerability assessments and remediation tracking

· Support audit activities and evidence collection

Fleet Management

· Manage and maintain fleet of Windows Servers in AWS and on-premises environments

· Design and implement automated patch management strategy and deployment schedules

· Monitor server health, performance, and availability using centralized tools

· Maintain security baseline configurations and enforce compliance

· Coordinate with IT operations for server provisioning, decommissioning, and lifecycle management

· Conduct regular security audits and hardening reviews

· Troubleshoot server issues and performance bottlenecks

· Maintain accurate inventory and documentation of server infrastructure

Requirements And Skills

· 10+ years of experience in a technical organization

· Bachelor's degree in Computer Science, Engineering, Information Security, or related field

· Strong verbal and written communication skills for interacting with clients and other team members

· Ability to work independently and manage time efficiently

· 5-8+ years in information security or related field

· 3+ years AWS cloud security experience

· Comfort with Windows server configuration, installing applications, powershell etc.

· Proven experience managing and securing Active Directory environments

· Experience with vulnerability management programs

· Track record of designing and implementing security architectures and networks

Preferred Technology Capabilities

• Experience with SIEM solutions such as Splunk or Wazuh
• Proficiency with scanning tools such as Tenable or Prowler
• Usage of EDR monitoring tools such as Crowdstrike Falcon or Sentinel One
• Familiarity with AWS services CloudWatch, WAF, GuardDuty, and Network Firewall
• Ability to configure and use networking solutions like Wireguard or Tailscale
• Certifications such as CISSP, CCSP, AWS Security

We encourage you to apply even if you aren't an exact match for our open role as many of our team members come from nontraditional backgrounds.

Benefits:

• 401(k)
• Flexible schedule
• Health insurance
• Paid time off

Experience:

• Information Security: 5 years (Required)
• AWS Cloud Security: 3 years (Required)

Work Location: In person