Senior Systems Network Engineer

Department: Information Technology - Data & Reporting Location: Bloomington, MNCompensation: $150,000 - $160,000 / yearDescriptionWe are seeking a highly advanced Senior Systems Network Engineer to architect, secure, and operate a modern hybrid enterprise infrastructure. This role operates at the intersection of network engineering, cloud architecture, endpoint security, and cybersecurity governance.You will be responsible for designing and enforcing a defense-in-depth security model, implementing Zero Trust Architecture, and ensuring end-to-end protection of identity, devices, networks, applications, and data across the organization.This is a hands-on technical leadership role with ownership of architecture, security strategy, and operational excellence.This position requires 24/7 on-call availability, with regular working hours of Monday through Friday, 8:00 AM to 5:00 PM.Responsibilities and Duties:Enterprise Architecture & Zero Trust DesignDesign and implement end-to-end enterprise architecture across on-prem and cloud environments (Azure-first strategy).Lead adoption of Zero Trust Architecture (ZTA):Identity-driven access (Azure AD / Entra ID)Device trust enforcement (Intune / MDM compliance)Network segmentation & micro-segmentationContinuous verification and least-privilege accessEstablish defense-in-depth strategy across:Perimeter (firewalls, NAC)Internal network (segmentation, NAC)Endpoint (EDR/XDR)Identity (MFA, Conditional Access)Data (DLP, encryption)Advanced Network Engineering & SecurityArchitect and manage enterprise-grade networking across Netgear, Cisco Meraki, and hybrid WAN environments.Design and enforce multi-tier VLAN architecture, segmentation, and secure routing strategies.Configure and optimize Fortinet FortiGate Firewalls:Advanced threat protection (IPS, SSL inspection)ZTNA enforcementApplication control and traffic shapingDeploy and manage FortiNAC:Device profiling and posture assessmentAutomated quarantine/remediation policiesIntegration with AD, RADIUS, and endpoint toolsImplement and manage RADIUS / 802.1X authentication for secure network access.Perform deep network analysis including packet capture, traffic inspection, and anomaly detection.Integrate network telemetry into centralized logging / SIEM pipelines.Cloud Infrastructure & Hybrid Identity (Azure)Architect and manage Microsoft Azure environments:VMs, VNets, NSGs, load balancers, private endpointsHybrid connectivity (VPN, ExpressRoute)Design secure identity architecture using Azure AD (Entra ID):Conditional Access policiesMFA enforcement (Duo/YubiKey integration)Identity Protection & risk-based accessIntegrate on-prem Active Directory with Azure AD for hybrid identity governance.Implement role-based access control (RBAC) and privileged identity management (PIM).Drive infrastructure-as-code (IaC) and automation strategies.Endpoint Security, MDM & Device GovernanceArchitect enterprise endpoint strategy using:Microsoft Intune (MDM/MAM)Device compliance policies, configuration profiles, and security baselinesEnforce Zero Trust device posture validation before granting access.Implement full device lifecycle management (provisioning → compliance → decommissioning).Secure both corporate and BYOD environments with strict policy enforcement.Advanced Threat Protection & Data SecurityLead deployment and optimization of CrowdStrike Falcon (EDR/XDR platform):Policy creation and tuningBehavioral threat detection and threat huntingAutomated containment and responseDesign and enforce data protection strategies:Data classification and labelingEncryption (at rest, in transit)Implement multi-layered security controls across all attack surfaces.Conduct vulnerability management and coordinate remediation using enterprise tools.Email Security & Domain ProtectionArchitect and enforce email authentication and anti-spoofing controls:DMARC, DKIM, SPFMonitor and respond to phishing campaigns and domain abuse.Manage DNS security, domain configurations, and SSL/TLS certificates via GoDaddy or enterprise DNS providers.Oversee certificate lifecycle management across infrastructure.Monitoring, Observability & Performance EngineeringImplement enterprise monitoring using PRTG and advanced observability tools.Integrate logs into centralized SIEM/XDR platforms for correlation and threat detection.Develop proactive alerting, anomaly detection, and performance baselines.Conduct capacity planning and infrastructure optimization.Incident Response, Risk & ComplianceLead incident response and digital forensics investigations.Perform root cause analysis (RCA) and implement preventive controls.Design and test disaster recovery (DR) and business continuity (BCP) strategies.Align infrastructure and controls with:NIST, CIS Controls, ISO 27001, FFIECSupport audits, risk assessments, and compliance reporting.Automation, DevSecOps & InnovationDevelop automation pipelines using PowerShell, Bash,.Implement DevSecOps principles for secure infrastructure deployment.Reduce manual operations through orchestration and scripting.Continuously evaluate and integrate new technologies for security and performance.Technical Leadership & StrategyServe as Tier 3/4 escalation point and technical authority.Mentor engineers and define engineering standards and best practices.Lead large-scale infrastructure projects, migrations, and security transformations.Documentation & GovernanceMaintain enterprise-level architecture diagrams, system documentation, and SOPs.Define and enforce IT governance frameworks and security policies.Ensure documentation supports audit readiness and operational continuity.Education and Experience: Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related technical field preferredEquivalent combination of advanced technical experience, military training, or industry certifications may be considered in lieu of a degree7+ years of progressive experience in systems engineering, network engineering, cloud infrastructure, or cybersecurity rolesExpert-level knowledge of:Linux & Windows systems administrationAzure cloud architectureFortinet (FortiGate, FortiNAC)CrowdStrike Falcon (EDR/XDR)Microsoft Intune (MDM/MAM)Deep understanding of:Zero Trust ArchitectureNetwork protocols (TCP/IP, VLANs, DHCP, DNS, RADIUS, 802.1X)Email authentication (DMARC, DKIM, SPF)Strong experience with:SSL/TLS certificate managementDNS/domain security (GoDaddy or enterprise providers)Advanced scripting and automation expertisePreferred CertificationsCCNP / CCNAMicrosoft Azure (AZ-104, AZ-500)Key Competencies:Enterprise Architecture Leadership: Designs secure, scalable infrastructure aligned with business and security objectivesCybersecurity Expertise: Implements advanced security frameworks and defense-in-depth strategiesCloud & Network Engineering: Demonstrates deep expertise across hybrid infrastructure and enterprise networkingTechnical Leadership: Serves as a trusted technical authority and mentor across the organizationAutomation & Innovation: Continuously improves operational efficiency through automation and modern engineering practicesHow This Role Demonstrates Our Values:Integrity: Protects company systems, data, and infrastructure through disciplined security and governance practicesCollaboration: Partners across IT, Security, and business teams to deliver secure and scalable solutionsExcellence: Maintains high standards for infrastructure reliability, performance, and operational maturityCritical Curiosity: Evaluates emerging technologies and continuously improves enterprise architecture and security postureBenefitsCompetitive compensation package, including base salary and performance-based bonus opportunities401(k) plan with 100% company match up to 4%Comprehensive health coverage: medical, dental, vision, HSA, and FSA optionsGenerous paid time off: 20 days PTO, company holidays, and sick timePaid parental leaveCompany-paid life insurance and disability coverageEmployee Assistance Program (EAP): mental health, financial, and wellness supportProfessional development: tuition reimbursement and growth opportunitiesCommuter and transit benefitsSuccessful applicants will exemplify strong ethics, integrity, respect for others, accountability for decisions and actions, and good citizenship.Maintaining a reliable, uninterrupted high speed internet connection is a requirement of hybrid or remote positions.All job duties and responsibilities must be performed within the guidelines of the Verus Residential Mortgage Employee Handbook and established company policies and procedures. It is the responsibility of each employee to maintain confidentiality of the company, its clients and to follow applicable laws and regulations in the performance of duties.Verus Mortgage Capital is an equal opportunity employer. All qualified applicants are welcomed to apply and will receive consideration for employment without unlawful discrimination because of a person’s race, religious creed, color, national origin, citizenship status, ancestry, marital status, sex, age, or sexual orientation, or because of a person’s disability or medical condition.