Cybersecurity Infrastructure / Zero Trust Engineer
LOCATION - LAS COLINAS, (PREFERRED) BREVARD, CHARLOTTE - CHANDLERCONVERSION - NOSPOTLIGHT - 5.8INTV - PREFER IN- PERSON FOR LOCAL TO LAS COLINAS - TEAMS - 1 PANELMust-Haves / Core Skillset• Micro-Segmentation & Zero Trusto Hands-on experience with workload-level segmentation and lateral-movement prevention.o Demonstrated ability to move from visibility to enforcement safely in production environments.• Illumio or Equivalent Platform Experienceo Strong understanding of VEN agents, SaaS policy engines, enforcement modes, and migration considerations.o Comfort working directly with vendor engineering teams during live operational issues.• Traffic & Telemetry Analysiso Strong proficiency with SIEM tools (especially time-based analysis, distributions, and baselining).o Ability to reason about event ingestion pipelines and end-to-end telemetry delivery.• Operating Systems & Infrastructureo Solid Linux and Windows server fundamentals.o Understanding of application communication patterns, service dependencies, and network flows.• Operational Maturityo Experience with production change management and incident response.bility to halt or delay enforcement when telemetry or validation is insufficient.• Communication & Influenceo Ability to clearly communicate technical risk, impact, and recommendations to engineers, leadership, and vendors.o Comfortable translating telemetry and failures into executive-level summaries.Mission (Overarching Goal)dvance the enterprise Zero Trust micro-segmentation program, delivering safe, auditable, and scalable traffic visibility and policy enforcement across hybrid environments (on-prem and cloud). This role ensures operational reliability, policy confidence, and vendor accountability for Illumio SaaS-based segmentation at enterprise scale.Day-to-Day Responsibilities• Operate and mature the Illumio micro-segmentation platform (SaaS with limited on-prem presence), including VEN agent lifecycle management across Windows, Linux, and future AIX workloads.• Design, validate, and deploy least-privilege segmentation policies, ensuring policy changes can be safely verified via traffic telemetry before and after enforcement.• Analyze traffic flow telemetry and delay metrics across ingestion pipelines and SIEM tooling to validate platform health, identify regressions, and distinguish policy issues from platform or vendor constraints.• Lead incident response and vendor escalation with Illumio engineering, including capacity constraints, SaaS scaling events, maintenance windows, and potential data integrity risks.• Partner with Network Engineering, NOC/NMC, application teams, and platform owners to coordinate production changes, policy deployments, and change-management activities.• Maintain and evolve security standards, baselines, and deployment guidance for enterprise micro-segmentation, aligning to internal governance, audit, and risk requirements.• Support large-scale onboarding and migration efforts, including SaaS cutovers, phased policy enforcement, and certification of segmentation controls for high-risk and payment applications.Nice-to-Haves (Certifications / Extras)• Security & Architectureo CISSP, CCSP, or comparable security architecture certificationo Zero Trust-focused training or vendor micro-segmentation certifications• Cloud & Identityo Familiarity with Azure and enterprise IAM concepts (SaaS authentication, RBAC, API access)• Advanced Platform Integrationo Experience integrating segmentation telemetry into SIEM, data lakes, or automation pipelineso Exposure to policy certification, audit traceability, or regulatory reportingMicro-segmentation & Zero TrustDeep understanding of workload-level segmentation, policy modeling, and lateral-movement prevention.Practical experience enforcing policy safely in production, not just designing it.EEO:"Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans."