Senior Infrastructure & Security Engineer

Kurv is executing a fundamental digital transformation, moving from legacy monolithic systems to a resilient, cloud-native enterprise leveraging
AWS
and
Databricks
.

We are seeking a
Senior Infrastructure & Security Engineer
to join our team as a
full-time, permanent stakeholder
. This role is for a long-term owner who will bridge the gap between our robust on-premise networking foundation and our future cloud state. Your primary responsibilities include the expert operational management of our newly established
SQL Server High-Availability (HA) Cluster
, the maintenance of our
Cisco and Palo Alto networking core
, and the ongoing build-out of our
AWS Landing Zone
.

Key Responsibilities

• Networking & Hybrid Connectivity (Physical & Cloud)

- Core Network Management:
Maintain and optimize the existing physical network stack, including
Cisco, PaloAlto,
and
Brocade networking
equipment
- Perimeter Security:
Manage
Palo Alto
firewalls, ensuring all inter-VLAN and inter-company traffic is scanned and secured.
- Connectivity Resilience:
Oversee internet circuits and connectivity for the organization.
- Hybrid Integration:
Implement and govern
AWS Transit Gateway
and
Direct Connect
(or IPsec VPN tunnels) to ensure seamless, secure communication across our hybrid environment.

• SQL HA Cluster Operations (Mission Critical)

- Operational Ownership:
Serve as the primary owner for the newly created SQL Server HA environment, managing
Windows Failover Clustering
and
Always On/Basic Availability Groups
.
- Performance Optimization:
- Maintain a working understanding of performance characteristics within a high-utilization SQL Server environment, including memory configuration, tempDB structure, and index health, to support troubleshooting and prevent resource saturation.
- Licensing & RPO:
Manage SQL Server licenses with
Software Assurance (SA)
and conduct regular failover drills to guarantee
zero data loss (Zero RPO)
for our payments business.

• Cloud Architecture

- Infrastructure as Code (IaC):
Maintain and expand our "Zero-Touch" production environment using
Terraform
to manage all AWS and Databricks resources.
- Landing Zone Governance:
Govern the AWS Organization through
Control Tower
and
Service Control Policies (SCPs)
to ensure multi-account security.
- FinOps:
Monitor real-time cloud spend; enforce mandatory tagging for departmental showback and manage auto-shutdown scripts for non-prod environments.

• Security, Identity & PCI Compliance

- PCI-DSS 4.0 Compliance:
Lead the technical maintenance of strict network segmentation and isolation for PCI-scoped systems.
- Identity-Based Perimeter:
Maintain
AWS IAM Identity Center
and
Databricks Unity Catalog
to enforce granular, identity-based access.
- Threat Management:
Drive remediation of security findings (e.g., XSS, NTLMv2) and monitor real-time events via
Splunk
and
AWS Security Hub
.

• Backup & Recovery Architecture (Enterprise Resilience)

- Air-Gapped Data Protection:
Maintain and manage enterprise backup operations using Veeam, ensuring secure, immutable backups within an air-gapped architecture to protect against ransomware and catastrophic data loss.
- Recovery Assurance:
Validate backup integrity through routine restore testing and verification procedures to support business continuity, disaster recovery objectives, and regulatory compliance requirements.
- Operational Governance:
Monitor backup job health, retention policies, and storage lifecycle management to ensure consistent protection across on-premise and hybrid workloads.

Required Qualifications

- 7+ years
of enterprise experience in infrastructure, networking, and security.
- Networking Mastery:
Advanced hands-on experience with
Cisco switching/routing
and
Palo Alto firewall
administration.
- SQL Clustering Expertise:
Proven experience managing multi-node production SQL Server clusters (HA/DR).
- AWS & IaC:
Hands-on experience with AWS core services and
Terraform
for multi-account environments.
- Practical PCI Experience:
Proven track record of supporting and passing audits in PCI-compliant environments.
- Hybrid Systems Knowledge:
Strong background in
VMware vSphere
and
Windows Server (AD/GPO)
.

Valuable Certifications

The following certifications are highly desired for this permanent role:

- Networking & Security:
- CCNP
(Routing and Switching) or
PCNSE
(Palo Alto Networks Certified Network Security Engineer)
- PCI Professional (PCIP)
or
Internal Security Assessor (ISA)
- CISSP
or
CISM
- Cloud & DevOps:
- AWS Certified Solutions Architect – Associate
(SAA-C03)
- HashiCorp Certified: Terraform Associate
- AWS Certified Security – Specialty
- FinOps Certified Practitioner (FCP)

What We’re Looking For

- A Full-Time Stakeholder:
Someone who wants to take long-term pride in Kurv’s stability.
- The "Bridge" Engineer:
Someone comfortable configuring a physical Cisco switch one hour and writing Terraform for an AWS Transit Gateway the next.
- Knowledge Capture:
A willingness to collaborate with subject matter experts to translate deep institutional and technical knowledge into automated, scalable cloud patterns.