Infrastructure & Security Engineer

*Hybrid*

*On-site travel required for project deployments*

*Pacific or Mountain time zone required*

*Reports to Technical Operations Manager*

About the Role

Packet6 is looking for a skilled Infrastructure & Security Engineer to take ownership of enterprise-grade infrastructure and security initiatives for our client with sites across the West Coast and Hawaii. This is a technically deep role requiring hands-on expertise in cybersecurity, identity and access management, infrastructure monitoring and systems management, and security management.

You will report to the Technical Operations Manager and collaborate closely with the broader Packet6 engineering team, the CISO, and client. The role is hybrid, based on the Pacific or Mountain time zone, with on-site travel to client sites as projects require. You'll be driving infrastructure and security projects from design through implementation — not just executing projects, but shaping how systems are built and secured. This role includes on-call rotation for critical systems support.

This is an excellent opportunity for an experienced engineer who wants ownership of meaningful projects, enjoys working across a diverse technology stack, and thrives in a lean, trust-based environment where good work speaks for itself.

Day-to-Day Responsibilities

• Lead and execute Okta deployment as the central Identity Provider (IdP), integrating with downstream applications and enforcing phishing-resistant authentication
• Deploy and manage Zero Trust Network Access (ZTNA) and SASE solutions, including GlobalProtect VPN and related access control frameworks
• Conduct Google Groups and permissions audits, establishing least-privilege access policies across Google Workspace
• Manage endpoint security platforms including CrowdStrike — redeployment, policy tuning, and ongoing monitoring
• Evaluate, deploy, and manage a SIEM solution for centralized logging and security visibility across all network devices and applications
• Deploy and maintain enterprise network infrastructure across multi-site environments including firewalls, switches, access points, and WAN connectivity
• Monitor and respond to security events and alerts across endpoint, network, and identity systems
• Manage Okta policies, user lifecycle, group policies, and access reviews
• Monitor Okta for suspicious login activity, MFA anomalies, and indicators of account compromise
• Perform regular vulnerability scans and remediate findings in collaboration with the vCISO
• Perform ISP and backup connectivity deployments including Starlink rollouts across all sites
• Manage IT asset inventory and IP address management (IPAM) in NetBox, ensuring accuracy across all sites
• Lead and participate in change management activities, coordinating maintenance windows and communicating impact to stakeholders and principals
• Participate in firewall upgrades and replacement projects with the Jr. Network Engineer (e.g., Palo Alto Networks, Meraki, or Ubiquiti) including policy review, migration planning, and cutover execution
• Assist with configuration and management of site-to-site VPNs with BGP for ISP redundancy and dynamic failover across dual-WAN sites
• Support network camera systems — evaluating vendors, managing migrations, cross-team collaboration, and ensuring systems meet access and retention requirements
• Maintain IT SOPs, network & system diagrams, and technical documentation in Confluence
• Drive automation initiatives to reduce manual repetitive tasks and improve consistency across environments

Active Projects You'll Inherit and Drive

From day one, you will step into a portfolio of active infrastructure and security initiatives.

Current projects include:

Security & Access Control

• CrowdStrike deployment and policy tuning
• Okta deployment as central Identity Provider
• Google Workspace Enterprise upgrade (DLP, attachment protection, link scanning, external sender banner)
• Ongoing CISO-aligned cybersecurity task execution
• Zero Trust Network Access (ZTNA) architecture and rollout
• GlobalProtect VPN Rollout
• SASE VPN implementation
• SIEM solution evaluation and deployment
• NAC evaluation and deployment
• Upgrade Windows servers OS

Operations & Compliance

• IT inventory and IPAM audit using NetBox
• Google Groups and permissions audit
• Network camera management system
• IT SOP documentation

Network Infrastructure

• Backup ISP deployment across all sites
• Firewall upgrades at multiple sites
• Site-to-site VPN with BGP for dual-ISP sites
• New network deployments
• Fiber internet buildouts

Tools You Will Use

- Networking:
Juniper Mist, Palo Alto Networks, Meraki, UniFi, Starlink
- Security:
CrowdStrike, GlobalProtect, Palo Alto SASE/Prisma, SIEM
- Identity & Access:
Okta, Google Workspace Admin, Microsoft 365
- Infrastructure & Inventory:
NetBox (IPAM), NinjaOne, Kandji
- Automation:
Scripting tools (Bash, Python), APIs for platform integration
- Ticketing & Documentation:
Jira, Confluence
- Collaboration:
Slack, Google Meet, Zoom

Required Qualifications

• 3+ years of hands-on experience in security engineering, infrastructure, and/or network administration
• Experience deploying or administering an Identity Provider such as Okta, Azure AD, or Ping Identity
• Familiarity with Zero Trust principles and SASE/ZTNA architecture
• Working knowledge of endpoint security platforms (CrowdStrike or equivalent)
• Deep experience designing and managing enterprise firewall environments (Palo Alto, Juniper, or equivalent)
• Proficiency with BGP, VPN technologies (site-to-site, remote access), and WAN redundancy architectures
• Experience with wireless infrastructure — design, deployment, and management (Juniper Mist, Meraki, or UniFi)
• Strong documentation habits — you write clear playbooks, diagrams, and SOPs
• Ability to manage multiple simultaneous projects with competing priorities
• Comfortable working in a hybrid remote model with occasional travel to client sites
• Valid driver's license and ability to travel to West Coast and Hawaii sites as needed

Preferred Qualifications

• Experience in a Managed Service Provider (MSP) or managed security environment
• Experience managing Google Workspace at an enterprise level (DLP, security controls, Admin SDK)
• Familiarity with SIEM platforms (e.g., Splunk or similar)
• Hands-on experience with Juniper Mist and/or Mist Access Assurance
• Proficiency with NetBox or another IPAM/DCIM platform
• Scripting or automation skills (Bash, Python, or PowerShell) for infrastructure tasks
• Experience with physical IT tasks in multi-site environments (rack and stack, cabling, hardware staging)

What Success Looks Like

In your first 90 days, you have a clear handle on the active project portfolio, understand the current state of infrastructure across all sites, and have begun moving key initiatives forward. The Okta deployment roadmap is defined. Firewall upgrades are scoped and scheduled. Documentation gaps are identified and being addressed. You're a trusted voice in architecture decisions, and the team knows they can hand you a complex problem and you'll come back with a plan.

At six months, you've delivered multiple projects end-to-end: CrowdStrike is cleanly deployed across endpoints, VPN configurations are live, and the SIEM is ingesting logs. Security posture has measurably improved. You're not just completing tasks — you're anticipating what comes next and helping shape the roadmap.

Working at Packet6

We're a small, tight-knit team and we like it that way. No corporate fluff, no endless approval chains. Just a group of people who genuinely love technology and take pride in doing the work right.

Our team is distributed, so we stay connected through clear communication and a whole lot of trust. You won't have someone breathing down your neck — but you will have a crew that's got your back when things get weird (and in infrastructure and security, things sometimes get weird).

As an Infrastructure & Security Engineer at Packet6, you'll have real ownership of real systems. Bring your experience, bring your opinions, and bring your drive — because we're building something here and we want people who are excited to be part of it.

If you think infrastructure work is just keeping the lights on, this probably isn't the right fit. But if you care deeply about how systems are built, get fired up about security done right, and want to work alongside people who share that energy — let's talk.

*Work hard, be kind. Have fun doing it.*