Infrastructure Security Engineer

Great benefits. Competitive pay. We know these are some of the things people look for in a job.

If youre the kind of person who believes that honoring and empowering our nations veterans is more than just a cause that its a calling then were ready to meet you.

When you join Wounded Warrior Project (WWP), youre committing to making a difference. We make a commitment to you, too helping you to find that spark, ignite your passion to serve, and embark on a career with meaning and purpose.

At WWP, We Recognize Our Mission Cannot Be Accomplished Without Our Talented Teammates, Which Is Why Were Proud To Offer Benefits Such As:

A flexible hybrid work schedule (three days in the office, two days work from home)

Full medical, dental, and vision coverage for both teammates AND family members

Competitive pay and performance incentives

A fun, mission-focused, and collaborative team environment

The Wounded Warrior Project (WWP) Infrastructure Security Engineer I is responsible for maintaining the security and compliance of servers, virtual machines (VMs), and network devices across both on-premises and Azure environments. This role includes applying security patches, implementing secure configurations, coordinating with cross-functional teams, and validating security remediations to protect the organizations IT infrastructure from vulnerabilities.

DUTIES & RESPONSIBILITIES

• Apply patches and security updates to servers, VMs, and network devices using tools such as Azure Update Manager, Intune, and GPO.
• Follow step-by-step remediation instructions from IT Security and validate implementations to ensure compliance.
• Manage the backlog of assigned vulnerabilities, including prioritizing and tracking remediation efforts in OneNote and Jira.
• Implement, validate, and baseline secure configurations for servers, VMs, and network devices in both Azure and on-premises environments.
• Research and apply best practices from sources such as Microsoft, Cisco, and NIST to maintain secure baselines.
• Validate changes using monitoring tools (e.g., Rapid7, SentinelOne, Microsoft Defender for Endpoint, Azure Security Center) and operational checks (e.g., logging, alerting, and backups) to confirm compliance and prevent disruptions.
• Coordinate with relevant technical teams to validate remediation feasibility and address dependencies.
• Partner with security stakeholders to interpret and implement security requirements for infrastructure.
• Collaborate with cross-functional teams to align remediation efforts and ensure operational stability.
• Document work clearly in tools such as OneNote and Jira, capturing configuration changes, patch status, and compliance tracking while supporting shared understanding of security best practices.
• Contribute to compliance dashboards and KPIs, ensuring accurate reporting of the organizations security posture.
• Manage rollout strategies and rollback procedures to minimize operational risk.
• Attend and actively participate in required training and/or meetings, including but not limited to New Teammate Orientation, WWP Cares, ASIST Suicide Prevention training, Leadership training, culture/team based training, or departmental huddles.
• Other related duties as assigned.
  
  

KNOWLEDGE, SKILLS, & ABILITIES

• Knowledge of server, virtual machine (VM), and network device patching, security hardening, and vulnerability remediation.
• Familiarity with vulnerability management and endpoint protection tools, such as Rapid7, SentinelOne, Microsoft Defender for Endpoint, and Azure Security Center.
• Skilled in managing Network Security Groups (NSGs) and next-generation firewalls (NGFWs) to secure network traffic and enforce security policies.
• Knowledge of hybrid cloud environments, including Azure Active Directory, Intune, Update Manager, and secure configuration management practices.
• Strong understanding of industry security standards and frameworks (e.g., NIST, CIS, Microsoft, Cisco).
• Proven ability to assess security risks, prioritize remediation efforts, and validate configuration changes without introducing operational risk.
• Demonstrated ability to interpret and implement complex security requirements for network infrastructure, including firewall rule creation and NSG management.
• Adept at communicating and documenting technical information clearly for both teammates and leadership.
• Ability to collaborate effectively with cross-functional teams, including network, systems, and security personnel.
• Proficient at managing competing priorities, tracking progress, and meeting deadlines using project management and documentation tools such as Jira and OneNote.
• Willingness to collaborate with peers and contribute to process enhancements and team growth.
• Unequivocal commitment to the highest standards of personal and business ethics and conduct.
• Mission-driven, guided by core values, and a pleasure to work with.
  
  

EXPERIENCE

Requirements

• Five years of experience in systems administration or infrastructure engineering, with a focus on server, VM, and network device security.
• Three years of experience in vulnerability management, patch management, or endpoint protection, utilizing tools such as Rapid7, SentinelOne, Microsoft Defender for Endpoint, or Azure Security Center.
• Two years of hands-on experience with Azure services, including Azure Active Directory, Intune, Update Manager, and secure configuration management.
• Two years of experience applying security frameworks and standards, including NIST, CIS, and Microsoft security baselines.
• Two years of experience managing network security in hybrid cloud environments, including configuring and maintaining Network Security Groups (NSGs) and next-generation firewalls (NGFWs).
  
  

Preferences

• Experience coordinating with cross-functional teams to remediate security vulnerabilities and validate secure configurations.
  
  

EDUCATION

Requirements

• Bachelors degree in information technology, computer science, cybersecurity, or related field. Equivalent combination of applicable education, training, certification, and experience may be considered in lieu of degree.
  
  

Preferences

• Bachelors degree in information technology, computer science, cybersecurity, or related field.
  
  

CERTIFICATIONS & LICENSURE

Requirements

• Cisco Certified Network Associate (CCNA) Certification.
  
  

Preferences

• Cisco Certified Network Professional (CCNP) Security Certification.
• Certified Information Systems Security Professional (CISSP) Certification.
• Microsoft Certified: Azure Security Engineer Associate (AZ-500).
• Microsoft Certified: Identity and Access Administrator Associate (SC-300).
  
  

WORK ENVIRONMENT/PHYSICAL DEMANDS

• General office environment; temperature controlled.
• Up to 10% travel.
  
  

We recognize the success of our mission depends on the efforts of our passionate, hard-working teammates. To help teammates remain focused on the warriors and families we serve, WWP offers a comprehensive benefits package that includes; Medical/Prescription drug, Dental, Vision, Life/AD&D, Short-term Disability, Long-term Disability, and an Employee Assistance Program. WWP also offers a 401(k)-retirement plan, a competitive PTO package, Sick Leave, Family Care Leave, Paid Holidays, Birthday Holiday, Education Assistance, Teammate Wellness Program, and Bereavement Leave.

For Washington, D.C. Applicants: The estimated hiring range for this position is between $118,272 - $147,840 annual base salary,subject to a candidates combination of experience, qualifications, and credentials. This position may also be eligible for an annual performance incentive.

• ca-ml
  
  

Wounded Warrior Project is an equal opportunity employer committed to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, marital status, citizenship, age, veteran or military status, disability, genetic information, or any other characteristic protected by law.