Senior Systems Network Engineer

Senior Systems Network Engineer Invictus Capital Partners / Verus Mortgage Capital Minneapolis, MN Job Details Full-time $150,000 - $160,000 a year 5 hours ago Benefits Commuter assistance Paid parental leave Health savings account Disability insurance Health insurance Dental insurance Flexible spending account Tuition reimbursement Paid time off Parental leave Employee assistance program Vision insurance 401(k) matching Life insurance Qualifications Meraki Windows Linux Intune Full Job Description Description We are seeking a highly advanced Senior Systems Network Engineer to architect, secure, and operate a modern hybrid enterprise infrastructure. This role operates at the intersection of network engineering, cloud architecture, endpoint security, and cybersecurity governance. You will be responsible for designing and enforcing a defense-in-depth security model, implementing Zero Trust Architecture, and ensuring end-to-end protection of identity, devices, networks, applications, and data across the organization. This is a hands-on technical leadership role with ownership of architecture, security strategy, and operational excellence. This position requires 24/7 on-call availability, with regular working hours of Monday through Friday, 8:00 AM to 5:00 PM.

Responsibilities and Duties:

Enterprise Architecture & Zero Trust Design Design and implement end-to-end enterprise architecture across on-prem and cloud environments (Azure-first strategy). Lead adoption of Zero Trust Architecture (ZTA): Identity-driven access (Azure AD / Entra ID) Device trust enforcement (Intune / MDM compliance) Network segmentation & micro-segmentation Continuous verification and least-privilege access Establish defense-in-depth strategy across: Perimeter (firewalls, NAC) Internal network (segmentation, NAC) Endpoint (EDR/XDR) Identity (MFA, Conditional Access) Data (DLP, encryption) Advanced Network Engineering & Security Architect and manage enterprise-grade networking across Netgear, Cisco Meraki, and hybrid WAN environments. Design and enforce multi-tier VLAN architecture, segmentation, and secure routing strategies. Configure and optimize

Fortinet FortiGate Firewalls:

Advanced threat protection (IPS, SSL inspection) ZTNA enforcement Application control and traffic shaping Deploy and manage

FortiNAC:

Device profiling and posture assessment Automated quarantine/remediation policies Integration with AD, RADIUS, and endpoint tools Implement and manage

RADIUS / 802.1X

authentication for secure network access. Perform deep network analysis including packet capture, traffic inspection, and anomaly detection. Integrate network telemetry into centralized logging / SIEM pipelines. Cloud Infrastructure & Hybrid Identity (Azure) Architect and manage Microsoft Azure environments: VMs, VNets, NSGs, load balancers, private endpoints Hybrid connectivity (VPN, ExpressRoute) Design secure identity architecture using Azure AD (Entra ID): Conditional Access policies MFA enforcement (Duo/YubiKey integration) Identity Protection & risk-based access Integrate on-prem Active Directory with Azure AD for hybrid identity governance. Implement role-based access control (RBAC) and privileged identity management (PIM). Drive infrastructure-as-code (IaC) and automation strategies. Endpoint Security, MDM & Device Governance Architect enterprise endpoint strategy using: Microsoft Intune (MDM/MAM) Device compliance policies, configuration profiles, and security baselines Enforce Zero Trust device posture validation before granting access. Implement full device lifecycle management (provisioning compliance decommissioning). Secure both corporate and BYOD environments with strict policy enforcement. Advanced Threat Protection & Data Security Lead deployment and optimization of CrowdStrike Falcon (EDR/XDR platform): Policy creation and tuning Behavioral threat detection and threat hunting Automated containment and response Design and enforce data protection strategies: Data classification and labeling Encryption (at rest, in transit) Implement multi-layered security controls across all attack surfaces. Conduct vulnerability management and coordinate remediation using enterprise tools. Email Security & Domain Protection Architect and enforce email authentication and anti-spoofing controls:

DMARC, DKIM, SPF

Monitor and respond to phishing campaigns and domain abuse. Manage DNS security, domain configurations, and SSL/TLS certificates via GoDaddy or enterprise DNS providers. Oversee certificate lifecycle management across infrastructure. Monitoring, Observability & Performance Engineering Implement enterprise monitoring using PRTG and advanced observability tools. Integrate logs into centralized

SIEM/XDR

platforms for correlation and threat detection. Develop proactive alerting, anomaly detection, and performance baselines. Conduct capacity planning and infrastructure optimization. Incident Response, Risk & Compliance Lead incident response and digital forensics investigations. Perform root cause analysis (RCA) and implement preventive controls. Design and test disaster recovery (DR) and business continuity (BCP) strategies.

Align infrastructure and controls with:

NIST, CIS

Controls, ISO 27001, FFIEC Support audits, risk assessments, and compliance reporting. Automation, DevSecOps & Innovation Develop automation pipelines using PowerShell, Bash,. Implement DevSecOps principles for secure infrastructure deployment. Reduce manual operations through orchestration and scripting. Continuously evaluate and integrate new technologies for security and performance. Technical Leadership & Strategy Serve as Tier 3/4 escalation point and technical authority. Mentor engineers and define engineering standards and best practices. Lead large-scale infrastructure projects, migrations, and security transformations. Documentation & Governance Maintain enterprise-level architecture diagrams, system documentation, and SOPs. Define and enforce IT governance frameworks and security policies. Ensure documentation supports audit readiness and operational continuity.

Education and Experience:

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related technical field preferred Equivalent combination of advanced technical experience, military training, or industry certifications may be considered in lieu of a degree 7+ years of progressive experience in systems engineering, network engineering, cloud infrastructure, or cybersecurity roles Expert-level knowledge of: Linux & Windows systems administration Azure cloud architecture Fortinet (FortiGate, FortiNAC) CrowdStrike Falcon (EDR/XDR) Microsoft Intune (MDM/MAM) Deep understanding of: Zero Trust Architecture Network protocols (TCP/IP, VLANs, DHCP, DNS, RADIUS, 802.1X) Email authentication (DMARC, DKIM, SPF) Strong experience with: SSL/TLS certificate management DNS/domain security (GoDaddy or enterprise providers) Advanced scripting and automation expertise Preferred Certifications

CCNP / CCNA

Microsoft Azure (AZ-104, AZ-500)

Key Competencies:

Enterprise Architecture Leadership:

Designs secure, scalable infrastructure aligned with business and security objectives

Cybersecurity Expertise:

Implements advanced security frameworks and defense-in-depth strategies

Cloud & Network Engineering:

Demonstrates deep expertise across hybrid infrastructure and enterprise networking

Technical Leadership:

Serves as a trusted technical authority and mentor across the organization

Automation & Innovation:

Continuously improves operational efficiency through automation and modern engineering practices

How This Role Demonstrates Our Values:

Integrity:

Protects company systems, data, and infrastructure through disciplined security and governance practices

Collaboration:

Partners across IT, Security, and business teams to deliver secure and scalable solutions

Excellence:

Maintains high standards for infrastructure reliability, performance, and operational maturity

Critical Curiosity:

Evaluates emerging technologies and continuously improves enterprise architecture and security posture Benefits Competitive compensation package, including base salary and performance-based bonus opportunities 401(k) plan with 100% company match up to 4% Comprehensive health coverage: medical, dental, vision, HSA, and FSA options Generous paid time off: 20 days PTO, company holidays, and sick time Paid parental leave Company-paid life insurance and disability coverage Employee Assistance Program (EAP): mental health, financial, and wellness support Professional development: tuition reimbursement and growth opportunities Commuter and transit benefits Successful applicants will exemplify strong ethics, integrity, respect for others, accountability for decisions and actions, and good citizenship. Maintaining a reliable, uninterrupted high speed internet connection is a requirement of hybrid or remote positions. All job duties and responsibilities must be performed within the guidelines of the Verus Residential Mortgage Employee Handbook and established company policies and procedures. It is the responsibility of each employee to maintain confidentiality of the company, its clients and to follow applicable laws and regulations in the performance of duties. Verus Mortgage Capital is an equal opportunity employer. All qualified applicants are welcomed to apply and will receive consideration for employment without unlawful discrimination because of a person's race, religious creed, color, national origin, citizenship status, ancestry, marital status, sex, age, or sexual orientation, or because of a person's disability or medical condition. About Invictus Capital Partners / Verus Mortgage Capital Verus Mortgage Capital is an independent national mortgage investor. Verus offers its Sellers responsible non-prime and Jumbo prime lending products that fill the credit void in today's market. Verus consistently evaluates today's market and credible borrower financing needs to offer our partners innovative solutions. Verus Mortgage Capital is an affiliate of Invictus Capital Partners please visit our website at https://verusmc.com/.