C
Staff Security Engineer
Cardone Ventures LLC
1 hour ago
Contract
Arizona
United States
Job DescriptionJob Description:
Total Compensation: $190k-$210k annually Location: Scottsdale, AZ Workplace Setting: Fully Onsite Position Summary The Staff Infrastructure & Security Engineer is the sole technical owner of all cloud infrastructure, cybersecurity, identity, endpoint operations, and DevOps platform engineering for a 240-person business management consultancy operating a large-scale Azure and Microsoft Fabric environment. This role reports to the IT Director and is accountable for the end-to-end buildout, hardening, and operational excellence of every infrastructure and security workstream on the 2026 roadmap.This includes SIEM deployment and zero-trust identity, disaster recovery, cloud cost optimization, and the CI/CD and hosting infrastructure powering our proprietary AI platform, the Hub - a multi-tenant "Super App" serving internal teams and external clients across multiple verticals, with a suite of AI-driven applications (Trainer, SalesIQ, Jarvis, Knowledge, Momentum, Dashboards, Blueprints, Capture) shipping at high velocity across web and mobile.This is not a maintenance role: it is a greenfield buildout of enterprise-grade infrastructure, security posture, and developer platform across 80+ SharePoint sites, multiple Fabric Lakehouses, a growing multi-tenant client ecosystem, and a product engineering organization that needs world-class deployment and observability tooling. ABOUT CARDONE VENTURES Our mission is to help business owners achieve their personal, professional, and financial goals through the growth of their businesses. We work in dozens of verticals and provide strategic business guidance through courses, live events, partnerships, and investments. Our core values are the backbone of our business and guide our hiring process: we are inspirational, accountable, transparent, disciplined, aligned, and results oriented. This company operates nationally and is growing by the day. This role requires an AI-native engineerLLM fluency is a hard requirement - not a preference. The throughput expected of this roleassumes active, daily use of AI tooling to achieve what typically requires a multi-person team.Claude AI (Anthropic) is provided and expected to be used for IaC authoring, detection ruledevelopment, runbook creation, policy generation, log analysis, and automation scripting.Engineers who embrace AI as a force multiplier will thrive here. Those who don't will struggle tokeep pace with the scope. What Success Looks LikeSIEM OperationalWithin 6 monthsTuned alerting, active connectors, and initial SOARplaybooks live. Mean-time-to-detect under 30 minutesfor critical events. Hub CI/CD50%+ cycle time reductionZero-downtime deployments and sub-5-minuterollback fully operational within the first 6 months. Hub Platform Uptime99.9% SLAProactive alerting that surfaces degradation after end users or clients report it. Endpoint Compliance100% fleet by end of Q3Full Intune compliance across 240+ Windows and Macendpoints with hardened baselines, automatedpatching, and DLP enforced. Disaster RecoveryValidated by end of Q3Immutable backups, documented runbooks, and asuccessful DR drill with measured RTO. Quarterlytests sustained thereafter. Identity AccessWithin 6 monthsMFA hardened, PIM enforced for all privileged roles,CA policies cleaned up and documented, firstcompany-wide access review complete. Azure Cost Reduction15%+ savingsRight-sizing, tagging enforcement, and costoptimization - while simultaneously improvingreliability metrics. Penetration TestH2 - zero unresolved criticalsPass external pen test with no critical or high-severityfindings unresolved beyond agreed SLAs. Objectives Hub Platform DevOpsDesign, build, and maintain CI/CD pipelines for the Hub platform and its application suite (Trainer,SalesIQ, Jarvis, Knowledge, Momentum, Dashboards, Blueprints, Capture), enabling multipleproduction deployments per day with automated testing, security scanning, and rollback.Own the Hub's Azure hosting infrastructure - container orchestration, environment management(dev/staging/production), auto-scaling, and performance optimization across web and mobile deliverysurfaces.Implement and maintain full-stack observability across the Hub - APM, distributed tracing, structuredlogging, and real-time alerting - ensuring engineering and product teams have complete visibility intosystem health, latency, and error and manage infrastructure supporting the Hub's multi-tenant architecture: data isolation, per-clientperformance SLAs, and secure deployment patterns across internal teams, client verticals (Roofing,Home Services), and event deployments.Partner with engineering to define and enforce deployment standards, branching strategies,environment promotion workflows, and infrastructure requirements for new launches including mobilereleases, voice mode, telephony integrations, and AI agent capabilities (Dawson AI, Jarvis). Cloud Infrastructure IaCArchitect and enforce Infrastructure-as-Code standards (Terraform or Bicep) across all Azureenvironments - eliminating manual provisioning and ensuring every resource is version-controlled,tagged, and auditable.Own Azure cloud operations: cost optimization, monitoring and alerting, SRE metrics, capacityplanning, incident response runbooks, and scale reviews supporting the Microsoft Fabric and OneLakedata and improve Microsoft Fabric, OneLake, and SharePoint Online environments: governance,access controls, and M365 ecosystem integration across 80+ SharePoint sites and multiple FabricLakehouses. Security Operations SIEMDesign, deploy, and operationalize a SIEM platform (selection, connector integration, detection ruleauthoring, alert tuning, and SOAR pilot) - establishing the company's first centralized securitymonitoring capability.Stand up and maintain the vulnerability management program: scanner deployment, baseline scanning,remediation sprints with SLAs, exception tracking, lightweight AppSec practices, cloud security posturereviews, and annual penetration test ongoing security posture: firewall policy hygiene, network segmentation, patch/firmwareLifecycle, and continuous hardening across cloud and endpoint surfaces. Identity Access ManagementBuild and execute the full IAM lifecycle in Entra ID: auth policies, MFA strengthening, PIM rollout,conditional access cleanup, SSO audit, passkey deployment, guest controls, and quarterly privilegedaccess reviews.Administer identity and access integrations across Okta (where applicable), Microsoft Entra ID, and keySaaS applications - SSO/MFA troubleshooting, SCIM provisioning, and least-privilege enforcement. Endpoint ManagementDeploy and harden Intune endpoint management across both Windows and Mac fleets: securitybaselines, application control, patch cadence automation, compliance policies, and DLP rollout across240+ endpoints.Maintain endpoint security posture: disk encryption enforcement, EDR/AV health, OS patchingstrategies, and remediation device provisioning and lifecycle: new hire setups, hardware staging, asset tracking, andend-of-life coordination. Disaster Recovery Business ContinuityDesign and implement the backup and DR architecture: backup review, DR design, immutable storage,SaaS backup coverage (M365, critical SaaS), restore testing, RTO tuning, and runbook quarterly DR drills with measured RTO and maintain living runbooks that reflect currentarchitecture. Automation, AI ReportingOperate as an AI-native practitioner - leveraging Claude AI and LLM tooling daily to accelerate IaCauthoring, detection rule development, policy generation, runbook creation, log analysis, andautomation scripting.Automate repeatable tasks using PowerShell, Python, and Bash; build self-service tooling andknowledge base materials that reduce Tier 1/2 escalation load.Produce clear, concise infrastructure and security status reporting for the IT Director, CTO, andexecutive stakeholders - covering risk posture, project progress, incident trends, and budget. Required CompetenciesDeep, hands-on expertise across Azure cloud infrastructure - compute, networking, storage, Entra ID,Intune, Defender, and Sentinel or equivalent SIEM - with the ability to architect and implement atenterprise scale without a team.Hands-on experience with container orchestration (Kubernetes/AKS or Azure Container Apps), CI/CDplatforms (GitHub Actions, Azure DevOps), and IaC (Terraform strongly preferred; Bicep/ARMacceptable) for both corporate and application hosting environments.Strong application-level observability skills - Datadog, Application Insights, Grafana - with the abilityto instrument, monitor, and troubleshoot distributed systems serving web and mobile clients.AI fluency is a hard requirement: Demonstrated proficiency using LLMs and AI-assisted tooling(Claude, Copilot, or equivalent) to accelerate IaC authoring, security policy generation, detection ruledevelopment, runbook creation, and automation scripting.Command-level knowledge of modern security frameworks (NIST, CIS, zero-trust principles) and practical experience implementing identity governance, endpoint hardening, DLP, SIEM/SOAR, and vulnerability management programs.Proven ability to own and execute 4-6 concurrent technical workstreams independently - prioritizing ruthlessly and delivering production-grade results without dedicated project management support.Strong understanding of Microsoft Fabric, OneLake, and SharePoint Online administration, including data governance, access controls, and integration with the broader M365 ecosystem.Exceptional written and verbal communication skills, with the ability to translate complex infrastructure and security decisions into clear business-risk language for non-technical executives.Track record of building from zero - standing up programs, processes, and tooling in environments where none existed - rather than inheriting and maintaining mature infrastructure . click apply for full job details
Total Compensation: $190k-$210k annually Location: Scottsdale, AZ Workplace Setting: Fully Onsite Position Summary The Staff Infrastructure & Security Engineer is the sole technical owner of all cloud infrastructure, cybersecurity, identity, endpoint operations, and DevOps platform engineering for a 240-person business management consultancy operating a large-scale Azure and Microsoft Fabric environment. This role reports to the IT Director and is accountable for the end-to-end buildout, hardening, and operational excellence of every infrastructure and security workstream on the 2026 roadmap.This includes SIEM deployment and zero-trust identity, disaster recovery, cloud cost optimization, and the CI/CD and hosting infrastructure powering our proprietary AI platform, the Hub - a multi-tenant "Super App" serving internal teams and external clients across multiple verticals, with a suite of AI-driven applications (Trainer, SalesIQ, Jarvis, Knowledge, Momentum, Dashboards, Blueprints, Capture) shipping at high velocity across web and mobile.This is not a maintenance role: it is a greenfield buildout of enterprise-grade infrastructure, security posture, and developer platform across 80+ SharePoint sites, multiple Fabric Lakehouses, a growing multi-tenant client ecosystem, and a product engineering organization that needs world-class deployment and observability tooling. ABOUT CARDONE VENTURES Our mission is to help business owners achieve their personal, professional, and financial goals through the growth of their businesses. We work in dozens of verticals and provide strategic business guidance through courses, live events, partnerships, and investments. Our core values are the backbone of our business and guide our hiring process: we are inspirational, accountable, transparent, disciplined, aligned, and results oriented. This company operates nationally and is growing by the day. This role requires an AI-native engineerLLM fluency is a hard requirement - not a preference. The throughput expected of this roleassumes active, daily use of AI tooling to achieve what typically requires a multi-person team.Claude AI (Anthropic) is provided and expected to be used for IaC authoring, detection ruledevelopment, runbook creation, policy generation, log analysis, and automation scripting.Engineers who embrace AI as a force multiplier will thrive here. Those who don't will struggle tokeep pace with the scope. What Success Looks LikeSIEM OperationalWithin 6 monthsTuned alerting, active connectors, and initial SOARplaybooks live. Mean-time-to-detect under 30 minutesfor critical events. Hub CI/CD50%+ cycle time reductionZero-downtime deployments and sub-5-minuterollback fully operational within the first 6 months. Hub Platform Uptime99.9% SLAProactive alerting that surfaces degradation after end users or clients report it. Endpoint Compliance100% fleet by end of Q3Full Intune compliance across 240+ Windows and Macendpoints with hardened baselines, automatedpatching, and DLP enforced. Disaster RecoveryValidated by end of Q3Immutable backups, documented runbooks, and asuccessful DR drill with measured RTO. Quarterlytests sustained thereafter. Identity AccessWithin 6 monthsMFA hardened, PIM enforced for all privileged roles,CA policies cleaned up and documented, firstcompany-wide access review complete. Azure Cost Reduction15%+ savingsRight-sizing, tagging enforcement, and costoptimization - while simultaneously improvingreliability metrics. Penetration TestH2 - zero unresolved criticalsPass external pen test with no critical or high-severityfindings unresolved beyond agreed SLAs. Objectives Hub Platform DevOpsDesign, build, and maintain CI/CD pipelines for the Hub platform and its application suite (Trainer,SalesIQ, Jarvis, Knowledge, Momentum, Dashboards, Blueprints, Capture), enabling multipleproduction deployments per day with automated testing, security scanning, and rollback.Own the Hub's Azure hosting infrastructure - container orchestration, environment management(dev/staging/production), auto-scaling, and performance optimization across web and mobile deliverysurfaces.Implement and maintain full-stack observability across the Hub - APM, distributed tracing, structuredlogging, and real-time alerting - ensuring engineering and product teams have complete visibility intosystem health, latency, and error and manage infrastructure supporting the Hub's multi-tenant architecture: data isolation, per-clientperformance SLAs, and secure deployment patterns across internal teams, client verticals (Roofing,Home Services), and event deployments.Partner with engineering to define and enforce deployment standards, branching strategies,environment promotion workflows, and infrastructure requirements for new launches including mobilereleases, voice mode, telephony integrations, and AI agent capabilities (Dawson AI, Jarvis). Cloud Infrastructure IaCArchitect and enforce Infrastructure-as-Code standards (Terraform or Bicep) across all Azureenvironments - eliminating manual provisioning and ensuring every resource is version-controlled,tagged, and auditable.Own Azure cloud operations: cost optimization, monitoring and alerting, SRE metrics, capacityplanning, incident response runbooks, and scale reviews supporting the Microsoft Fabric and OneLakedata and improve Microsoft Fabric, OneLake, and SharePoint Online environments: governance,access controls, and M365 ecosystem integration across 80+ SharePoint sites and multiple FabricLakehouses. Security Operations SIEMDesign, deploy, and operationalize a SIEM platform (selection, connector integration, detection ruleauthoring, alert tuning, and SOAR pilot) - establishing the company's first centralized securitymonitoring capability.Stand up and maintain the vulnerability management program: scanner deployment, baseline scanning,remediation sprints with SLAs, exception tracking, lightweight AppSec practices, cloud security posturereviews, and annual penetration test ongoing security posture: firewall policy hygiene, network segmentation, patch/firmwareLifecycle, and continuous hardening across cloud and endpoint surfaces. Identity Access ManagementBuild and execute the full IAM lifecycle in Entra ID: auth policies, MFA strengthening, PIM rollout,conditional access cleanup, SSO audit, passkey deployment, guest controls, and quarterly privilegedaccess reviews.Administer identity and access integrations across Okta (where applicable), Microsoft Entra ID, and keySaaS applications - SSO/MFA troubleshooting, SCIM provisioning, and least-privilege enforcement. Endpoint ManagementDeploy and harden Intune endpoint management across both Windows and Mac fleets: securitybaselines, application control, patch cadence automation, compliance policies, and DLP rollout across240+ endpoints.Maintain endpoint security posture: disk encryption enforcement, EDR/AV health, OS patchingstrategies, and remediation device provisioning and lifecycle: new hire setups, hardware staging, asset tracking, andend-of-life coordination. Disaster Recovery Business ContinuityDesign and implement the backup and DR architecture: backup review, DR design, immutable storage,SaaS backup coverage (M365, critical SaaS), restore testing, RTO tuning, and runbook quarterly DR drills with measured RTO and maintain living runbooks that reflect currentarchitecture. Automation, AI ReportingOperate as an AI-native practitioner - leveraging Claude AI and LLM tooling daily to accelerate IaCauthoring, detection rule development, policy generation, runbook creation, log analysis, andautomation scripting.Automate repeatable tasks using PowerShell, Python, and Bash; build self-service tooling andknowledge base materials that reduce Tier 1/2 escalation load.Produce clear, concise infrastructure and security status reporting for the IT Director, CTO, andexecutive stakeholders - covering risk posture, project progress, incident trends, and budget. Required CompetenciesDeep, hands-on expertise across Azure cloud infrastructure - compute, networking, storage, Entra ID,Intune, Defender, and Sentinel or equivalent SIEM - with the ability to architect and implement atenterprise scale without a team.Hands-on experience with container orchestration (Kubernetes/AKS or Azure Container Apps), CI/CDplatforms (GitHub Actions, Azure DevOps), and IaC (Terraform strongly preferred; Bicep/ARMacceptable) for both corporate and application hosting environments.Strong application-level observability skills - Datadog, Application Insights, Grafana - with the abilityto instrument, monitor, and troubleshoot distributed systems serving web and mobile clients.AI fluency is a hard requirement: Demonstrated proficiency using LLMs and AI-assisted tooling(Claude, Copilot, or equivalent) to accelerate IaC authoring, security policy generation, detection ruledevelopment, runbook creation, and automation scripting.Command-level knowledge of modern security frameworks (NIST, CIS, zero-trust principles) and practical experience implementing identity governance, endpoint hardening, DLP, SIEM/SOAR, and vulnerability management programs.Proven ability to own and execute 4-6 concurrent technical workstreams independently - prioritizing ruthlessly and delivering production-grade results without dedicated project management support.Strong understanding of Microsoft Fabric, OneLake, and SharePoint Online administration, including data governance, access controls, and integration with the broader M365 ecosystem.Exceptional written and verbal communication skills, with the ability to translate complex infrastructure and security decisions into clear business-risk language for non-technical executives.Track record of building from zero - standing up programs, processes, and tooling in environments where none existed - rather than inheriting and maintaining mature infrastructure . click apply for full job details