Senior Manager, Infrastructure Protection Operations

Primary Responsibilities

Team Leadership & Development: Manage and mentor a team of infrastructure security professionals. Oversee staffing, coaching, performance management, and skills development to build a high-performing IPO team, fostering a culture of accountability, continuous improvement, and collaboration.

Vulnerability Management Program: Oversee the end-to-end vulnerability management program, including vulnerability scanning, patching, and remediation activities across servers, endpoints, and network devices. Ensure remediation timelines meet defined Service Level Agreements (SLAs) and escalate exceptions or delays to senior leadership. Track and report on vulnerability metrics to drive accountability and risk reduction.

Endpoint Security & Hardening: Ensure robust endpoint security by overseeing the team’s management of antivirus/EDR solutions, device hardening, and security baseline compliance. Confirm that endpoints (workstations, servers, etc.) adhere to secure configuration standards and direct timely remediation of any deviations or endpoint risks.

Network & Application Security Operations: Direct the operational management of network and application security controls. Oversee firewall, proxy, and web application firewall (WAF) policy enforcement and tuning in line with established security standards and architecture guidance. Ensure the team effectively monitors and responds to security events related to network, cloud, and application infrastructure, maintaining secure configurations and promptly addressing vulnerabilities or misconfigurations.

Operational Compliance & Audit Readiness: Ensure that infrastructure operations consistently comply with enterprise security policies, baselines, and regulatory requirements. Supervise recurring operational compliance checks and evidence collection for internal and external audits. Proactively address and remediate compliance deviations, maintaining audit readiness and documentation of controls at all times.

Secure Build Coordination: Collaborate with Cloud, Systems, Network, and Identity & Access Management (IAM) teams to integrate security requirements into infrastructure builds and changes. Validate that new systems and services are built in accordance with secure-by-default Ensure patch cycles, backups, and recovery processes for new deployments meet security and resilience standards.

Privileged Access Management Operations: Provide oversight for the enterprise’s privileged access management (PAM) operations and tooling. Ensure secure administration of privileged account vaults and credentials, enforcement of break-glass procedures (in partnership with IAM), and regular review/rotation of privileged access across all infrastructure teams.

Security Tooling & Monitoring: Ensure effective operation of key infrastructure security tools and monitoring processes. Oversee the team in maintaining and optimizing tools such as vulnerability scanners, EDR platforms, and configuration compliance systems. Leverage dashboards and reports to monitor infrastructure security alerts and the overall protection posture, driving continuous improvements in threat detection and response.

Governance & ARB Alignment: Represent the IPO team in governance processes and Architecture Review Board (ARB) discussions. Ensure that proposed infrastructure changes meet security control requirements and obtain necessary approvals. Drive the submission and tracking of any security exceptions or control deviations through governance workflows, partnering with Enterprise Architecture, Security Engineering, and other stakeholders to align on secure design and policy enforcement.

Disaster Recovery Alignment: Maintain disaster recovery (DR) readiness for IPO-managed security tools and processes. Ensure that procedures for recovering critical security infrastructure (e.g., security monitoring consoles, vulnerability scanners, policy stores) are documented and periodically tested. Align the IPO team’s DR plans with the broader enterprise DR/BCP (Business Continuity Plan) to guarantee rapid restoration of security capabilities during disruptions.

Security Engineering Partnership: Drive alignment between Security Engineering priorities and Infrastructure Operations and Architecture outcomes to support the desired future technology footprint (secure, compliant, and supportable).

Qualifications

Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience).

7+ years of experience in enterprise IT infrastructure security, operations, or systems administration, including at least 3 years in a people leadership role (such as team lead, supervisor, or manager).

ITIL 4 Certification completed or ability to complete within 90 days of employment.

Strong technical background in vulnerability management, endpoint security, network security operations, and infrastructure protection. Hands-on experience with patch management processes, endpoint protection (AV/EDR), and firewall/proxy administration.

Deep understanding of security frameworks, standards, and compliance requirements (e.g., CIS benchmarks, NIST CSF, ISO 27001) and a track record of ensuring operational adherence to these standards.

Excellent leadership, communication, and collaboration skills. Proven ability to work cross-functionally with infrastructure, cloud, architecture, and security teams to drive initiatives in a complex enterprise environment.

Ability to achieve outcomes with contracted or managed service provider resources as well as internal teams.

Must be legally authorized to work in the United States without current or future sponsorship

Preferred Skills

Master’s degree in Cybersecurity, Information Assurance, or a related field.

Relevant industry certifications such as CISSP, CISM, CRISC, or GIAC certifications (e.g., GCCC, GCWN).

Familiarity with enterprise security tools and platforms (e.g., vulnerability management systems like Tenable, Rapid7 or Qualys, endpoint detection & response platforms like CrowdStrike, and configuration compliance tools).

Experience implementing automation or process improvements in security operations to increase efficiency and consistency.

This position is an exempt position. The annualized base pay range for this role is expected to be between $120,000 - $150,000 base salary compensation range. Actual base pay may vary based on factors including, but not limited to, experience, subject matter expertise, geographic location where work will be performed, and the applicant’s skill set. The base pay is just one component of the total compensation package. Other rewards may include an annual cash bonus and a comprehensive benefits package, including but not limited to medical, dental, vision, life insurance, and 401(k). Please note that the job title is subject to change based on the selected candidate’s experience and education.