Cybersecurity Infrastructure / Zero Trust Engineer

Micro-Segmentation & Zero Trust Engineer

LOCATION - LAS COLINAS, (PREFERRED) BREVARD, CHARLOTTE - CHANDLER CONVERSION - NO SPOTLIGHT - 5.8 INTV - PREFER IN-PERSON FOR LOCAL TO LAS COLINAS - TEAMS - 1 PANEL

Must-Haves / Core Skillset

• Micro-Segmentation & Zero Trust
• Hands-on experience with workload-level segmentation and lateral-movement prevention.
• Demonstrated ability to move from visibility to enforcement safely in production environments.
• Illumio or Equivalent Platform Experience
• Strong understanding of VEN agents, SaaS policy engines, enforcement modes, and migration considerations.
• Comfort working directly with vendor engineering teams during live operational issues.
• Traffic & Telemetry Analysis
• Strong proficiency with SIEM tools (especially time-based analysis, distributions, and baselining).
• Ability to reason about event ingestion pipelines and end-to-end telemetry delivery.
• Operating Systems & Infrastructure
• Solid Linux and Windows server fundamentals.
• Understanding of application communication patterns, service dependencies, and network flows.
• Operational Maturity
• Experience with production change management and incident response.
• Ability to halt or delay enforcement when telemetry or validation is insufficient.
• Communication & Influence
• Ability to clearly communicate technical risk, impact, and recommendations to engineers, leadership, and vendors.
• Comfortable translating telemetry and failures into executive-level summaries.

Mission (Overarching Goal)

Advance the enterprise Zero Trust micro-segmentation program, delivering safe, auditable, and scalable traffic visibility and policy enforcement across hybrid environments (on-prem and cloud). This role ensures operational reliability, policy confidence, and vendor accountability for Illumio SaaS–based segmentation at enterprise scale.

Day-to-Day Responsibilities

• Operate and mature the Illumio micro-segmentation platform (SaaS with limited on-prem presence), including VEN agent lifecycle management across Windows, Linux, and future AIX workloads.
• Design, validate, and deploy least-privilege segmentation policies, ensuring policy changes can be safely verified via traffic telemetry before and after enforcement.
• Analyze traffic flow telemetry and delay metrics across ingestion pipelines and SIEM tooling to validate platform health, identify regressions, and distinguish policy issues from platform or vendor constraints.
• Lead incident response and vendor escalation with Illumio engineering, including capacity constraints, SaaS scaling events, maintenance windows, and potential data integrity risks.
• Partner with Network Engineering, NOC/NMC, application teams, and platform owners to coordinate production changes, policy deployments, and change-management activities.
• Maintain and evolve security standards, baselines, and deployment guidance for enterprise micro-segmentation, aligning to internal governance, audit, and risk requirements.
• Support large-scale onboarding and migration efforts, including SaaS cutovers, phased policy enforcement, and certification of segmentation controls for high-risk and payment applications.

Nice-to-Haves (Certifications / Extras)

• Security & Architecture
• CISSP, CCSP, or comparable security architecture certification
• Zero Trust–focused training or vendor micro-segmentation certifications
• Cloud & Identity
• Familiarity with Azure and enterprise IAM concepts (SaaS authentication, RBAC, API access)
• Advanced Platform Integration
• Experience integrating segmentation telemetry into SIEM, data lakes, or automation pipelines
• Exposure to policy certification, audit traceability, or regulatory reporting

EEO: "Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of – Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans."