WHAT DOES AN INFRASTRUCTURE SECURITY ENGINEER DO?

Published: Sep 10, 2025 - The Infrastructure Security Engineer is responsible for designing, implementing, and operating core security controls across endpoints, networks, cloud, email, and internet-facing systems. This role involves performing threat and risk assessments, leading incident response efforts, and providing expert guidance to infrastructure and IT teams to ensure secure architecture and practices. The engineer also leads security initiatives, manages vendor relationships, and promotes the adoption of best practices throughout the organization.

A Review of Professional Skills and Functions for Infrastructure Security Engineer

1. Infrastructure Security Engineer Additional Details

  • Infrastructure Security: Own of efforts related to the securing of GitLab's SaaS infrastructure.
  • Policy Ownership: Own vulnerability management and patching policies.
  • Incident Response: Play a key role in the security incident response process.
  • Issue Mitigation: Identify and help mitigate security issues, misconfigurations, and vulnerabilities related to GitLab’s cloud, container and Kubernetes infrastructure.
  • Security Implementation: Implement new and update existing security measures for the protection of GitLab.com infrastructure.
  • Log Analysis: Utilize a log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers.
  • Runbook Contribution: Contribute to the creation of runbooks.
  • Detection Tuning: Contribute to the production and tuning of detection rules.

2. Infrastructure Security Engineer Details and Accountabilities

  • Security Management: Design, implement, manage and improve security systems and controls.
  • Issue Mitigation: Identify and help mitigate security issues and vulnerabilities.
  • Secure Frameworks: Design, implement and maintain secure-by-default frameworks to enable engineering teams.
  • Security Advocacy: Influence engineering initiatives through design reviews, communicating security constraints and helping teams make the right trade-offs.
  • Compliance Integration: Leverage the structure of compliance frameworks.
  • Control Implementation: Help identify and implement useful security controls.
  • Team Collaboration: Work with teammates and stakeholders.
  • Risk Strategy: Develop short and long-term strategies for managing risks.

3. Infrastructure Security Engineer Functions

  • Infrastructure Design: Responsible for the design, configuration and migration of security infrastructures.
  • Technical Support: Provide 2nd and 3rd level support.
  • Team Collaboration: Collaborate with local and international IT teams for an efficient strategy, as well as with the security operations team.
  • Documentation Maintenance: Elaborate and maintain technical documentation.
  • Vendor Interaction: Interact with external Providers and Manufacturers for innovation tasks and developing new services.
  • Vulnerability Analysis: Identify vulnerabilities in the IT infrastructure and analyse security threats.
  • Security Recommendations: Provide recommendations to secure the environment.
  • Project Management: Responsible for managing security projects.

4. Infrastructure Security Engineer Tasks

  • Design Review: Review technical designs and as-builts for systems in externally facing DMZs and internal enclaves and compare them to industry best practices and firm policies, procedures, and standards and identify gaps and opportunities for improvement.
  • Team Collaboration: Work with infrastructure and application development teams.
  • Compliance Verification: Review design proposals and as-builts, test to verify compliance with controls and best practices, document findings, and help remediate gaps.
  • Technical Advisory: Act as a technical advisor to the DMZ Governance Group and its membership.
  • Asset Validation: Review and verify DMZ, Enclaves, and supporting infrastructure physical and logical asset inventories are correct and work to remediate any gaps.
  • Incident Participation: Participate in security incident reviews and live investigations involving DMZ and secure enclave assets.
  • Security Assessment: Partner with vulnerability management and cyber hunt/investigation teams to assess security posture, including fuzzing of protocols, hardware, and software.
  • Engineering Principles: Apply system security engineering principles to deliver real solutions designed to enhance the security position.
  • Threat Analysis: Review server and network configurations and identify threats and develop suitable interventions.
  • Change Review: Evaluate system changes for security implications and recommend enhancements.
  • Cyber Research: Research, and draft cybersecurity white papers and participate in the firm's security community as a technical expert.
  • Metrics Collection: Facilitate the collection of KPIs and key metrics for monthly DMZ governance meetings.

5. Infrastructure Security Engineer Roles

  • Security Maintenance: Maintain and improve the security bar of the Dropbox infrastructure in order to protect customer data.
  • Security Review: Review current and upcoming infrastructure stack from a security perspective.
  • System Hardening: Provide hardening mechanisms and recommendations.
  • Infrastructure Deployment: Deploy, build, and/or operate security infrastructure solutions to help scale the security program.
  • Control Automation: Automate security controls using scripting.
  • Strategy Definition: Define security strategies for new infrastructure initiatives or programs.
  • Vendor Assessment: Perform security assessments on third-party vendors and integrations.
  • Incident Response: Participate in on-call rotation for infrastructure security issues.

6. Infrastructure Security Engineer Responsibilities and Key Tasks

  • Technology Research: Research security trends and emerging technologies, identify business and technical requirements.
  • Solution Deployment: Perform technical evaluation and support the deployment of multi-regional security solutions.
  • Control Evaluation: Review implementation of security controls and evaluate effectiveness, make recommendations for improvements.
  • Audit Strategy: Develop a strategy for dealing with an increasing number of audits, compliance checks and external assessment processes for internal/external auditors.
  • Audit Collaboration: Work with auditors to keep audit focus in scope, maintain excellent relationships with audit entities.
  • Institutional Representation: Provide a consistent perspective that continually puts the institution in its best light.
  • Audit Guidance: Provide guidance, evaluation and advocacy on audit responses.
  • Incident Management: Keep abreast of security incidents and act as the primary control point during information security incidents.
  • DevOps Security: Work with the DevOps team, focusing on security in addition to supporting linkage between development and product operations.
  • Infrastructure Security: Work with the Infrastructure team to implement, configure, and upgrade cloud computer systems, servers, firewall, intrusion-detection and network infrastructure using security best practices and following industry standards, including SOC2, ISO 27001, and other regulatory requirements.

7. Infrastructure Security Engineer Roles and Responsibilities

  • Security Monitoring: Implement and monitor security measures for the protection of computer systems, networks and information.
  • Requirement Definition: Identify and define system security requirements.
  • Architecture Design: Design computer security architecture and develop detailed cybersecurity designs.
  • System Maintenance: Maintain all the software and hardware in relation to security.
  • Threat Identification: Identify current and emerging technology issues, including security trends, vulnerabilities and threats.
  • Solution Implementation: Source and implement new security solutions to better protect the organisation.
  • Risk Analysis: Conduct proactive research to analyse security weaknesses and recommend appropriate strategies.
  • Vendor Coordination: Liaise with vendors to implement security solutions.
  • Infrastructure Review: Actively review, monitor and improve network infrastructure security.

8. Infrastructure Security Engineer Job Summary

  • Self-Audit Execution: Undertake a regular programme of self-audit and baselining by utilizing the appropriate tools and in conjunction with formal audits as conducted by both internal and external auditors.
  • Strategic Planning: Assist the Head of Department, places in developing long-term strategic plans and improving compliance and governance by implementing best security practices.
  • Change Management: Accountable for changes affecting the ICT infrastructure and that such changes take place in a controlled and auditable manner.
  • Service Assurance: Ensure that Careem and its customers’ systems meet the required service levels for availability, performance and integrity.
  • Project Communication: Communicate relevant project information to superiors.
  • Presentation Delivery: Deliver engaging, informative and well-organized presentations.
  • Issue Resolution: Resolve and/or escalate issues in a timely fashion.
  • Sensitive Communication: Understand how to communicate difficult/sensitive information tactfully.

9. Infrastructure Security Engineer Duties

  • Security Liaison: Liaise with the information security organization.
  • Policy Alignment: Collaborate and align the security policies and requirements with the IT infrastructure.
  • Strategy Definition: Define infrastructure security strategy, roadmap and drive for change.
  • Cloud Security: Focus on the cloud security implementation.
  • Monitoring Deployment: Deploy security monitoring and integrate with SOC-managed Security Orchestration, Automation and Response system (SOAR).
  • SOC Coordination: Coordinate with the Security Operations Center (SOC) on the Security Information and Event Management (SIEM).
  • Risk Mitigation: Partner with the Information Security team on identifying on-prem and cloud infrastructure security risk areas, create the risk mitigation plans and execute them.
  • Stakeholder Partnership: Partner with project teams, vendors, support organizations, and functional architects.
  • Initiative Delivery: Drive security initiative from inception to production implementation.
  • Architecture Collaboration: Collaborate with application and infrastructure architects.
  • Security Architecture: Responsible for delivering the technical security architectures, patterns, technical quality, risks, fitness for purpose and operability of technical security architecture solutions.
  • Presentation Leadership: Lead technical presentations, demonstrating a good understanding of application, data, infrastructure, architecture expertise and application systems design.
  • Team Mentorship: Lead and mentor the operations team.
  • Technical Troubleshooting: Hands-on deploying, troubleshooting and solving technical issues.
  • Problem Ownership: Own the problem and drive for resolution.

10. Infrastructure Security Engineer Details

  • Best Practices Implementation: Implement security best practices in cloud and on-premise IT environments following industry standards/recommendations.
  • Vulnerability Management: Identify vulnerabilities / missing patches across all physical servers, virtual servers, end user workstations, containers, etc., and ensure they are prioritized for remediation.
  • Container Security: Implement runtime security measures for container environments.
  • Log Centralization: Ensure relevant audit and security logs are collected to a central location and exposed to the correct teams for triage, analysis, and incident response.
  • Audit Collaboration: Work with auditors and compliance teams to meet required policies and collect required evidence.
  • Admin Rights Control: Work with IT/Engineering teams to ensure admin rights are not needed on end-user workstations for everyday tasks.
  • Privilege Reduction: Trim down the number of users who have admin rights.
  • Endpoint Protection: Ensure all endpoints throughout the organization are configured with security settings that align with industry standards and that they have the relevant security tools (MDM, EDR, etc.) installed.
  • Zero Trust: Implement zero-trust principles throughout the infrastructure that facilitates a BYOD model for certain use cases.
  • Playbook Enhancement: Enhance incident response playbooks and leverage automation using SOAR products.
  • Secure Design: Actively participate in the design and implementation of applications, services, and infrastructure.
  • Privacy Assurance: Ensure security and privacy design principles are being followed.
  • Incident Lifecycle: Actively participate in all facets of the incident response lifecycle.

11. Infrastructure Security Engineer Roles and Details

  • Platform Security: Design, configure, implement, and maintain all security platforms and their associated software, firewalls, intrusion detection/intrusion prevention, anti-virus, and URL Filtering.
  • Automation Integration: Design, build, and maintain the integration of Automation tools within the Environment.
  • Policy Assessment: Design, review and ongoing assessment of firewall, intrusion detection/intrusion prevention, VPN, IPsec, SSL, application control, Load Balancer, DNS and other network component policies.
  • Ticket Resolution: Daily triage and update/resolution of tickets generated by the CRM ticketing system and respond to inbound phone and electronic requests for technical assistance.
  • Security Auditing: Ensure network security best practices are implemented through auditing, firewall configurations, load balancer configuration, DDI, NAC, change control, and monitoring.
  • Documentation Standards: Follow project management methodology and demonstrate best practices in network documentation.
  • Customer Management: Manage situations in a professional and courteous business manner with an emphasis on customer satisfaction.
  • Status Communication: Timely keeping the customer abreast of expectations, problem status and completion.
  • Security Coordination: Liaise between engineering and other departments on security-related items.

12. Infrastructure Security Engineer General Responsibilities

  • Security Administration: Administer Azure Security Center, Google Security Command Center, O365 security portal, Microsoft Endpoint Management Security Firewall policies, Carbon Black endpoint detection and response and seek improvements on a continuous basis.
  • Infrastructure Protection: Ensure 100% of JCI compute infrastructure is protected by GIS security tools.
  • Policy Development: Develop policies for endpoint detection and response that minimize the threat surface while allowing business applications to function correctly.
  • Automation Integration: Collaborate with GIS teams to develop and implement automations using platform APIs and XSOAR capabilities.
  • Threat Reporting: Report possible threats or software issues, research weaknesses and find ways to counter them.
  • Technology Alignment: Understand software, hardware and internet needs while adjusting them according to JCI’s business environment.
  • Security Standards: Implement best practices and security standards for the organization.
  • Sensor Deployment: Participate in security agent and sensor testing and deployment.
  • User Support: Assist fellow employees with cybersecurity, software, hardware, or IT needs.
  • Project Participation: Participate in special projects.

13. Infrastructure Security Engineer Essential Functions

  • Infrastructure Development: Responsible for crafting and building security infrastructure.
  • System Support: Support a variety of high-demand systems, robotics and automation systems.
  • Security Expertise: Use a solid understanding of authentication protocols, core network and system security principles, along with an up-to-date understanding of modern attack patterns and methods.
  • Tool Security: Drive security into the tools used by Amazonians every day.
  • Data Analysis: Draw heavily on experience collecting, analyzing, and summarizing data from a variety of sources to create compelling written and verbal communications.
  • Security Evangelism: Responsible for evangelizing security within Amazon and being an advocate for customer trust and customer promise.
  • Risk Consulting: Advise and consult with internal customers on risk assessment, threat modeling, and vulnerability remediation­­.
  • Fulfillment Security: Responsible for evangelizing security within Amazon Fulfillment Technology and being an advocate for customer trust and customer promise.
  • IR Support: Support Incident Response Team with tooling and data.
  • Risk Assessment: Perform design reviews and risk assessments.

14. Infrastructure Security Engineer Roles and Details

  • Laptop Provisioning: Set up Laptops for new hires with images that are standardized for security, and build.
  • Hardware Management: Plan and manage the installation, upgrade, repair, movement, and replacement of desktops, laptops, servers and peripherals.
  • Endpoint Security: Deploy Laptop and device security with applications such as CrowdStrike, VMWare Air Watch, and other endpoint backups and Security.
  • Desktop Support: Help to manage all desktop, laptop, audiovisual and other related hardware and software support activities in a corporate office environment.
  • User Support: Provide resolution/escalation/tracking of requests for desktop support via phone, and at the customer's desk.
  • Executive Reporting: Prepare and concisely present the status of department programs to the executive management team, including ongoing and regular collaboration with the IT Leadership.
  • Cyber Strategy Execution: Responsible for executing the Cybersecurity strategy.
  • Security Operations: Work on Processes, Policies and implement security tools, including the implementation of Security Monitoring and Incident response service.
  • Email Protection: Manage Email Security with Mimecast and other 24/7 security operations activities.
  • Infrastructure Execution: Execute IT enterprise infrastructure, including network (including WAN, LAN, Wireless, SDWAN, switching, routing, VPNs and firewalls), compute, storage, virtualization, database, directory, authentication, monitoring, identity, access and remote access services.
  • Technical Troubleshooting: Perform problem diagnosis on hardware, operating system, and/or applications.

15. Infrastructure Security Engineer Job Summary

  • Hardware Support: Perform hardware and peripheral installations and troubleshoot problems.
  • File Management: Manage file systems and disk space.
  • Virus Protection: Manage the Virus protection system and update virus definitions on a routine basis.
  • Process Documentation: Develop and document technical processes and procedures.
  • Status Reporting: Report project status weekly for non-recurring efforts to management.
  • Network Troubleshooting: Troubleshoot, fix and resolve network connectivity issues related to workstations and servers.
  • Configuration Changes: Perform configuration changes to both hardware and software.
  • System Restoration: Restore the system to a functioning state and gain customer concurrence for problem resolution.
  • Remote Support: Resolve network/telecommunications-related issues with remote users, escalate to a higher level.
  • Customer Communication: Maintain contact with customers until issues have been resolved.
  • IT Tasking: Performs other IT job-related tasks as assigned by IT Management.

16. Infrastructure Security Engineer Duties

  • Architecture Planning: Participate in security architecture planning for both on-premises and cloud-based solutions.
  • Technical Advising: Provide expert advice to technical teams (such as Infrastructure and corporate IT).
  • Security Expertise: Act as an Information Security subject matter expert.
  • Risk Assessment: Conduct security threat and risk assessments on a regular basis.
  • Risk Interpretation: Support the interpretation of risk assessment results.
  • Task Prioritization: Work with team's technical teams on the assessment and prioritization of security-related tasks.
  • Incident Response: Participate in the incident response team.
  • Control Operations: Design, Build and Operate key security controls and platforms such as Endpoint Security, Cloud Security, Internet and Network Security and Email Security solutions.
  • Project Leadership: Lead security projects and initiatives.
  • Best Practices: Improve the adoption of security best practices across the organization.
  • Vendor Management: Manage relationships with security vendors and partners.

17. Infrastructure Security Engineer Overview

  • Strategy Implementation: Implement and maintain security strategies.
  • Security Auditing: Participate in infrastructure security audits, whether performed by the organization or third-party personnel.
  • Automation Scripting: Automation via a scripting language (Python, Bash, Go, etc).
  • Architecture Evaluation: Evaluate current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvements.
  • Goal Execution: Implement infrastructure security goals and new programs effectively, while working with other teams within the organization.
  • Ops Collaboration: Assist the greater Technical Operations organization in completing tasks such as system maintenance/upgrades, tool development and workflow design from an infrastructure security perspective.
  • Secure IaC: Recommend and implement secure infrastructure as code solutions for cloud databases, secrets storage, Kubernetes clusters, and code deployment pipelines.
  • AWS Security: Contribute to the security posture of a multi-AWS account architecture.
  • Cloud Remediation: Verify and rectify vulnerabilities and security misconfigurations of cloud infrastructures and workloads.
  • Access Control Design: Design and build solutions that give engineers the specific access they need to do their jobs, with safe-by-default guardrails.

18. Infrastructure Security Engineer Key Accountabilities

  • Patch Management: Develop and implement consistent and automated patch management in concert with systems teams.
  • Kubernetes Controls: Develop and implement network and process controls for Kubernetes environments.
  • SIEM Support: Assist Incident Response Team with SIEM engineering tasks.
  • On-Call Backup: Provide backup on-call support to the Incident Response team.
  • Technology Evaluation: Evaluate or create new technologies and services in order to solve complex security issues.
  • Design Reviews: Perform design reviews and risk assessments for new production instance configurations.
  • System Hardening: Improve the security of production systems.
  • Change Review: Review changes to the infrastructure and application for potential security impact.
  • Security Assessments: Conduct regular security assessments of Vimeo’s infrastructure and provide red team services to the organization.
  • Security Automation: Focus on automation, tooling, and delivery of industry-leading security tools.

19. Infrastructure Security Engineer Tasks

  • Control Implementation: Design, architect, and implement defensive security controls across endpoints, servers, and SaaS/self-hosted web applications.
  • Security Expertise: Provide security domain expertise on protective controls, including system, network, encryption, and authentication services.
  • Team Collaboration: Collaborate with development and engineering teams to improve security for their applications and systems.
  • Platform Evaluation: Perform security evaluations and research on new platforms, products, architectures, vendors, and services.
  • Cross-Team Work: Work closely with other members of SRE, Information Security, and development teams.
  • Defense Improvement: Drive lasting improvements to NetEnt's defense posture.
  • Security Guidance: Provide security guidance on a constant stream of new backend/core infrastructure and technologies.
  • Initiative Leadership: Take a leadership role in driving internal security and privacy initiatives.
  • Threat Response: Analyze, assess, and respond to various internet threats.
  • Community Engagement: Interact directly with the security community regarding infrastructure security vulnerabilities and threats.
  • Threat Modeling: Conduct regular threat modeling assessments and specialize in zero-trust infrastructure concepts.

20. Infrastructure Security Engineer Accountabilities

  • Secure Solutions: Recommend and implement secure solutions for secrets storage, code deployment, traffic and networking, etc.
  • AWS Management: Manage and secure multi-AWS account architecture.
  • Kubernetes Security: Lock down Kubernetes clusters.
  • Container Security: Work on container scanning, network and pod security policies, a mTLS service mesh, and other efforts.
  • Access Control: Build solutions that allow engineers to have the access they need to do their jobs, with safe-by-default guardrails.
  • Policy Enforcement: Build automation and monitoring to enforce security policies and detect threats.
  • Security Advocacy: Evangelize security best practices across the company.
  • Cloud Infrastructure: Build enterprise-grade secure cloud infrastructure and policies to protect Loom networks and systems.
  • Risk Mitigation: Design and develop frameworks, tools, and best practices to protect and mitigate any forms of risk.
  • Compliance Support: Work with the compliance and governance teams to implement compliance and security requirements.
  • Program Management: Help manage pen testing and bug bounty program.
  • Team Mentorship: Lead and mentor other engineers and evangelize security practices to foster a culture of security companywide.
Relevant Information
What Does An Infrastructure Engineer Do?