IT Security & Infrastructure Engineer
Location: Mumbai |
Employment Type: Full-time, on-site |
Travel: Occasional, for new site deployments
Role Overview
We are seeking a hands-on IT Security & Infrastructure Engineer to manage and secure our day-to-day IT environment, while growing alongside us as we mature our security and compliance program. The organization is actively pursuing
ISO 27001:2022 and
SOC 2 certification, operates across
Azure and AWS, and runs a synchronized multi-firewall setup.
This is a genuine growth role. The successful candidate will begin with hands-on responsibilities across endpoints, firewalls, network infrastructure, and end-user support — and progressively take on broader cloud networking, multi-firewall management, and compliance support. We are looking for someone with practical early-career experience who aspires to grow into a Security Engineer or Cloud Security role, rather than remain in pure operations.
The role is intentionally varied: a single day may involve resolving an end-user issue, configuring a site-to-site VPN tunnel to an Azure VNet, and travelling to a new office to set up server and network infrastructure. Breadth and adaptability are core to the position.
Our Environment
Technology Stack
AreaTools and Platforms Security Next-gen firewall, XDR, and VPN platforms (e.g. Sophos, Fortinet, Palo Alto) Endpoint Management Unified endpoint management tools (e.g. ManageEngine, Intune, SCCM) Mobile Device Management MDM platforms for iOS and Android patching, policy enforcement, and remote control Network Managed L2 switches and enterprise APs (e.g. TP-Link, EnGenius, Ubiquiti) Endpoints Windows, macOS, iOS, and Android Access Control Biometric devices (e.g. ESSL, Matrix, or equivalent) Identity Microsoft Active Directory Cloud Azure and AWS virtual networks, linked to on-premise infrastructure
Current Operating Posture
- Multi-firewall synchronized configuration (HA and multi-site)
- Azure and AWS virtual networks linked to on-premise firewall via IPSec site-to-site VPN
- ISO 27001:2022 ISMS implementation underway
- SOC 2 readiness and audit support in progress
- Periodic new office and server room rollouts as the business expands
Key Responsibilities
End-User Support
- Troubleshoot day-to-day Windows and macOS issues, including boot problems, profile corruption, application crashes, performance issues, and update or driver glitches
- Resolve common end-user concerns across Office productivity tools, Wi-Fi, printer setup, VPN access, password resets, and OneDrive/SharePoint
- Provide basic support for the iOS and Android mobile fleet
- Handle hardware-level tasks such as RAM/SSD upgrades, peripheral setup, and docking stations
- Maintain a disciplined ticketing rhythm — log, prioritize, resolve, and document
Endpoint and Asset Management
- Manage the endpoint fleet through a unified endpoint management platform for patch management, software deployment, asset tracking, and remote troubleshooting
- Execute Windows and macOS patch cycles end-to-end
- Enroll new machines into the Active Directory domain and apply baseline GPOs and security policies
- Manage user onboarding and offboarding cleanly
Mobile Device Management
- Administer the MDM platform for iOS and Android devices — enrollment, policy enforcement, and remote control
- Run mobile OS patch management through the MDM platform — schedule, deploy, and verify OS and app updates across the mobile fleet
- Enforce baseline mobile security policies — passcode requirements, encryption, app restrictions, and remote wipe readiness
- Track mobile device compliance and remediate non-compliant devices
Security Stack Administration
- Perform day-to-day firewall administration — rules, NAT, web filtering, traffic shaping, and log review
- Configure and monitor VPN services — site-to-site tunnels and remote-access connectivity
- Use the XDR / endpoint security console to triage alerts, investigate incidents, and document findings
- Help maintain the synchronized multi-firewall configuration, ensuring rules and policies remain in sync across devices
Cloud Networking (Azure and AWS)
- Configure and manage Azure Virtual Networks and AWS VPCs at a moderate level — subnets, route tables, NSGs / security groups
- Build and maintain IPSec site-to-site tunnels between cloud VNets/VPCs and the on-premise firewall
- Support hybrid connectivity, basic cloud identity, and resource access controls
Network Infrastructure
- Configure managed switches — VLANs, port settings, and basic Layer 2 operations
- Deploy and manage enterprise access points, including SSID configuration, wireless security, and coverage troubleshooting
- Diagnose and resolve end-to-end LAN/WAN connectivity issues
Server Setup and New Site Rollouts
Cross-functional collaboration with the Operations team
- Plan and execute the IT scope for new locations — cabling layout, switch and AP placement, firewall provisioning, and Wi-Fi coverage planning
- Rack, stack, and configure new server hardware; install operating systems, baseline configurations, and security tooling
- Establish domain connectivity, VPN links to HQ, endpoint enrollment, and biometric access at new sites
- Coordinate with ISPs, electricians, AMC partners, and equipment vendors throughout the rollout
- Prepare site readiness checklists, IT bills of quantity, and post-deployment documentation
- Be available for on-site work, including occasional evenings or weekends during cutover windows
Compliance and Governance (ISO 27001:2022 and SOC 2)
- Help implement and maintain technical controls aligned with ISO 27001:2022 Annex A and SOC 2 Trust Services Criteria
- Collect and maintain audit evidence — configurations, logs, change records, and access reviews
- Support internal audits, gap assessments, and external auditor engagements
- Maintain policies, runbooks, SOPs, asset registers, and risk treatment documentation
- Conduct periodic access reviews and firewall rule audits
Physical Access and General Operations
- Manage biometric access control devices — enrollment, data sync, and basic troubleshooting
- Coordinate with vendors and OEM support partners for escalations
- Contribute to security awareness initiatives across the organization
Candidate Profile
Must Have
- Practical hands-on IT, infrastructure, or security operations experience
- Confident troubleshooting on both Windows and macOS at the end-user level
- Working experience with a unified endpoint management platform (such as ManageEngine Endpoint Central, Intune, or SCCM) for patch management, software deployment, and asset tracking
- Working experience with an MDM platform for iOS and Android, including mobile OS patch management, policy enforcement, and device compliance tracking
- Hands-on with Active Directory — domain join, GPO basics, and user/computer object management
- Practical exposure to firewall administration — rule configuration, NAT, and VPN setup (experience with any major vendor acceptable; Sophos, Fortinet, Cisco, or Meraki)
- Strong networking fundamentals — TCP/IP, DNS, DHCP, VLANs, NAT, routing, and wireless concepts
- Comfortable with physical and hardware work — racking, basic cabling, and on-site deployments
- Bachelor's degree in Computer Science, Information Technology, Electronics, or a related discipline; or a diploma supported by equivalent practical experience
Strong Plus
- Direct experience with an integrated security ecosystem (firewall + XDR + VPN from a single vendor)
- Cloud networking exposure — Azure VNets or AWS VPCs, NSGs / security groups, site-to-site VPN
- Exposure to ISO 27001 or SOC 2 environments, even at a supporting or evidence-collection level
- Prior site-rollout or office-setup experience, including IT scoping, cabling layout, and BoQ preparation
- Vendor-specific firewall or endpoint certifications
- Familiarity with biometric attendance and access control systems
Nice to Have
- CCNA, AZ-104, AZ-500, AWS Certified Cloud Practitioner, or comparable certifications
- Basic scripting (PowerShell, Python, or Bash) for routine automation
- Awareness of SIEM concepts
- ITIL awareness
Personal Attributes
- Practical and curious — prefers learning by doing
- Comfortable as a generalist — willing to specialize over time
- Patient with users — able to explain technical solutions clearly and respectfully
- Hands-on and grounded — willing to handle racking, cabling, and on-site work during rollouts
- Growth-oriented — interested in progressing into cloud security and compliance
- Clear communicator — produces documentation others can use
- Reliable and accountable — someone Operations can count on when a site goes live
Career Growth
Strong performers can progress into roles such as
Senior Security Engineer,
Cloud Security Engineer, or
Information Security Analyst (ISO / SOC 2 lead) as the security function matures.
What This Role Is Not
- Not a pure network engineering role focused on BGP/OSPF or carrier-grade environments
- Not a SOC L1 monitoring-only role
- Not an application security or penetration testing role
- Not a senior or lead position — we are looking for someone hungry to grow, not someone already at the top of their career
- Not a pure helpdesk role — end-user support is one part of a broader scope
