position

Systems Security Engineer I

division/department

Information Technology IT Operations

location

Denver Metro Area (Hybrid)

classification

Exempt

position summary

The Systems Security Engineer is responsible for designing implementing and administering technology solutions that protect CHFAs diverse technology ecosystem including networks servers applications cloud platforms data and endpoints.

Reporting to the Manager of IT Operations this position requires advanced technical expertise in IT infrastructure and security practices. They will work closely with teammates on routine to complex assignments and act as an escalation point for advanced configuration or troubleshooting. The Systems Security Engineer collaborates daily with other teams including Information Security and Application Development to identify technology and security needs develop new solutions optimize or update existing systems and respond to incidents and requests to ensure the reliability performance and security of CHFAs IT environment.

essential responsibilities

• Take a lead role in the design deployment configuration and administration of complex technology systems and procedures in support of CHFAs operational and security goals including firewalls EDR SASE PAM Enterprise DLP and IT Disaster Recovery.

• Participate in the ongoing prevention and mitigation of emerging threats by evaluating and enhancing system configurations remediating vulnerabilities and improving alignment with cybersecurity best practices.

• Collaborate with crossfunctional teams to assess needs evaluate solutions and implement secure technology systems and strategies. This includes a focus on supporting the Information Security team with designing deploying and optimizing securityfocused technologies and assisting them in event or incident responses.

• Act as an escalation point for Help Desk Technicians Systems Administrators and Security Analysts for technical incidents and requests while sharing knowledge of contributing factors or response actions to continue to improve team performance and abilities.

• Perform ongoing system management including evaluating firewall rule design and performance updating security policies in response to new products or features and participating in lifecycle management of servers and appliances.

• Ensure new and existing systems conform to security benchmarks and best practices by evaluating configurations recommending improvements and implementing changes to improve or remediate configuration issues.

• Participate in system administration tasks including updating patching and preventive maintenance of servers appliances or applications.

• Maintain documentation of IT infrastructure and supported systems consisting of system diagrams equipment configurations and audit reports.

• Stay current with emerging technologies trends and industry recommendations and promote corresponding solutions and updates across CHFAs technology ecosystem.

• Coordinate with vendors and managed service providers for advanced technical expertise or assistance with technical tasks and projects as necessary.

• Perform duties and participate in projects as directed by supervisors while contributing to all activities and projects that directly support CHFA in fulfilling its mission.

knowledge skills and abilities

• Proven experience as an Engineer or Administrator with expertise in firewalls encryption endpoint protection data protection intrusion detection systems antivirus software authentication systems log management content filtering and network admission control.

• Strong knowledge of security best practices and frameworks (e.g. NIST SANS Azure WAF etc.

• Indepth knowledge of the latest versions of operating systems (e.g. Windows 11/2025 virtualization and HCI technologies (e.g. Nutanix AHV Prism HyperV Azure Local) and cloud platforms (e.g. AWS Azure Cloudflare).

• Possesses indepth knowledge of the full spectrum of security technologies with the ability to design and administer all components of complex systems such as firewalls (including rule engine SSL decryption advanced threat analysis features etc..

• Familiarity with data protection and DR technologies and methodologies (e.g. snapshot BURA availability zones)

• Knowledge of networking concepts including protocols subnetting zoning access control and monitoring.

• Exemplary critical thinking and problemsolving skills applied at both design and troubleshooting stages.

• Ability to conduct independent research and testing to support incident response system design infrastructure improvements and personal development.

• Demonstrated ability to support and enhance the knowledge of coworkers through effective documentation crosstraining and communication.

• Ability to manage time effectively ensure availability (including occasional nonstandard hours) prioritize work and adapt to evolving business system and security requirements.

• Ability to establish rapport and communicate both orally and in writing in a positive diplomatic and friendly manner to users coworkers and the general staff who may be of a diverse ethnic racial or cultural background.

supported technologies

• • Palo Alto NGFW Wildfire Global Protect

  • SentinelOne Singularity

  • Cloudflare (DNS WAF SASE)

  • Intune Endpoint Privilege Management

  • Rapid7 and MS Sentinel SIEM

  • DLP (Purview Cloudflare Proofpoint)

  • Azure IaaS Sentinel IAM Defender

  • Entra ID PIM Conditional Access

  • Devolutions RDM PAM Gateway

  • Microsoft Windows IIS SQL Server

  • Active Directory GPOs Intune policies

  • Nutanix Cloud Infrastructure

  • Commvault Data Protection

  • Proofpoint Email Security

  • Microsoft Purview

  • Microsoft PKI

  • CIS benchmarks