Security Infrastructure Specialist

We are looking for Security Infrastructure Specialist

Description:
This is a short-term, hands-on implementation project - up to 2 months. 
We're looking for a security engineer who can take our existing platforms and configure them into a coherent, modern security posture. 
You'll work across identity, access control, endpoint verification, credential management, and centralized logging. 
The goal is a properly secured environment with clear documentation that our team can operate independently after handoff.

What You'll Do:
- Configure and harden Google Workspace as our central identity provider, enforcing MFA, tightening admin roles, setting up SSO for supported apps, and establishing a clean offboarding process.

- Replace our current VPN-style access model with Cloudflare Zero Trust, putting identity-aware, device-checked access policies in front of internal resources like our staff portal, Grafana, and admin endpoints. Direct exposure of protected services should be eliminated.

- Deploy lightweight endpoint protection (Microsoft Defender for Business) with a BYOD-friendly approach, verifying device security posture (encryption, screen lock, updates) without fully managing personal machines. Integrate device checks into access policies.

- Set up 1Password (or equivalent), migrate shared credentials into properly structured vaults, and provide usage guidance for the team.

- Stand up centralized log ingestion in Axiom, pulling from Cloudflare, Google Workspace, DigitalOcean, Kubernetes, and other available sources. Configure retention and provide a sample investigation walkthrough so we understand how to use it.

- Deliver configuration documentation, an operational runbook, and admin maintenance instructions at project close.

Requirements:

- Demonstrated experience configuring Google Workspace security controls, SSO, and identity management
- Hands-on proficiency with Cloudflare Zero Trust (Access, Tunnel, Gateway)
- Familiarity with endpoint protection deployment in BYOD environments
- Experience with credential management tooling (1Password or similar)
- Practical knowledge of log aggregation and centralized logging platforms
- Comfort working with DigitalOcean, Kubernetes, and Linux-based infrastructure
- Strong documentation habits, you leave things cleaner and clearer than you found them

Preferred Qualifications:

- Direct experience with Axiom for log ingestion and analysis
- Experience securing environments for small, fully remote teams
- Familiarity with Microsoft Defender for Business deployment and device compliance policies
- Background in OSINT, cybersecurity, or investigative technology platforms
- Powered by Workable