Infrastructure Security Specialist

Thornburg Investment Management•Cuyamungue, NM

About The Position

Thornburg is a global investment firm delivering on strategy for institutions, financial professionals and investors worldwide. The privately held firm, founded in 1982, is an active, high-conviction manager of fixed income, equities, and multi-asset solutions. As an independent firm, Thornburg can take on a wide range of opportunities, explore ideas thoroughly and work across strategies to deliver consistent risk-adjusted outperformance over the long term. The firm attracts free-thinking professionals who are eager to pursue investment outcomes beyond the confines of popular wisdom. From nimble operational capabilities to principles and actions fitting of a global citizen, Thornburg’s world-class investment platform and team are aligned on strategy to serve investors. Job Summary The Infrastructure Security Specialist is a senior technical role responsible for protecting, strengthening, and advancing the security of the organization’s enterprise systems and infrastructure. As a key member of the Infrastructure team, this specialist plays a critical role in ensuring the confidentiality, integrity, and availability of mission-critical platforms and data across on-prem and cloud environments. Approximately 75% of the role is dedicated to enterprise-level security engineering and operations - including enterprise application and OS patching, vulnerability lifecycle management, secure configuration and CIS benchmark implementation, audit log governance, data protection (Purview), network and perimeter defense, incident response, advanced SIEM management, MSSP oversight, and coordination of penetration testing. The remaining 25% focuses on high-level systems administration, including maintaining enterprise infrastructure reliability, developing operational best practices, driving automation and process improvements, supporting recovery and resiliency efforts, and collaborating across IT and business teams to ensure a secure and scalable technology environment. This position requires a seasoned infrastructure security professional who can lead complex initiatives, mature security capabilities across the enterprise, and serve as a trusted technical resource for security, infrastructure, and architecture decision-making.

Requirements

5 - 7+ years of progressively responsible experience in enterprise infrastructure, system administration, and security operations.
Strong experience across Windows Server, Linux, virtualization platforms (VMware/Hyper-V), networking concepts, and cloud services (Azure preferred).
Hands-on experience with SIEM platforms, SOC operations, and MSSP coordination.
Demonstrated expertise implementing CIS Benchmarks, secure configuration hardening, and security controls at scale.
Experience with Microsoft Purview, Defender security suite, and identity/security components within Microsoft 365 and Azure.
Proficiency with vulnerability management tooling, patching orchestration, and security monitoring platforms.
Experience managing enterprise backup/restore systems and recovery planning.
Familiarity with network and perimeter security technologies such as firewalls, IDS/IPS, VPN, SASE/ZTNA, and network segmentation.
Strong scripting abilities (PowerShell required; Python a plus).
Knowledge of security frameworks such as CIS, NIST, ISO 27001, SOC 2, and Zero Trust principles.
Certifications such as CISSP, Security+, CySA+, GSEC, GCIA, GCIH, Azure Security Engineer, or equivalent experience are strongly preferred.
Strong ethical judgement and integrity aligned to financial services and regulatory environments.
Analytical, detail-oriented, and able to manage complex technical environments.
Proactive communicator who collaborates effectively across IT and business functions.
Demonstrates leadership, ownership, and strong follow-through on operational and project work.
Commitment to continuous learning and staying current with evolving security threats and technologies.

Responsibilities

Lead and enhance enterprise-wide server, application, and infrastructure patching programs using Microsoft Endpoint Manager, cloud security services, and vulnerability insights.
Manage and optimize SIEM platforms—including log ingestion pipelines, correlation rules, alert tuning, dashboards, and threat detection logic.
Oversee MSSP relationships, including escalation quality, SLAs, triage accuracy, and continuous service improvements.
Implement, maintain, and enforce secure configuration baselines across enterprise assets, aligned with CIS Benchmarks, NIST CSF, and internal policies.
Administer and strengthen Microsoft Purview data protection controls (DLP, Information Protection, insider risk indicators, data lifecycle governance).
Conduct ongoing vulnerability scanning, reporting, remediation follow-up, and risk-based prioritization.
Manage enterprise audit log architecture - collecting, normalizing, storing, and reviewing logs from servers, applications, network devices, cloud systems, and security tools.
Participate in and often lead incident response activities, including triage, containment, remediation, documentation, and lessons learned.
Support and monitor network and perimeter security systems (firewalls, IDS/IPS, secure gateways, VPN, Zero Trust controls).
Coordinate internal and external penetration testing, ensure remediation validation, and maintain risk tracking for findings.
Provide advanced technical guidance on secure system architectures, hardening standards, identity and access controls, and privileged access workflows.
Support the development and enhancement of automation and infrastructure-as-code approaches to improve security consistency and repeatability
Provide senior-level administration of enterprise infrastructure including servers, virtualization platforms, storage systems, cloud services, and related technologies.
Identify process improvement opportunities within Infrastructure Services and help implement automation using scripting (PowerShell, Python, etc.).
Develop and maintain documentation, architectural diagrams, recovery procedures, and operational runbooks.
Support business continuity and disaster recovery efforts, including backup oversight, restoration testing, and data resiliency planning.
Assist with complex infrastructure incidents, change implementations, upgrade cycles, and cross-team operational support during peak periods or staff absences.
Collaborate with team members to ensure a reliable, secure, and high-quality systems environment for the organization.
Participate in enterprise security and infrastructure projects from design through execution.
Coordinate with vendors and partners for troubleshooting, architecture guidance, managed services, and escalated support.
Work closely with cybersecurity, application development, compliance, governance, audit, and business units to align enterprise security posture with organizational strategy.
Participate in the Infrastructure team’s on-call rotation and perform additional duties as assigned.

Benefits

Medical, dental, and vision coverage.
Employer 401(k) safe harbor and profit-sharing contributions.
Work/life programs such as flexible work arrangements, flexible paid time off, paid parental leave, employee assistance plan, commuter benefits, student loan repayment program, education reimbursement program
Community involvement opportunities.
Onsite cafeteria.
Onsite fitness center.
Referral Program.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume