Data Systems Analysts, Inc.

Position Overview

Kurv is executing a fundamental digital transformation, moving from legacy monolithic systems to a resilient, cloud-native enterprise leveraging AWS and Databricks.

We are seeking a Senior Infrastructure & Security Engineer to join our team as a full-time, permanent stakeholder. This role is for a long-term owner who will bridge the gap between our robust on-premise networking foundation and our future cloud state. Your primary responsibilities include the expert operational management of our newly established SQL Server High-Availability (HA) Cluster, the maintenance of our Cisco and Palo Alto networking core, and the ongoing build-out of our AWS Landing Zone.

Key Responsibilities

1. Networking & Hybrid Connectivity (Physical & Cloud)

● Core Network Management: Maintain and optimize the existing physical network stack, including Cisco, PaloAlto, and Brocade networking equipment

● Perimeter Security: Manage Palo Alto firewalls, ensuring all inter-VLAN and inter-company traffic is scanned and secured.

● Connectivity Resilience: Oversee internet circuits and connectivity for the organization.

● Hybrid Integration: Implement and govern AWS Transit Gateway and Direct Connect (or IPsec VPN tunnels) to ensure seamless, secure communication across our hybrid environment.

2. SQL HA Cluster Operations (Mission Critical)

● Operational Ownership: Serve as the primary owner for the newly created SQL Server HA environment, managing Windows Failover Clustering and Always On/Basic Availability Groups.

● Performance Optimization:
Maintain a working understanding of performance characteristics within a high-utilization SQL Server environment, including memory configuration, tempDB structure, and index health, to support troubleshooting and prevent resource saturation.

● Licensing & RPO: Manage SQL Server licenses with Software Assurance (SA) and conduct regular failover drills to guarantee zero data loss (Zero RPO) for our payments business.

3. Cloud Architecture

● Infrastructure as Code (IaC): Maintain and expand our "Zero-Touch" production environment using Terraform to manage all AWS and Databricks resources.

● Landing Zone Governance: Govern the AWS Organization through Control Tower and Service Control Policies (SCPs) to ensure multi-account security.

● FinOps: Monitor real-time cloud spend; enforce mandatory tagging for departmental showback and manage auto-shutdown scripts for non-prod environments.

4. Security, Identity & PCI Compliance

● PCI-DSS 4.0 Compliance: Lead the technical maintenance of strict network segmentation and isolation for PCI-scoped systems.

● Identity-Based Perimeter: Maintain AWS IAM Identity Center and Databricks Unity Catalog to enforce granular, identity-based access.

● Threat Management: Drive remediation of security findings (e.g., XSS, NTLMv2) and monitor real-time events via Splunk and AWS Security Hub.

5. Backup & Recovery Architecture (Enterprise Resilience)

● Air-Gapped Data Protection: Maintain and manage enterprise backup operations using Veeam, ensuring secure, immutable backups within an air-gapped architecture to protect against ransomware and catastrophic data loss.

● Recovery Assurance: Validate backup integrity through routine restore testing and verification procedures to support business continuity, disaster recovery objectives, and regulatory compliance requirements.

● Operational Governance: Monitor backup job health, retention policies, and storage lifecycle management to ensure consistent protection across on-premise and hybrid workloads.

Required Qualifications

● 7+ years of enterprise experience in infrastructure, networking, and security.

● Networking Mastery: Advanced hands-on experience with Cisco switching/routing and Palo Alto firewall administration.

● SQL Clustering Expertise: Proven experience managing multi-node production SQL Server clusters (HA/DR).

● AWS & IaC: Hands-on experience with AWS core services and Terraform for multi-account environments.

● Practical PCI Experience: Proven track record of supporting and passing audits in PCI-compliant environments.

● Hybrid Systems Knowledge: Strong background in VMware vSphere and Windows Server (AD/GPO).

Valuable Certifications

The following certifications are highly desired for this permanent role:

● Networking & Security:

○ CCNP (Routing and Switching) or PCNSE (Palo Alto Networks Certified Network Security Engineer)

○ PCI Professional (PCIP) or Internal Security Assessor (ISA)

○ CISSP or CISM

● Cloud & DevOps:

○ AWS Certified Solutions Architect – Associate (SAA-C03)

○ HashiCorp Certified: Terraform Associate

○ AWS Certified Security – Specialty

○ FinOps Certified Practitioner (FCP)

What We’re Looking For

• A Full-Time Stakeholder: Someone who wants to take long-term pride in Kurv’s stability.
• The "Bridge" Engineer: Someone comfortable configuring a physical Cisco switch one hour and writing Terraform for an AWS Transit Gateway the next.
• Knowledge Capture: A willingness to collaborate with subject matter experts to translate deep institutional and technical knowledge into automated, scalable cloud patterns.

Pay: From $90,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Work Location: Hybrid remote in Cleveland, OH 44113