As a member of the Cooper’s Hawk Information Security Team, the Information Security Engineer – Application, Cloud, and Infrastructure Security will be responsible for protecting our enterprise systems and hybrid infrastructure including Azure, Oracle Cloud, Salesforce, and our on-premises environments.   This role focuses on securing systems, applications and services that support our business from the wine club, restaurant, website, mobile apps and the point-of-sale (POS). You’ll help implement security best practices across cloud and on-prem platforms, ensuring data protection, regulatory compliance, and resilience against modern threats.   You’ll collaborate with teams across Applications, Data & Digital and infrastructure & Operations to embed security into the fabric of our technology ecosystem.   What You’ll Do: Design, implement, and maintain security controls across Cooper’s Hawk’s hybrid infrastructure, with a strong focus on Microsoft Azure, Oracle Cloud (ERP, Simphony POS), and Salesforce Commerce Cloud, ensuring secure configurations and minimal attack surface. Develop and maintain secure configuration standards for cloud services, with a focus on Azure. Engineer and manage security tooling across cloud and on-prem environments, including Microsoft Defender for Endpoint, Defender for Identity, Cisco VPN, Meraki firewalls, and Cloudflare WAF. Integrate security into the SDLC by embedding SAST, DAST, and SCA tools into GitHub and CI/CD pipelines, promoting secure coding through threat modeling and code reviews. Strengthen APIs and customer-facing applications, including those on Salesforce Commerce Cloud, using best practices. Administer and fine-tune Cloudflare WAF policies, bot mitigation, and access rules to protect against OWASP Top 10 threats, credential stuffing, and scraping attempts. Secure the restaurant technology environment, including Oracle Simphony POS and handheld/mobile devices. Ensure compliance with PCI-DSS 4.0 through segmentation, endpoint protection, and logging. Support identity and access controls across Azure Entra ID and on-prem Active Directory, including Conditional Access Policies, Role-Based Access Control (RBAC), Just-In-Time (JIT) access, and MFA enforcement. Monitor and respond to security threats by tuning detections, supporting investigations, and coordinating incident containment and recovery in collaboration with MDR and SOC teams. Conduct regular threat modeling, risk assessments, and architectural security reviews, especially for new cloud deployments and integrations. Perform and support regular vulnerability assessments and penetration testing, ensuring remediation is prioritized based on risk and tracked to closure. Lead and participate in security projects, including PCI-DSS audits, NIST CSF 2.0 alignment and cloud security posture improvements. Continuously research emerging threats, CVEs, and TTPs, maintaining defenses and detection rules accordingly to stay ahead of the threat landscape. What You’ll Need: Bachelor’s degree in information security, Computer Science, or a related field – or equivalent practical experience. 5+ years of progressive experience in infrastructure and application security within hybrid (on-prem and cloud) environments. Technical expertise with Windows Server and Desktop platforms, including Active Directory and Entra ID; solid understanding of core networking concepts such as DNS, TCP/IP, VLANs, and VPNs. Proven experience with enterprise security tools, including EDR, IPS, IAM, DLP, and vulnerability management platforms. Strong knowledge of cloud security best practices, with hands-on experience securing services in Azure and/or AWS. Advanced understanding of application security principles, including the OWASP Top 10, secure SDLC practices, and securing APIs and web applications. Experience integrating security into DevOps pipelines and managing cloud-native security controls, WAFs, API gateways, and bot protection solutions. Familiarity with Salesforce security configurations and securing SaaS platforms. Hands-on experience with SIEM, IDS/IPS, endpoint protection, firewalls, and security monitoring tools. Working knowledge of key compliance and risk frameworks, including PCI-DSS, NIST CSF, and SOX/ITGC. Strong communication, collaboration, and problem-solving skills with the ability to work across technical and business teams. Ability to design, implement, and maintain security controls aligned with cloud and enterprise best practices. Preferred Qualifications Industry-recognized security certifications (e.g., CISSP, CISM, CRISC, CCSK, or relevant cloud/security certifications). Experience in the hospitality, restaurant, or retail industry. Familiarity with DevSecOps principles and secure CI/CD integration. Compensation Range:  Compensation range is $120,000-$150,000/year. The final offered salary will be based on several factors, including but not limited to the candidate’s depth of experience, skill set, qualifications, and internal pay equity.   What You’ll Get:   Incredible Discounts: Monthly Dining Allowance 50% Dining and Carryout 40% Retail Wine 20% Retail and Private Events Monthly Complimentary Wine Tasting for Two Medical, Prescription, Dental, Vision Insurance plus Telemedicine and Wellness Program Company Matching 401(k) Retirement Savings Plan Flexible Savings Accounts- Health and Dependent Care Health Savings Account Long-Term Disability; Voluntary Short-Term Disability Basic Life and AD&D Insurance (with option to purchase additional coverage) Paid Parental Leave Highly Competitive Pay plus Team Member Incentives & Rewards Paid Time Off Milestones Recognition Program Complimentary Gym Membership in RSC Building Hybrid Work Week (3 days in office, 2 days remote, depending on role) Cooper’s Hawk is an equal opportunity employer.   All qualified applicants are considered for employment without regard to the person ’s race, color, religion, national origin, sex, sexual orientation, age, marital status, veteran status, disability, or any other characteristic protected by applicable law. Cooper ’s Hawk makes reasonable accommodations during all aspects of the employment process, including during the interview process.    The information provided above indicates the general nature and level of work required of the position and is not a comprehensive list of all responsibilities or qualifications. The Benefits list is only a highlight of some of the benefits offered to team members; eligibility for certain benefits apply. About Us Cooper's Hawk Winery & Restaurants was created with the inspiration of bringing the Napa Valley experience to all of America, by combining an elegant tasting room with a polished casual restaurant and scratch kitchen. Cooper's Hawk wines have won hundreds of awards and are the Official Wines of the Screen Actors Guild® Awards. We are built upon the belief that food and wine hold the power to forge a COMMUNITY, and with the world's largest wine club membership, we are paving the way to democratizing the good life!