Network Security Engineer

We are seeking a highly skilled Network Security Engineer to join our dynamic cybersecurity team and support our hybrid datacenter and cloud infrastructure initiatives. The successful candidate will bridge the gap between enterprise LANs and emerging private and public cloud implementations, ensuring consistent integration, security, regulatory requirements, and optimization across our hybrid datacenter and cloud environments.

Primary Accountabilities

Technical (80%)

• Incident Response: Collaborate with the incident response team as part of the CSIRT (cyber security incident response team) to support DFIR operations

• Monitoring: Monitor the usage, performance and availability of the network security infrastructure and services.

• Security: Support the overall architecture, design, implementation and compliance efforts for effective network security.

• Design:  Maintain a comprehensive understanding of network technologies, solutions and concepts, including but not limited to routing, firewalls, network monitoring and management.

• Configure: Consult on the secure design of  virtual networks, subnets, VNets, and peering configurations. 

• Administration: Monitor and troubleshoot for security impact on network performance and connectivity issues.

• Compliance: Ensure compliance with network security best practices and organizational policies.

• Integration: Collaborate with cross-functional teams to deliver scalable and efficient network security solutions.

• Documentation: Document network configurations, processes, and procedures

• Policy Contribution: Collaborate with policy stakeholders to develop and enforce cloud networking governance policies and standards. 

• Training and Support: Support training initiatives for end-users and other IT staff on network security standards and maturity development. 

• Continuous Improvement: Stay current with industry trends and advancements in networking technologies. Recommend and implement improvements to enhance the security and efficiency of the networking infrastructure and architecture

• Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Telecommunications or a related field

• Certifications: One or more of the following: CCNA, CCNP, CCIE, Azure Network Engineer Associate, Azure Solutions Architect, AWS Certified Advanced Networking Specialty, AWS Certified Security Specialty, Google Cloud Professional Cloud Network Engineer, GNFA, GAWN

• Experience: 

  • Strong knowledge of hybrid cloud and datacenter networking concepts and network interconnectivity

  • 5 to 7 years of technical hands-on networking and security experience

  • A solid background in network administration and architecture, and an in-depth understanding of communication protocols and routing protocols (e.g., BGP, OSPF)

  • Strong understanding of network security principles and best practices

  • Experience using threat intelligence (CTI) and attacker tactics, techniques and protocols (TTP) (like MITRE ATT&CK and/or D3FEND) to inform architecture, design and configurations

  • Familiarity with access control models, network security, and segmentation.

  • Ability to write code in common programming languages, e.g. Python

  • Experience with routers, switches, firewalls, VPN, netflow, and other network security tools

  • Strong analytical and problem-solving skills with an ability to assimilate, analyze, and correlate large amounts of forensic data from various network and security devices, logs, and alerts

  • Experience in handling networking and security for a large enterprise network or service provider network

  • Experience in industry standards that are relevant to our line of business, such as NIST CSF, ISO 27001, Health Insurance Portability and Accountability Act (HIPAA), HITRUST, Payment Card Industry Data Security Standard (PCI DSS)

  • 2+ years security monitoring and/or incident response experience

  • Infrastructure as Code (IaC) experience with terraform, ansible, AWS CloudFormation or similar.

  • Proficiency in designing, implementing, and maintaining  network IDS/IPS, Application Gateways, and Firewall appliances.

  • Proficiency implementing and tuning network detection rules, such as Zeek/Bro, Snort, and Suricata.

  • Experience with VPN Gateway and remote access configuration and hardening.

  • Strong understanding of DNS, DHCP, routing, and IP addressing in cloud environments.

  • Familiarity with tools like Azure Monitor, AWS CloudWatch and/or GCP Network Intelligence Center.  

  • Experience in Wireless and RF network security hardening and assessment.

  • Experience with DNS security and hardening.

Project Management (20%)

• Work with IT shared services, DevOps and application development teams to ensure secure network architecture and configuration

• Educate and train engineering and IT teams.

• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.

Individual Competencies:

• Integrity: Gains the trust of others through a strong commitment to security, compliance, taking responsibility for your own actions and telling the truth. 

• Teamwork: Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.

• Adaptable: Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.

• Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.

• Curious: A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.

• Analytical and Critical Thinking:  Ability to tackle a problem by using a logical, systematic, sequential approach.

• Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.

We are an Equal Opportunity Employer, including disability/vets.