Cybersecurity Engineer

Berkeley Research Group provides independent advice, data analytics, authoritative studies, expert testimony, investigations, and regulatory and dispute consulting to Fortune 500 corporations, financial institutions, government agencies, major law firms, and regulatory bodies around the world. BRG experts provide sophisticated economic, financial, and analytical advice across a wide range of disciplines, including antitrust and competition policy, complex damages, construction, finance, healthcare, intellectual property, restructuring, valuation, and workforce issues. In addition, the firm assists clients in major industry sectors with compliance, business process improvement, and strategy consulting.   The position will be responsible for the design, implementation, maintenance, and optimization of BRG’s Firewalls and Cloud Security.  An overall emphasis on perimeter network security configuration as it applies to all endpoints on and connecting to the BRG Network to ensure the security of BRG’s employees for both on-prem and cloud services through a Zero Trust approach. This role will be responsible for building and managing Cloud and Firewall security policies and securing access to BRG resources worldwide.  A proven cross-disciplinary skillset would be required to efficiently collaborate with Security, Systems and Network teams on large scale projects.  Key Responsibilities: 

• Lead the administration, configuration, and lifecycle management of all corporate firewalls, including Palo Alto Networks firewalls and GlobalProtect VPN. 
• Manage security infrastructure projects from design through implementation, documentation, and support. 
• Identify and implement improvements to enhance performance, reliability, and scalability of perimeter and cloud security infrastructure. 
• Collaborate cross-functionally with Security, Networking, and Systems teams to ensure secure and efficient connectivity across the organization. 
• Maintain and troubleshoot core security systems including firewalls, IDS/IPS, VPN gateways, vulnerability scanners, SIEM platforms, and security monitoring tools. 
• Diagnose and resolve system and network issues, working across teams to remediate security-related disruptions or performance problems. 
• Research, evaluate, and test emerging technologies, security products, and industry services; maintain current awareness of the global threat landscape and evolving adversary techniques. 
• Act as an escalation point for high-impact security incidents, support tickets, and on-call operational issues. 
• Collect, analyze, and present key security metrics and dashboards to support risk-informed decision-making. 
• Conduct proactive threat hunting activities and support risk investigation efforts across endpoints, networks, and cloud environments. 
• Participate in and contribute to recurring risk assessments and internal security posture reviews. 

Qualifications and Experience:

• 5+ years of experience in Network and Security Engineering, with a focus on enterprise-scale infrastructure. 
• In-depth expertise with Microsoft security platforms including Azure AD Conditional Access, Microsoft Defender for Endpoint/Cloud, Microsoft Sentinel, and Microsoft Purview. 
• Strong understanding of Zero Trust principles and cloud security best practices across hybrid environments. 
• Hands-on experience designing, implementing, and supporting network architectures in both traditional on-prem and Azure-based infrastructures, including virtual networks, network security groups (NSGs), subnets, ExpressRoute, and VPNs. 
• 3+ years of experience with secure deployment, management, and migration of cloud and on-prem platforms in a hybrid network model. 
• Proficient in LAN/WAN routing, switching, VLANs, and core protocols such as DNS, DHCP, HTTP/S, SNMP, NetFlow, and TACACS. 
• Hands-on experience with Palo Alto Networks firewalls and VPN appliances (including GlobalProtect). 
• Experience working with or alongside Security Operations Center (SOC) or Network Operations Center (NOC) teams, including managed service providers. 
• Strong understanding of identity and access management (IAM), including multi-factor authentication (MFA) and protocols such as SAML, OAuth2, and Kerberos. 
• Working knowledge of authentication platforms and directory services (e.g., Active Directory, Azure AD). 
• Familiarity with industry regulations and frameworks such as SOC 2, ISO/IEC 27001/27002, HIPAA, and HITRUST. 
• Strong cross-platform systems knowledge, including Windows Server, Windows 10/11, and macOS environments. 
• Familiarity with endpoint management and compliance enforcement tools. 
• Basic scripting or automation experience (PowerShell, Bash, or Python) is a plus. 
• Excellent verbal and written communication skills, with the ability to translate complex technical topics for non-technical audiences. 
• Strong problem-solving mindset with a focus on identifying improvements beyond current operational limitations. 
• Highly organized, with the ability to manage multiple priorities and project timelines. 
• Ability to see beyond constraints of the existing environments and identity opportunities for improvement.

• Strong organizational ability.

#LI-RT1