Network Security Engineer

Position Overview 

The Network Security Engineer is responsible for designing, implementing, and maintaining secure network infrastructures that protect the organization's data, applications, and services. This role involves developing and enforcing security policies, monitoring for threats, responding to incidents, and ensuring compliance with industry standards and regulatory requirements. The engineer will work closely with IT, cloud, and cybersecurity teams to enhance the company’s security posture and provide strategic input on emerging threats and technologies. 

Key Responsibilities 

1. Network Security Design & Engineering 

• Architect, deploy, and maintain security infrastructure including firewalls, VPNs, IDS/IPS, NAC, and segmentation technologies. 

• Design secure network topologies, including DMZs, Zero-Trust zones, and micro-segmentation. 

• Implement and support security features on enterprise switches, routers, and wireless solutions. 

• Evaluate new technologies and provide recommendations to improve network security. 

2. Firewall & Perimeter Security Management 

• Manage next-generation firewalls (primarily Palo Alto, Cisco Firepower, FortiGate, Check Point). 

• Configure rule sets, security profiles, threat prevention, URL filtering, SSL decryption, and VPN tunnels. 

• Maintain site-to-site and remote-access VPNs including IKEv1/v2, IPsec, SSL, and S2S failover. 

• Conduct regular firewall audits, cleanup, and policy optimization. 

3. Monitoring, Detection, and Incident Response 

• Monitor network and security logs using SIEM/SOAR tools (e.g., Splunk, Sentinel, Cortex XSIAM). 

• Identify, investigate, and respond to security incidents and anomalous traffic. 

• Participate in root-cause analysis and develop mitigation strategies. 

• Support threat hunting and continuous security improvement initiatives. 

4. Vulnerability & Risk Management 

• Perform vulnerability assessments for network devices and applications. 

• Coordinate patching cycles with IT and operations teams. 

• Document and track remediation efforts and validate fixes. 

• Conduct security risk assessments on new technologies, vendors, or network changes. 

5. Policy, Compliance & Documentation 

• Develop and maintain security policies, standards, and procedures. 

• Ensure compliance with regulatory frameworks (NIST, ISO 27001, CIS, PCI-DSS, NERC-CIP, IEC-62443). 

• Maintain detailed network documentation including diagrams, configurations, inventories, and baselines. 

• Follow proper change management, rule review, and peer approval processes. 

6. Cloud, Automation & Integrations (Preferred) 

• Support Checkpoint Harmony or Prisma Cloud deployments (optional but beneficial). 

• Automate tasks using Ansible, Terraform, or Pan-OS XML API / REST API. 

• Integrate firewalls with logging, PKI, MFA, SD-WAN, or security orchestration tools. 

7. Cross-Team Collaboration 

• Work with network engineers, cloud teams, systems engineers, and DevOps to ensure secure deployments. 

• Provide Tier-3 support for escalated network & network security issues. 

• Participate in change management meetings, architecture reviews, and project planning.