Network Security Engineer

NOTE:

F2F or in-person interview required.

Any visa is fine.

Open for C2C (W2 preferred).

Location: Full Onsite in either or both Midtown or/and Downtown office.

Work Hours: 9AM - 5PM (7 hours per day with 1-hour unpaid break / 35 hrs./week), Possible overtime, weekend and on calls.

Title: Network Security Engineer

Location: Onsite (New York, NY)

Duration: 3-6+ months Contract

Description

• Hands-on Palo Alto design & Architecture, configuration, deploy & management experience
• Strong Network Security Framework knowledge & experience
• Strong Cisco ACI, Palo Alto Firewall, Fortinet (Replacing Cisco ASA)
• Microsoft Defender, Zscaler, Carbon Black
• Network: Replacing Switches, Vulnerability, VLAN, OSPF/BGP
• Network Security: Firewall (Palo Alto/Fortinet) - Rules, Upgrades, VPN, Logs, DLP and SOC
• Some physical work at datacenter

Duties

• Develop and enforce comprehensive network security strategies aligned with industry standards such as NIST and ISO 27000 to protect organizational assets.
• Configure and manage network security devices including Cisco ASA firewalls, Cisco ISE for identity management, IDS/IPS systems for threat detection, and VPN solutions for secure remote access.
• Conduct vulnerability assessments and penetration testing to identify potential weaknesses within LAN, WAN, SAN, and cloud infrastructure environments like AWS and Google Cloud Platform.
• Monitor network traffic using SIEM tools such as Splunk or SolarWinds to detect suspicious activities, perform log analysis, and initiate incident response procedures promptly.
• Implement system hardening techniques on operating systems including Linux (Debian, CentOS, Ubuntu), Windows, macOS, and UNIX variants to minimize attack surfaces.
• Manage encryption protocols such as IPsec, SSL/TLS, PKI (Public Key Infrastructure), and FIPS standards to secure data in transit and at rest across diverse platforms.
• Lead incident recovery efforts by executing disaster recovery plans, system security plans, and threat detection & response strategies in accordance with FISMA and FedRAMP compliance requirements.

Skills

• Extensive knowledge of computer networking concepts including LAN/WAN architecture, routing protocols (OSPF, BGP), TCP/IP stack, DHCP/DNS services, and network protocols.
• Hands-on experience with firewall management (Cisco ASA), network support tools (SolarWinds, PRTG), load balancing solutions, and high availability configurations.
• Proficiency in scripting languages such as Python or Bash for automation of security tasks and system administration activities.
• Strong understanding of vulnerability management frameworks like DREAD or CVSS; experience with vulnerability research and assessment tools.
• Familiarity with cloud computing platforms (AWS, Azure) including cloud architecture design principles for secure deployment.
• Knowledge of identity & access management (IAM), RBAC policies, SSO integrations (Active Directory), LDAP directories, GPOs, and open-source tools like Ansible or Terraform for infrastructure automation.
• Ability to analyze network traffic using tools like Fiddler or Wireshark; conduct computer forensics; implement system security hardening measures; perform threat intelligence analysis.
• Understanding of compliance standards such as PCI DSS for payment systems; experience with incident management frameworks like ITIL; adherence to SDLC processes for secure software deployment.
• Join us to be at the forefront of cybersecurity innovation! Your expertise will help shape resilient defenses against evolving cyber threats while advancing your career in a collaborative environment committed to excellence in information security.

Experience:

• Network Security: 5 years (Preferred)
• Zscaler: 3 years (Preferred)
• Carbon Black: 3 years (Preferred)
• Palo Alto Firewalls: 5 years (Preferred)
• FortiGate: 5 years (Preferred)