Senior Network Security Engineer

Job Title: Senior Network Security Engineer

Department: Information Technology

Reports to: Director - Network Technology
Location: In Office, Orange CT

The base salary range for this position is dependent upon experience and location, ranging from: $114,332.80 - $142,916

Job Summary

We are seeking a highly skilled Senior Network Security Engineer to join our team and play a key role in securing, optimizing, and transforming our enterprise network infrastructure. The ideal candidate will have deep expertise in firewall security, NAT, IPSEC, SD-WAN, routing protocols (EIGRP, BGP, OSPF), and cloud security solutions. This position will focus on managing and enhancing our security infrastructure, which includes:

• Cisco ASA, Checkpoint, Fortinet FortiGate, Palo Alto Firewalls.
• Radware for DDoS protection.
• Zscaler ZIA/ZPA for cloud security.
• SD-WAN for optimized global connectivity.
• EIGRP, BGP, and OSPF-based network routing.
• NAT policy design and implementation

A key initiative for this role is leading the migration from Checkpoint to Fortinet firewalls while ensuring seamless network security operations. Additionally, the engineer will support and enhance our SD-WAN deployment for optimized global connectivity and application performance.

Key Responsibilities

• Lead the migration from Checkpoint to Fortinet, including policy conversion, rule optimization, and traffic validation.
• Manage and maintain Cisco ASA, Palo Alto, Fortinet, and Checkpoint firewalls across corporate, cloud, and remote sites.
• Design and optimize firewall rule sets for improved security, performance, and compliance.
• Perform risk assessments and firewall audits to ensure network security best practices.
• Manage and optimize SD-WAN architecture to improve application performance and reduce latency.
• Implement policy-based traffic steering, failover mechanisms, and WAN optimization.
• Ensure seamless integration between SD-WAN, firewalls, cloud security solutions, and on-prem networks.
• Troubleshoot SD-WAN performance issues, routing conflicts, and connectivity problems.

• Work with network and security engineers to ensure secure connectivity between on-premises, branch locations, and cloud.
• Design and implement NAT policies, including static NAT, dynamic NAT, and PAT (Port Address Translation).
• Configure and troubleshoot EIGRP, BGP, and OSPF for enterprise and cloud routing.
• Optimize routing policies to ensure high availability, redundancy, and performance.
• Work closely with the network engineering team to enhance SD-WAN, inter-site, and cloud connectivity.
• Administer and optimize Zscaler ZIA/ZPA solutions for secure cloud access and web filtering.
• Implement zero-trust security policies for cloud applications and remote users.
• Troubleshoot Zscaler tunnels, proxy configurations, and application access issues.
• Implement and maintain Radware DDoS protection to safeguard network infrastructure from volumetric and application-layer attacks.
• Configure IPS/IDS solutions to detect and mitigate security threats.
• Work with SOC teams to analyze and respond to security incidents.
• Lead firewall, SD-WAN, NAT, and routing issue troubleshooting affecting business-critical applications.
• Perform packet capture analysis and use security logs to diagnose network issues.
• Work with vendors (Cisco, Fortinet, Palo Alto, Zscaler) to resolve complex technical issues.
• Develop and enforce firewall and network security policies in compliance with NIST, CIS benchmarks, and ISO 27001 standards.
• Conduct regular security audits and risk assessments.
• Maintain up-to-date documentation of firewall rules, SD-WAN policies, and security configurations.
• Develop scripts (Python, Bash, PowerShell) for automating firewall audits and SD-WAN policy updates.
• Optimize firewall and SD-WAN policies to reduce latency and improve efficiency.
• Implement network automation frameworks to streamline security operations.

Required Skills & Experience

• 5-8 years of experience in network security engineering.
• Expertise in Fortinet FortiGate, Checkpoint, Palo Alto, and Cisco ASA firewalls.
• Strong knowledge of SD-WAN solutions (Fortinet SD-WAN, Cisco SD-WAN, Prisma Access).
• Experience configuring and troubleshooting EIGRP, BGP, and OSPF routing protocols.
• Hands-on experience managing Zscaler ZIA/ZPA for cloud security.
• Proficiency in VPN technologies (IPSec, SSL, GRE, DMVPN, L2TP) and their security implications.
• Strong skills in NAT, firewall rule optimization, and routing table analysis.
• Experience with Radware DDoS protection, IPS/IDS, and threat mitigation.
• Knowledge of zero-trust security architectures and secure SD-WAN implementation.
• Strong analytical skills for troubleshooting network security issues, including packet captures and firewall logs.

Preferred Qualifications

• Certifications: Fortinet NSE 4/7, Checkpoint CCSA/CCSE, Palo Alto PCNSA/PCNSE, Cisco CCNP Security, Zscaler ZCCP, SD-WAN certifications.
• Experience with AWS, Azure, and Google Cloud Platform cloud security best practices.
• Familiarity with SIEM solutions for security event monitoring.
• Experience automating security tasks using Python, Ansible, or Terraform.

#LI-Onsite

#LI-VF1

Company:
AVANGRID MANAGEMENT COMPANY, LLC.

Mobility Information

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country.

At Avangrid we provide fair and equal employment and advancement opportunities for all employees and candidates regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status, disability, protected veteran status or any other status protected by federal, state, or local law.
If you are an individual with a disability or a disabled veteran who is unable to use our online tool to search for or to apply for jobs, you may request a reasonable accommodation by contacting our People and Organization department at

Avangrid employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut, Maine, Massachusetts, and New York within Avangrid Network and Corporate functions. This does not include those that will work for Avangrid Power.

Avangrid employees may also be assigned a NERC Reliability Standards compliance role supporting Critical Infrastructure Protection (CIP) and/or Operations and Planning (O&P) responsibilities. This is applicable to employees that will work in electric transmission, operations, and cyber security business areas in Connecticut, Maine, Massachusetts, and New York within Avangrid Network and Corporate business areas. NERC Reliability Standards compliance roles and responsibilities may include additional access protections, training, audit engagement, and required evidence retention, and will be communicated by the employee's management.

Job Posting End Date:
February-25-2026