Network Security Engineer

Key Responsibilities

• Security Architecture and Compliance
• Design, test, and implement robust and scalable secure network solutions, including firewalls, VPNs, micro-segmentation, and security gateways that align with our cloud-first strategy.
• Ensure all network infrastructure adheres strictly to internal security policies and external compliance requirements relevant to education technology and data privacy (e.g., FERPA, COPPA, and state-specific regulations).
• Develop and maintain clear network security architecture documentation, standards, and operational playbooks.

Operations and Threat Management

• Manage and monitor next-generation network security systems (NGFWs, WAFs, IDS/IPS) to proactively detect, prevent, and respond to cyber threats targeting our network perimeter and internal resources.
• Conduct regular security audits, vulnerability assessments, and penetration testing on network infrastructure to identify and remediate weaknesses.
• Implement configuration changes, patching, and upgrades on network security devices with minimal disruption to critical services.
• Administer and manage network access control systems (NAC) and AAA services (RADITACACS+) to enforce least-privilege access.
• Incident Response and Reporting
• Lead the investigation and resolution of network-related security incidents as a key member of the Security Incident Response Team (SIRT).
• Collaborate with the Security Operations Center (SOC) to fine-tune SIEM correlation rules specifically related to network activity and anomalies.
• Provide timely and clear reports on network security status, incident metrics, and overall risk posture to technology and executive leadership.

Required Qualifications

• Education: Bachelor's degree in computer science, Information Technology, Cyber Security, or equivalent practical experience in a relevant field.
• Experience: 3+ years of professional experience in network engineering with a dedicated focus on security principles and implementation. Networking Expertise: Expert-level knowledge of TCP/IP, routing protocols (BGP, OSPF), and practical experience with securing large-scale, multi-VLAN, and virtualized network environments.
• Security Tools: Hands-on expertise with at least two major enterprise firewall platforms (e.g., Palo Alto, Fortinet, Cisco) and experience managing security in a public cloud environment (AWS or Azure).
• Scripting/Automation: Proficiency in using scripting languages (e.g., Python, Bash) or configuration management tools (e.g., Ansible) to automate repetitive network security tasks.

Preferred Qualifications

• Certifications: Current, relevant certifications such as CISSP, CCNP Security, PCNSE, or relevant AWS/Azure security certifications.
• SaaS Security: Direct experience securing a high-availability, multi-tenant Software-as-a-Service (SaaS) environment.
• DevSecOps: Familiarity with integrating security controls into CI/CD pipelines and infrastructure as Code (IaC) practices.
• Micro-segmentation: Practical experience designing and implementing Zero Trust or micro-segmentation architectures.

Must Have Skills

• Education: Bachelor's degree in computer science, Information Technology, Cyber Security, or equivalent practical experience in a relevant field.
• Experience: 3+ years of professional experience in network engineering with a dedicated focus on security principles and implementation.
• Networking Expertise: Expert-level knowledge of TCP/IP, routing protocols (BGP, OSPF), and practical experience with securing large-scale, multi-VLAN, and virtualized network environments.
• Security Tools: Hands-on expertise with at least two major enterprise firewall platforms (e.g., Palo Alto, Fortinet, Cisco) and experience managing security in a public cloud environment (AWS or Azure).
• Scripting/Automation: Proficiency in using scripting languages (e.g., Python, Bash) or configuration management tools (e.g., Ansible) to automate repetitive network security tasks.

Nice to Have Skills

• Certifications: Current, relevant certifications such as CISSP, CCNP Security, PCNSE, or relevant AWS/Azure security certifications.
• SaaS Security: Direct experience securing a high-availability, multi-tenant Software-as-a-Service (SaaS) environment.
• DevSecOps: Familiarity with integrating security controls into CI/CD pipelines and infrastructure as Code (IaC) practices.
• Micro-segmentation: Practical experience designing and implementing Zero Trust or micro-segmentation architectures.