Principal - Network Security (Forescout NAC)

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

Title: Principal - Network Security (Forescout NAC)

The Role:

The Principal Network Security Engineer plays a pivotal role in safeguarding the organization's infrastructure by architecting, deploying, and managing advanced network security platforms. This is a high-impact position within a newly formed team dedicated to mission-critical initiatives, where reliability, resilience, and exceeding expectations are standard. We're seeking a strategic thought leader and self-driven engineer with a deep security-first mindset and a strong sense of product ownership-someone who can lead the transformation and continuous evolution of our network security ecosystem in alignment with our business and cybersecurity objectives.

Key responsibilities:

As the product owner for Network Access Control (NAC) and Identity Services platforms, the Principal Network Security Engineer will lead the strategic direction, architecture, and operational excellence of these technologies. This role demands a proactive security mindset and a deep sense of ownership to ensure the platforms are resilient, scalable, and aligned with enterprise security goals.

• Solution Architecture & Design
  Partner with cross-functional stakeholders to architect and deliver secure, scalable solutions tailored to evolving business and security requirements.
• Deployment & Configuration
  Lead global deployment and configuration of NAC appliances and Identity Services platforms across data centers, ensuring consistency, reliability, and compliance.
• Device Discovery & Profiling
  Implement advanced profiling techniques to identify and classify all network-connected devices, enforcing access only for authorized and trusted endpoints.
• Policy Creation & Enforcement
  Define and enforce granular access control policies based on device posture, driving network segmentation and strengthening the organization's security posture.
• Threat Detection & Response
  Monitor for anomalous device behavior and orchestrate automated responses to mitigate potential threats in real time.
• Compliance Management
  Leverage platform capabilities to ensure continuous compliance with internal standards and external regulatory requirements through robust reporting and audit trails.
• Security Ecosystem Integration
  Seamlessly integrate NAC and Identity platforms with next-gen firewalls, SIEMs, endpoint protection, and other security tools to create a unified defense strategy.
• Customer Support & Enablement
  Provide expert-level support to internal teams, manage escalations, and deliver training to promote platform adoption and operational readiness.
• Automation & Orchestration
  Utilize modern development tools and GitOps practices to automate deployment, configuration, and lifecycle management of security platforms.
• Standards & Documentation
  Establish architectural patterns, define operational standards, and maintain comprehensive documentation using Confluence and draw.io to ensure transparency and repeatability.

Core Skills & Experience:

• Expert-level in NAC platform administration and configuration (Forescout preferred)

• Strong understanding of network security principles. CISSP certification is desired but not required
• Working experience deploying and operating Identity platforms (Cisco ISE preferred)
• Exposure to Microsoft Active Directory, Microsoft Entra ID, and LDAP
• Knowledge of network fundamentals (TCP/IP, VLANs, VRFs, VPN, Dynamic Routing). CCNP certification preferred
• Strong understanding of how Network and Security infrastructure operate at Layer 2, Layer 3 & Layer 4-7
• Knowledge of network authentication protocols including EAP/802.1x, TACACS, RADIUS, OAuth
• Experience working with Public Key Infrastructure and tools (Venafi)
• Expert-level experience working with Linux, Windows, and MacOS operating systems
• Experience with scripting languages (Bash, Python, Perl, Powershell) and IaC tools like Ansible or Terraform
• Proficient with packet data tools like Wireshark to perform deep-level forensic analysis
• Ability to perform security analysis using SIEM and Analytics tools (Azure Sentinel, Log Analytics)
• Expert-level writing skills to create playbooks and standard operating procedures
• Experience with web APIs and data serialization languages (JSON, YAML)
• Excellent problem-solving and troubleshooting abilities with an emphasis on security
• Strong communication skills to collaborate with technical and non-technical stakeholders
• Exposure to cloud service providers such as Azure or AWS
• Working experience with Next Generation Firewalls (Checkpoint, Palo Alto) or host-based firewalls (Illumio)
• Good understanding of DNS, DHCP, and IPAM systems
• Previous experience at a financial organization is a plus

Certifications:

The following certifications are strongly preferred

FSCA - Forescout Certified Administrator

FSAA - Forescout Advanced Administrator

FSCE - Forescout Certified Engineer

Salary Range:
$137,400 - 233,600 USD

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We'd love to learn more about how your interests and experience could be a fit with one of the world's most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at .

We hope you're excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.