Staff Engineer - Network Security

This position does not offer sponsorship. Candidates must be legally authorized to work in the United States without sponsorship now or in the future.

Staff Engineer Network Security

The Staff Engineer Network Security plays a pivotal role in designing, implementing, and maintaining enterprise network security infrastructure, with a strong focus on proxy and Data Loss Prevention (DLP) solutions. This role leads security control testing to ensure alignment with industry standards and regulatory compliance, while partnering closely with audit and compliance teams.

Essential Functions

• Design, implement, and optimize proxy and DLP solutions to protect sensitive data and ensure secure network access.

• Act as a subject matter expert (SME) for proxy and DLP technologies, offering strategic and technical guidance to engineering teams, stakeholders, and leadership.

• Integrate and manage security technologies from vendors such as Microsoft, Palo Alto, and Netskope within enterprise environments.

• Collaborate with audit and compliance teams to ensure solutions align with regulatory standards (e.g., PCI DSS, SOX, NYDFS).

• Design, test, and implement security controls aligned with governance and compliance frameworks.

• Maintain and monitor the performance, availability, and reliability of proxy and DLP systems; troubleshoot and resolve issues proactively.

• Work with security governance teams to define and enforce security policies and configurations.

• Support the security operations team in incident investigation and response related to proxy and DLP technologies.

• Stay current with trends and advancements in network security; recommend new tools or improvements to strengthen the organization s security posture.

• Produce and maintain comprehensive technical documentation, including architecture diagrams, procedures, control test results, and troubleshooting guides.

Minimum Qualifications

• Bachelor s degree in Computer Science, Information Technology, or a related technical field.

• 10+ years of experience in network security engineering, including at least 5 years with proxy and DLP technologies.

• Experience in regulated industries, especially financial services, with a clear understanding of compliance and security frameworks.

• Hands-on expertise with Microsoft Defender, Palo Alto Prisma Access, and Netskope security platforms.

• Proven experience collaborating with audit and compliance teams, including execution of security control testing.

• In-depth knowledge of proxy protocols (HTTP/HTTPS, SOCKS) and DLP methodologies.

• Proficient in firewall configuration, secure web gateways, and SASE architecture.

• Strong scripting skills (e.g., PowerShell, Python) for security automation and integration.

• Familiarity with Zero Trust principles and implementation frameworks.

• Excellent analytical thinking, problem-solving, and communication skills.

• Successful completion of background and drug screening.

Preferred Qualifications

• Professional certifications such as CISSP, Palo Alto PCNSE, Microsoft SC-200, or Netskope NCCSA (or equivalent).

• Experience with cloud security architecture and the transition from traditional proxy solutions to cloud-native platforms.

• Strong knowledge of compliance standards including PCI DSS, NIST, ISO 27001, and NYDFS.