Network Security Engineer

Role Network Security Engineer

Location San Jose, CA - Onsite

Role Overview

As a Senior Network Security Engineer, you will lead the architecture, implementation, and continuous optimization of our global network security infrastructure. You will be responsible for a zero-trust environment, ensuring robust perimeter defense with Palo Alto, secure access control via Aruba ClearPass, and high-performance application delivery with Avi Load Balancers. This role requires a blend of deep technical engineering and strategic policy management using FireMon.

________________________________________

Key Responsibilities

Network Defense: Design, deploy, and manage Palo Alto Next-Generation Firewalls (NGFW), including GlobalProtect VPN for secure remote access and Threat Prevention profiles.

Identity & Access: Lead the administration of Aruba ClearPass for NAC, profiling, and guest access, ensuring seamless integration with Aruba Wireless and Edgecore switching fabric.

Application Delivery: Architect and maintain Avi Load Balancers (NSX Advanced LB) to ensure high availability, global server load balancing (GSLB), and integrated WAF protection.

Core Infrastructure: Manage enterprise-scale Route and Switch environments, specifically focusing on Edgecore open networking hardware and Infoblox for DDI (DNS, DHCP, and IPAM).

Security Policy Management: Utilize FireMon to automate policy changes, perform risk analysis, and ensure continuous compliance across multi-vendor firewall environments.

ITSM Integration: Drive operational excellence by managing lifecycles and incidents within ServiceNow (ITSM), ensuring all changes are documented and meet audit requirements.

Mentorship: Act as the Tier 3 escalation point for complex network security outages and mentor junior engineers in best practices.

________________________________________

Technical Skills & Qualifications

Core Security & Networking

Firewalls: Advanced proficiency in Palo Alto Networks (Panorama, WildFire, GlobalProtect).

Authentication: Expertise in Aruba ClearPass Policy Manager and 802.1X protocols.

Load Balancing: Strong experience with Avi Networks (NSX ALB) or similar Software-Defined Load Balancers.

Switching/Routing: Deep knowledge of BGP, OSPF, and EVPN-VXLAN, with hands-on experience in Edgecore or OCP-compliant hardware.

DDI: Mastery of Infoblox for IP address management and DNS security.

Management & Tools

Audit & Compliance: Experience using FireMon for rule cleanup, policy auditing, and compliance reporting (PCI-DSS, NIST).Wireless: Configuration and tuning of Aruba Wireless controllers and Access Points.

Operations: Strong familiarity with ITSM frameworks (ServiceNow) and Agile methodologies.

________________________________________

Education & Experience

Experience: 10+ years in Network Security Engineering, with at least 3 years in a Senior or Lead capacity.

Education: Bachelor s degree in Computer Science, Cyber Security, or equivalent field. Certifications (Preferred): * PCNSE (Palo Alto Certified Network Security Engineer)

ACCP (Aruba Certified ClearPass Professional)CCNP Security or Routing & Switching

FireMon Core/Policy Manager Certification