Network Security Engineer

Overview

On Site

Accepts corp to corp applications

Contract - Independent

Contract - W2

75% Travel

Skills

Network Security

Orchestration

Palo Alto

Fortinet

Blue Coat

TLS

SAML

OAuth

Lifecycle Management

Access Control

Optimization

Healthcare Information Technology

Real-time

High Availability

Failover

Internet

QoS

Management

PKI

SSL

User Experience

Virtual Private Network

Routing

IPsec

GRE

Border Gateway Protocol

OSPF

Virtual Private Cloud

Python

Ansible

Terraform

Onboarding

SIEM

Splunk

IBM QRadar

Collaboration

Microsoft

Dragon NaturallySpeaking

DNS

DLP

Inspection

Multi-factor Authentication

Network

Google Cloud Platform

Google Cloud

Hardening

Scripting

Enterprise Networks

Security Engineering

BFSI

Data Security

Auditing

Risk Management

Migration

Testing

Benchmarking

Incident Management

Forensics

Cloud Security

Threat Analysis

Regulatory Compliance

ISO/IEC 27001:2005

NIST 800-53

PCI DSS

DevSecOps

Continuous Integration

Continuous Delivery

WAN

Cloud Computing

Information Assurance

Information Architecture

Impact Analysis

Amazon Web Services

Microsoft Azure

CISSP

Cisco Certifications

Technical Direction

Job Details

Role Overview
Location: Plano TX
We are seeking a highly skilled Network Security Engineer with deep expertise in Security Service Edge (SSE) and Secure Access Service Edge (SASE) to lead the design, deployment, and lifecycle management of cloud-delivered security services. This role is critical in implementing Zero Trust Network Access (ZTNA), securing hybrid BFSI infrastructure, and integrating identity-aware, policy-driven controls across distributed environments.

Primary Technical Skills

SSE/SASE Platforms: Advanced configuration and policy orchestration on Palo Alto Prisma Access, Fortinet Universal ZTNA, and Zscaler ZIA/ZPA, Broadcom and Bluecoat.

Cloud-Delivered Security Functions: Deep understanding of SWG, CASB, ZTNA, DNS security, FWaaS, and SSL/TLS inspection.

Identity-Aware Access Control: Integration with SAML/OAuth2/OpenID Connect, device posture enforcement, and risk-based access policies.

Policy Lifecycle Management: Design and tuning of access control policies, URL filtering, application control, and data protection rules.

Post-Deployment Optimization: Continuous tuning using telemetry, policy hit/miss analysis, latency metrics, and user experience feedback.

Advanced Threat Protection: Integration with sandboxing engines, cloud-delivered threat intelligence, and real-time traffic analysis.

High Availability & Resilience: Design of redundant tunnels, failover strategies, and multi-tenant segmentation in SSE environments.

Traffic Steering & Breakout Policies: Implementation of local internet breakout (LIB), selective tunneling, and QoS-aware routing.

Certificate Management: Handling PKI integration, certificate pinning, and SSL decryption policies across user and app flows.

User Experience Assurance: Use of digital experience monitoring (DEM) tools to baseline and optimize end-user performance.

Secondary Technical Skills

SD-WAN & VPN Integration: Deep familiarity with overlay routing, dynamic path selection, IKEv2/IPSec/GRE tunnels, and BGP/OSPF redistribution.

Cloud Security Architecture: Design of hub-and-spoke, transit VPC, and cloud-native firewalling across AWS, Azure, and Google Cloud Platform.

Automation & APIs: Development of Python/Ansible/Terraform scripts for policy automation, bulk onboarding, and compliance checks.

SIEM & SOAR Integration: Event forwarding, custom log parsing, UEBA correlation, and automated response playbooks in Splunk, QRadar, or Sentinel.

Endpoint & EDR Integration: Policy coordination with CrowdStrike, Microsoft Defender, or SentinelOne for device trust enforcement.

DNS & DLP Integration: Enforcement of DNS-layer security and data exfiltration controls using inline DLP and cloud-native inspection.

Multi-Factor & Conditional Access: Integration with Azure Conditional Access, Okta Adaptive MFA, and device compliance policies.

Network Segmentation: Implementation of microsegmentation using identity-based policies and application-aware zoning.

Cloud Logging & Audit Trails: Centralized logging via CloudWatch, Azure Monitor, or Google Cloud Platform Logging, mapped to compliance controls.

Security Baseline Enforcement: Use of CIS Benchmarks, NIST 800-53, and custom hardening scripts for posture validation.

Required Experience

8 12 years in enterprise network and security engineering, with 3+ years in SSE/SASE design and operations.

Proven experience in Zero Trust architecture, identity-aware segmentation, and cloud-delivered security enforcement.

Strong exposure to regulated verticals (preferably BFSI), with emphasis on data protection, audit readiness, and risk mitigation.

Hands-on with multi-vendor SSE ecosystems, including policy migration, interoperability testing, and performance benchmarking.

Experience in incident response, forensics, and policy rollback in production SSE environments.

Preferred Qualifications

Experience with hybrid cloud security models and multi-cloud segmentation strategies.

Familiarity with EDR/XDR, sandboxing, and threat intelligence platforms (TIPs).

Understanding of compliance frameworks: ISO 27001, NIST 800-53, RBI, GDPR, and PCI-DSS.

Exposure to DevSecOps pipelines, CI/CD security gates, and IaC security scanning.

Knowledge of SASE convergence models, including WAN edge, cloud edge, and identity edge integration.

Nice to Have:

Zscaler Certified Cloud Professional (ZCCP-IA/ZCCP-PA)

AWS/Azure Security Specialty

CISSP or CCSP

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Job Details

Share