Title: Network Cloud / Automation Engineer - Need 13+ years

Title: Network Cloud / Automation Engineer - Need 13+ years

Client - One Main Financial - 2 days a week hybrid in one of the below locations

Work Location Address: Evansville IN, Baltimore MD, Wilmington DE, Charlotte, NC, or Irving TX.

Job Description:

Position Overview: The Cloud Network Security Engineer will be responsible for planning, deployment, and maintenance of network security equipment and solutions across on-premises, AWS, and Azure cloud infrastructures.

Work Schedule: This position is Monday-Friday. Team members are expected to be flexible with their schedule to support up to two after-hours planned maintenance windows per week.

Description: The Cloud Network Security Engineer will join a collaborative infrastructure team focused on securing and supporting our growing cloud presence across AWS and Azure. This role will serve as a key technical resource for cloud-based networking and firewall operations, with a strong emphasis on Palo Alto firewalls, infrastructure-as-code, and cloud-native networking. The ideal candidate will assist senior engineers in designing, troubleshooting, and optimizing cloud network security, particularly in environments where traffic flows between cloud VPCs/VNETs, on-prem data centers, and internet endpoints.

Responsibilities:

Design, implement, and support network security architectures in AWS and Azure environments, with a focus on scalable, resilient solutions.

Deploy and manage Palo Alto firewalls, including VM-Series for AWS/Azure, integrating them into complex cloud environments, and physical hardware for on-prem solutions.

Assist with troubleshooting cloud networking issues (e.g., route tables, network ACLs, NSGs, VPNs, VPC/VNET peering, Transit Gateway).

Collaborate with DevOps, Security, and Cloud Engineering teams to align firewall policies with application and infrastructure needs.

Use Terraform and Ansible to automate firewall provisioning, security rules, and cloud infrastructure configuration.

Participate in ongoing operations and incident response efforts for cloud network security incidents.

Develop and maintain documentation for cloud network security architectures and operational procedures.

Stay informed about evolving cloud networking technologies and provide guidance on best practices.

Required Skills and Qualifications:

Excellent verbal and written communication skills.

Strong organizational and task management abilities, especially in dynamic or high-priority situations.

Ability to prioritize and multitask across concurrent projects and support tickets.

Collaborative mindset with a proactive approach to troubleshooting and documentation.

Technical Knowledge and Experience:

Solid understanding of networking fundamentals, including routing, switching, TCP/IP, DNS, NAT, and the OSI model.

Hands-on experience with Palo Alto Networks firewalls, including deployment, configuration, policy management, and troubleshooting in cloud environments (AWS and/or Azure).

Working knowledge of AWS networking (VPCs, Transit Gateway, Security Groups, NACLs, Route Tables, Direct Connect, VPN) and/or Azure networking (VNETs, NSGs, User Defined Routes, ExpressRoute, VPN Gateway).

Familiarity with cloud-native routing and peering patterns, including VPC/VNET peering, hybrid connectivity, and secure remote access.

Experience reading and writing infrastructure-as-code using Terraform HCL, and automating tasks via Ansible or equivalent tools.

Comfortable interpreting and modifying JSON/YAML configuration files and consuming RESTful APIs for automation and monitoring.

Exposure to CI/CD pipelines and cloud-based deployment models.

Comfortable working in command-line environments (Linux shell, Azure CLI, AWS CLI), with practical experience using tools like traceroute, tcpdump, Wireshark, or cloud-specific diagnostics.

Familiarity with IP address management (IPAM) platforms and best practices in cloud-based IP planning and subnetting.

Bonus: Experience with Palo Alto Panorama, Prisma Access, or integration with SIEM/log aggregation platforms is a plus.

ADDITIONAL INFORMATION:

Candidates MUST live within 50 miles of OneMain corporate offices in Evansville IN, Baltimore MD, Wilmington DE, Charlotte, NC, or Irving TX.

Potential for conversion to FTE

No travel

No regular onsite work requirement unless converted to FTE.