Network Security Engineer

Role Summary

We are seeking a highly experienced Network Security Lead to own and drive enterprise network and cyber security strategy, architecture, and operations. The role demands strong expertise in CyberArk PAM, Firewalls, SD‑WAN, DLP, SIEM, SOAR, and enterprise monitoring solutions.

The ideal candidate will combine deep technical skills with leadership capabilities to manage complex security environments and guide teams toward a mature security posture.

Key Responsibilities

Network & Security Architecture
Lead the design, implementation, and optimization of secure network architecture across on‑prem, cloud, and hybrid environments
Define and enforce network security standards, segmentation models, and zero‑trust principles
Ensure resilience, scalability, and availability of security infrastructure

Firewall & SD‑WAN Management

Own implementation and operations of Next-Generation Firewalls (NGFW) such as Palo Alto, Fortinet, Cisco, Check Point, etc.
Design and manage firewall rulesets, NAT, IPS/IDS, VPNs (site‑to‑site and remote access)
Lead deployment, migration, and optimization of SD‑WAN solutions (Cisco, Fortinet, VMware, Silver Peak, etc.)
Integrate SD‑WAN with security controls including firewalls, cloud security, and monitoring platforms
Ensure secure connectivity between data centers, branches, and cloud environments

Privileged Access Management (CyberArk)

Own and manage CyberArk PAM solutions including PVWA, CPM, PSM, and EPM
Implement privileged access lifecycle management, password vaulting, session monitoring, and compliance reporting
Lead CyberArk onboarding, integrations, upgrades, and operational governance

SIEM & SOAR

Lead SIEM platform operations (ArcSight, Sentinel, etc.) including onboarding of firewall, SD‑WAN, and security device logs
Define and optimize correlation rules, dashboards, alerts, and compliance reporting
Drive SOAR automation for incident response, threat containment, and remediation workflows

Data Loss Prevention (DLP)

Design and manage DLP controls for data at rest, in use, and in transit
Partner with legal, compliance, and business teams to balance security and usability

Threat Detection & Incident Response

Lead network and security incident response including firewall breaches, lateral movement, and data exfiltration attempts
Perform threat hunting, root cause analysis, and post‑incident improvements
Coordinate with SOC teams, vendors, and senior leadership during critical events

Monitoring, Governance & Compliance

Oversee enterprise security monitoring and alerting for network and security platforms
Ensure adherence to ISO 27001, NIST, PCI‑DSS, SOX, GDPR, and regulatory requirements
Support audits, vulnerability assessments, penetration tests, and risk assessments

Leadership & Stakeholder Engagement

Lead, mentor, and grow a team of network and security engineers
Act as a trusted advisor to IT and business leadership on network security risks and roadmap
Manage security vendors, service providers, and technology partners

Required Skills & Qualifications

Technical Skills
10+ years of experience in Network & Cyber Security
Strong hands‑on experience with Next‑Generation Firewalls (NGFW)
Proven experience in SD‑WAN design, deployment, and operations
Expert knowledge of CyberArk PAM solutions
Strong SIEM experience with log ingestion from network, firewall, and SD‑WAN platforms
Experience with SOAR, security automation, and orchestration
Deep understanding of DLP technologies
Strong networking fundamentals (TCP/IP, routing, switching, DHCP, DNS)
Cloud and cloud‑network security experience (AWS/Azure/GCP) is a plus
Soft Skills
Strong leadership, mentoring, and team‑building skills
Excellent communication and stakeholder management
Analytical mindset with strong problem‑solving abilities
Ability to lead under pressure during security incidents

Certifications (Preferred)
CISSP, CISM, CCSP
CyberArk PAM Certifications
Firewall/Network Certifications (PCNSE, NSE, CCNP Security, etc.)
Cloud Security Certifications (Azure/AWS)

Nice to Have
SOC transformation or large‑scale security modernization experience
Zero Trust and Secure Access Service Edge (SASE) exposure
Experience with UEBA, CASB, EDR/XDR
Automation and scripting (Python, PowerShell)