Senior Network Security Engineer

We are seeking a Senior Network Security Engineer for an operations-first role supporting enterprise network security infrastructure across on-premises, remote-access, hybrid-cloud, and cloud-connected environments. This is not primarily an architecture/design role. The priority is a hands-on engineer who can administer, configure, maintain, troubleshoot, patch, upgrade, back up, validate, document, and operate production security platforms with minimal ramp-up.

• Firewall operations: hands-on Cisco and Palo Alto firewall administration, rule changes, NAT, troubleshooting, policy cleanup, upgrades, backups, logging, and production support.
• VPN / remote access: support for remote-access VPN, site-to-site VPN, user connectivity issues, certificates, authentication flows, and after-hours troubleshooting.
• RSA / MFA administration: RSA SecurID or equivalent MFA operations, token support, server administration, user troubleshooting, VPN integration, certificates, patching, backups, logs, and monitoring.
• Day-to-day operations: ticket resolution, monitoring alerts, health checks, change requests, incident support, maintenance windows, operational reporting, and customer support.
• Configuration and administration: installing, configuring, maintaining, patching, upgrading, backing up, validating, and troubleshooting assigned security platforms.
• Production troubleshooting: strong TCP/IP, DNS, routing, firewall logs, packet captures, VPN authentication, certificate, and connectivity troubleshooting.
• Documentation and process discipline: SOPs, runbooks, diagrams, change records, rollback plans, evidence collection, knowledge transfer, and formal change management.
• Federal/customer environment maturity: Public Trust eligibility, regulated-environment documentation, customer support, cross-team coordination, and comfort working with government stakeholders.

The best candidate can credibly say: "I have operated enterprise Cisco and Palo Alto firewalls in production, handled firewall rule changes and troubleshooting, supported VPN users and site-to-site tunnels, administered or supported RSA/MFA tied to VPN access, followed formal change-management processes, maintained documentation and backups, and can step into daily operational support with minimal ramp-up."

Scope and Role Boundaries

• Primary platforms include Cisco ASA/Firepower/FTD/FMC, Palo Alto NGFW/Panorama/GlobalProtect, remote-access and site-to-site VPN, RSA SecurID Authentication Manager or comparable MFA, monitoring/logging/SIEM integrations, and related network security controls.
• Coordinate with SOC/NOC, cloud, identity/directory, wireless/LAN, server, endpoint, system owner, application, governance, and vendor teams during changes, incidents, troubleshooting, compliance, and audit support.
• Cloudflare, Cisco ISE/NAC, secure web/email gateways, packet visibility tools, SD-WAN/SASE/ZTNA, AWS/Azure security, and F5/application-delivery awareness are useful where they intersect with assigned operational support, but the core need is firewall, VPN, RSA/MFA, and production operations.

Key Responsibilities

• Provide daily, weekly, monthly, and annual operational support for assigned security systems, including tickets, alerts, health checks, email/phone support, metrics, status reporting, and operational validation.
• Administer and troubleshoot enterprise firewalls, including rule bases, NAT, segmentation, high availability, threat prevention, VPN integration, logging, secure baselines, rule reviews, recertification, cleanup, and decommissioning.
• Install, configure, maintain, patch, upgrade, back up, and validate firewall, VPN, MFA, and related network security systems in production environments.
• Support remote-access VPN, site-to-site VPN, partner connectivity, cloud connectivity, mobile/remote users, certificates, authentication policies, availability, utilization, and user access issues.
• Maintain and troubleshoot RSA SecurID Authentication Manager or equivalent MFA services, including servers/appliances, agents, certificates, HA, backups, logs, monitoring, directory integration, VPN authentication, and token lifecycle support.
• Respond to incidents, vulnerability notices, urgent requests, vendor advisories, PSIRT notices, system alerts, and emergency troubleshooting while minimizing service disruption.
• Use firewall logs, VPN logs, packet captures, SIEM data, monitoring tools, DNS/routing checks, and standard diagnostics to resolve complex connectivity, authentication, TLS/certificate, and application-flow issues.
• Create and maintain topology diagrams, equipment inventories, configurations, SOPs, runbooks, implementation plans, rollback plans, build/upgrade procedures, troubleshooting notes, and knowledge articles.
• Follow approved change, release, incident, problem, and configuration-management processes; prepare change records, peer-review materials, validation evidence, root-cause analysis, metrics, and audit artifacts.
• Support vulnerability remediation, POA&M tracking, continuous monitoring, compliance reviews, audit evidence collection, and coordination with ISSO, system owner, and security governance teams.

Requirements

• 7+ years of experience in network security engineering, network infrastructure, cybersecurity infrastructure, or a closely related role.
• 5+ years of hands-on experience administering, maintaining, and troubleshooting enterprise firewall platforms in production environments.
• Hands-on experience with Cisco security technologies such as Cisco ASA, Firepower, FTD, FMC, AnyConnect/Secure Client, or equivalent Cisco firewall/VPN platforms.
• Hands-on experience with Palo Alto Networks technologies such as NGFW, Panorama, GlobalProtect, security profiles, App-ID/User-ID, logging, and policy optimization.
• Experience administering or supporting RSA SecurID Authentication Manager or comparable enterprise MFA/two-factor authentication platforms, including token support, server operations, patching/upgrades, backups, certificates, monitoring, and directory/VPN integration.
• Strong knowledge of firewall policy, NAT, VPNs, routing, DNS, DHCP, BGP, TLS/certificates, packet captures, log analysis, segmentation, high availability, and common network diagnostic tools.
• Experience with enterprise monitoring, logging, SIEM, alerting, vulnerability management, incident response, formal change management, and regulated-environment documentation.
• Ability to create clear technical documentation, support customers and stakeholders, prioritize operational work, communicate clearly, and coordinate across technical teams.
• Ability to obtain and maintain a Public Trust background investigation.

Desired Certifications

Relevant certifications are helpful but should not replace demonstrated hands-on experience. Examples include CCNP Security, CCIE Security, PCNSE, PCCSE, CISSP, CCSP, AWS Certified Security - Specialty, AWS Advanced Networking - Specialty, Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Azure Network Engineer Associate, CompTIA Security+, CompTIA CySA+, GIAC certifications, or equivalent vendor/cloud certifications.

Core Competencies

Enterprise firewall engineering and policy lifecycle management

VPN, remote access, RSA/MFA, and token lifecycle operations

Cloudflare, edge security, secure access, and Zero Trust support

Content filtering, secure web/email gateway, and NAC operations

Hybrid-cloud network security and secure connectivity

Monitoring, logging, SIEM integration, and incident response support

Security visibility, packet analysis, and advanced troubleshooting

Vulnerability remediation, compliance evidence, and POA&M support

Change management, documentation, reporting, and operational metrics

Technical leadership, customer support, and cross-team collaboration

Benefits

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible schedule
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Professional development assistance
• Referral program
• Retirement plan
• Tuition reimbursement
• Vision insurance