Network Security Operations Engineer

<p>We are seeking a hands-on Network Security Engineer to operate and continuously improve our network security stack—primarily enterprise firewalls (Palo Alto, Fortinet, Cisco), secure web gateways/proxies, and site-to-site/remote-access VPNs. The ideal candidate is an operator-engineer hybrid with deep knowledge across L2–L7 security controls, strong troubleshooting skills, and proven experience in high-availability, low-latency environments. Experience supporting MAS TRM or BNM RMiT audits is highly preferred.</p> <p>&nbsp;</p> <p>Operations &amp; Reliability:<br>Own day‑to‑day operation of Palo Alto, Fortinet, and Cisco firewalls, Proxies, and VPN appliances (IPSec/SSL).<br>Monitor and maintain HA clusters, dynamic routing (BGP/OSPF) on firewalls, and NAT/policy objects to ensure availability and performance SLAs.<br>Execute change management: rule modifications, NAT adjustments, SSL decryption policies, URL categories and app‑ID signatures.<br>Perform break/fix troubleshooting using methodical, packet‑level analysis (pcaps, flow records, session tables, global counters).<br>&nbsp;</p> <p>Security Engineering &amp; Hardening:<br>Manage segmentation (zones, VRFs, tags), east‑west and north‑south controls, and zero-trust policy baselines.<br>Develop and maintain standardized security templates (objects, groups, security profiles, threat/vulnerability profiles, URL filtering, DLP where applicable).<br>Tune IPS/IDS, Anti‑Malware, URL filtering, WildFire/ATP, DNS Security, and sandboxing controls to reduce false positives while maintaining strong coverage.<br>Integrate firewalls with identity (AD/LDAP, IdP, SSO), SIEM/SOAR, PKI, and EDR/XDR telemetry to enrich detections and automate response.<br>&nbsp;</p> <p>Secure Remote Access &amp; Edge<br>Maintain VPN architectures (IPSec, GlobalProtect/AnyConnect/FortiClient), posture checks, MFA, split vs. full tunnel policies.<br>Support branch/edge (SD‑WAN) security policy application and traffic steering to on‑prem or cloud security services.<br>Manage proxy/SWG policies (e.g., SSL decrypt, file controls, CASB integration) and ensure compliance for web access.<br>Experience in Zero Trust Network Access (ZTNA) is an advantage.<br>&nbsp;</p> <p>Governance, Risk &amp; Compliance<br>Maintain policy standards, rule certification/recertification cycles, and least‑privilege reviews.<br>Ensure controls meet regulatory and industry frameworks (e.g., ISO 27001, NIST 800‑53/CSF, SOC 2, PCI DSS, MAS TRM if applicable).<br>Document and execute disaster recovery and BCP plans for network security platforms.<br>&nbsp;</p> <p>Incident Response &amp; Continuous Improvement<br>Act as an escalation point for network‑security incidents; participate in RCA, and corrective actions.<br>Build dashboards and metrics (utilization, block/allow, threat trends, latency) and drive continuous tuning.<br>Contribute to runbooks, knowledge base articles, and automation (e.g., Ansible, Terraform, Panorama, FortiManager, Cisco FMC APIs).</p>