Network Security Operations Engineer

We are seeking a hands-on Network Security Engineer to operate and continuously improve our network security stackprimarily enterprise firewalls (Palo Alto Fortinet Cisco) secure web gateways/proxies and site-to-site/remote-access VPNs. The ideal candidate is an operator-engineer hybrid with deep knowledge across L2L7 security controls strong troubleshooting skills and proven experience in high-availability low-latency environments. Experience supporting MAS TRM or BNM RMiT audits is highly preferred.

Operations & Reliability:
Own daytoday operation of Palo Alto Fortinet and Cisco firewalls Proxies and VPN appliances (IPSec/SSL).
Monitor and maintain HA clusters dynamic routing (BGP/OSPF) on firewalls and NAT/policy objects to ensure availability and performance SLAs.
Execute change management: rule modifications NAT adjustments SSL decryption policies URL categories and appID signatures.
Perform break/fix troubleshooting using methodical packetlevel analysis (pcaps flow records session tables global counters).

Security Engineering & Hardening:
Manage segmentation (zones VRFs tags) eastwest and northsouth controls and zero-trust policy baselines.
Develop and maintain standardized security templates (objects groups security profiles threat/vulnerability profiles URL filtering DLP where applicable).
Tune IPS/IDS AntiMalware URL filtering WildFire/ATP DNS Security and sandboxing controls to reduce false positives while maintaining strong coverage.
Integrate firewalls with identity (AD/LDAP IdP SSO) SIEM/SOAR PKI and EDR/XDR telemetry to enrich detections and automate response.

Secure Remote Access & Edge
Maintain VPN architectures (IPSec GlobalProtect/AnyConnect/FortiClient) posture checks MFA split vs. full tunnel policies.
Support branch/edge (SDWAN) security policy application and traffic steering to onprem or cloud security services.
Manage proxy/SWG policies (e.g. SSL decrypt file controls CASB integration) and ensure compliance for web access.
Experience in Zero Trust Network Access (ZTNA) is an advantage.

Governance Risk & Compliance
Maintain policy standards rule certification/recertification cycles and leastprivilege reviews.
Ensure controls meet regulatory and industry frameworks (e.g. ISO 27001 NIST 80053/CSF SOC 2 PCI DSS MAS TRM if applicable).
Document and execute disaster recovery and BCP plans for network security platforms.

Incident Response & Continuous Improvement
Act as an escalation point for networksecurity incidents; participate in RCA and corrective actions.
Build dashboards and metrics (utilization block/allow threat trends latency) and drive continuous tuning.
Contribute to runbooks knowledge base articles and automation (e.g. Ansible Terraform Panorama FortiManager Cisco FMC APIs).