Zero Trust Network Security Engineer

As part of Johnson Controls global Network Security Operations function the Zero Trust Network Operations Engineer is responsible for the day to day operation monitoring support and lifecycle management of the enterprise network security infrastructure. This role focuses on maintaining availability enforcing security policies executing approved changes and responding to incidents across a large globally distributed environment.
The environment supports 1000 sites and 100000 users including datacenters manufacturing plants sales offices and customer contact centers. Technologies include Cisco Fortinet Zscaler Silver Peak SD WAN Akamai Guardicore Tufin Forescout NAC Microsoft Azure Google GCP and related security platforms.
This is a hands-on operational role working closely with global IT operations teams security partners and managed service providers to ensure secure stable and compliant network services.

How you will do it:
Operational Support & Maintenance
Operate and support enterprise Zero Trust platforms primarily Forescout NAC and Infoblox DDI.
Perform daily monitoring health checks and troubleshooting of network access control services DNS and DHCP.
Manage network access exceptions MAC address repository (MAR) whitelisting and device compliance checks for corporate and BYOD/Guest networks.
Data Analytics & Asset Management
Leverage data analytics skills to analyze correlate and reconcile asset data across Forescout Infoblox Axonius and ServiceNow CMDB.
Assist in identifying classifying and managing the lifecycle of over 30000 unmanaged IoT and OT devices across the global network.
Incident & Problem Management
Respond to network access control incidents including 802.1X/RADIUS authentication failures and Guest Captive Portal (JCI-Internet) loading issues.
Work collaboratively with the Network TOC Service Desk and field IT teams during security events or network service degradations.
Change & Configuration Management
Implement approved access control rules semi-trust policies and network segmentation changes (VLAN assignments/ACLs) in production environments.
Execute DNS/DHCP configuration changes and IPAM updates following formal change management processes.
Automation & Continuous Improvement
Identify opportunities to automate repetitive operational tasks (e.g. utilizing PowerApps/Power Automate to streamline MAC address approvals).
Assist with operational runbooks standard operating procedures and knowledge documentation for L1/L2 support teams.

What we look for:
Required
Hands-on operational experience supporting enterprise network security network access control or DDI environments.
Working knowledge of network authentication protocols (802.1X RADIUS MAB) and core networking concepts (TCP/IP VLANs routing/switching).
Experience troubleshooting DNS DHCP and IP address management (IPAM) issues.
Experience working within ITIL-based operational processes (incident change problem).
Desirable
Direct experience operating Forescout Infoblox or Axonius platforms.
Experience with ServiceNow CMDB and building automated workflows (e.g. PowerApps).
Exposure to Zero Trust Network Architecture and IoT/OT device classification from an operational perspective.
Basic scripting or automation experience (Python preferred).
Qualifications
Bachelor s degree in Computer Science Information Systems Data Analytics or other applicable disciplines.
Security or networking certifications (e.g. Forescout FSCA/FSCP CCNA Security) are a plus.