What You'll Do- Work with our Corporate, Platform Production, and Subsidiary Network Engineer teams to improve overall configuration security
- Review ACL and firewall changes, as well as providing insights to improving our macro-zone filtering and monitoring
- Work with our Threat Detection team to improve visibility across the enterprise
- Own SASE deployments and connectivity to on-premise datacenters
- Work with our SWE team to create automations and services to ensure better visibility and compliance with our team's requirements
- Architect Network Security Architecture
- Embed or consult on partner team projects
Basic Qualifications- 5+ years of large, scalable and resilient Network Security Engineering and Architecture experience
- 5+ years of engineering experience with Arista, Cisco, and/or Juniper Networking
- 3+ years of professional software development in Python3 and/or GoLang experience to be able to automate common tasks
- 3+ years of experience with a SD-WAN design, deployment and management
- Experience working with hybrid cloud environments
- Experience working with Network Incident Security response methods, techniques, and legal requirements for collection and preservation of artifacts
- Deep understanding of Zero Trust Architecture, NIST 800-83 and NIST 800-207
- Working understanding of optical and traditional encrypted tunnel systems and protocols (ie: IPSEC, Wireguard, OpenVPN, Layer 4 SSL) as well as MacSec
- Working understanding of Regex
- Working understanding of Threat Modelling and Threat Zoning
- Working understand of PCI, GDPR, NYDFS, and CCPA
- Strong interpersonal skills for multi-functional and cross-organizational project team management
Preferred Qualifications- Zeek, Suricata, and other Network Security Monitoring platforms experience
- Secure Access Service Edge (SASE) platforms experience (ie: iBoss, ZScaler)
- OpenConfig Experience / Understanding
- Experience with Batfish Open Source Network Analyzer
- Working understanding of eBPF and XDP with module development experience and understanding of eBPF CNI’s such as Cilium
- Network Access Control (NAC) and 802.1X PEAP experience
* Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to .