Sr. Network Security Engineer

Responsibilities

• Lead engineering for firewall and edge services; own architecture, design reviews, and operational excellence across the platform.
• Own perimeter defense strategy end to end — continuous tuning, audit readiness, change governance, and periodic attestation of control effectiveness.
• Architect and govern firewall and WAF policy frameworks; define the standards other engineers build against.
• Lead the design and rollout of network and edge platforms that scale across the organization; partner with infrastructure, platform, and product engineering teams to ship secure-by-default solutions.
• Own vulnerability prioritization across the network and edge attack surface; drive remediation through engineering partners and third parties; report progress to leadership.
• Influence the security control roadmap. Bring forward proposals grounded in threat intelligence, incident learnings, audit findings, and regulatory drivers.
• Lead the network security response to active threats; serve as escalation point for SOC and incident response partners; own post-incident control hardening and lessons-learned follow-through.
• Operate with high autonomy. Identify and drive multi-quarter initiatives from concept through production without needing day-to-day direction.
• Define and evolve engineering standards, runbooks, and best practices for the network security program. Mentor mid-level and junior engineers; raise the technical bar of the team.
• Act as a force multiplier across teams. Routinely unblock peers, review designs from adjacent functions, and represent network security in architecture review boards.
• Identify and articulate strategic gaps in network and cloud security tooling. Build business cases, lead vendor evaluations, and drive investment decisions with leadership.
• Own ambiguous problems end to end — scoping, design, build, rollout, measurement, and handoff to operations.
• Partner with GRC, audit, and (where required) regulator-facing teams to evidence network security controls and respond to examination requests.

Requirements

• 7+ years of progressive experience in network security and firewall engineering, with at least 2 years operating at a senior IC level.
• Demonstrated experience leading or serving as primary technical responder during network security incidents, including coordinating across SOC, IR, and engineering teams.
• Hands-on experience designing, deploying, and operating WAF and bot management at enterprise scale (Cloudflare, Akamai, AWS WAF, F5, Imperva, or equivalent).
• Demonstrated ability to translate security best practices into enterprise-grade implementations across hybrid, cloud, and edge environments — not just understand them in theory.
• Working proficiency in Terraform and Python; comfortable owning IaC modules, policy-as-code (OPA, Sentinel, or similar), and automation pipelines end to end.
• Strong, broad knowledge across information security domains (network, cloud, identity, application, detection) with demonstrated ability to operate effectively across multiple.
• Hands-on experience across vulnerability management, encryption and PKI, IDS/IPS and NDR, and incident response, including the ability to lead investigations.
• Excellent written and oral communication, including the ability to communicate with senior leaders, auditors, and (where applicable) regulators.
• Track record of leading multi-quarter initiatives from concept to production, mentoring engineers, and influencing peers and partners without authority.
• Strong organizational and interpersonal skills; effective in cross-functional and globally distributed teams.

Desired Experience or Skills

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field. Equivalent demonstrated experience considered.
• Production experience with Cloudflare across WAF, Bot Management, API Shield, DNS, and Zero Trust (Access, Gateway).
• Production experience with Palo Alto firewalls; PCNSE preferred.
• Production experience with at least one SASE/SSE platform (Zscaler ZIA/ZPA, Cato, Netskope, Prisma Access, Cloudflare One).
• Hands-on experience with cloud-native firewall and edge controls in AWS or Azure (security groups, NACLs, NSGs, native WAFs, Front Door, CloudFront).
• Solid infrastructure, SRE, or platform engineering background.
• Relevant certifications: CISSP, CCSP, PCNSE, AWS Security Specialty, Azure SC-100, GCP Professional Cloud Security Engineer, SANS GIAC family (GCIA, GCIH, GPEN), CompTIA Security+.