Network Security Engineer - Remote

Job Summary

The Network Security Engineer is a key member of our Cybersecurity team, working closely with our Network Engineering, Cloud, and Security Operations groups to safeguard the organization’s hybrid infrastructure. Reporting to the IT Security Manager, this role plays an essential part in designing and improving the network security controls that protect our on-premises, cloud, and containerized environments.

A typical day in this role includes partnering with network engineers to review and strengthen our network security posture and segmentation strategies, collaborating with cloud teams on secure connectivity and access patterns, evaluating network telemetry with our SIEM engineer to ensure proper coverage and alerting for our SOC, and participating in architecture discussions to ensure that network security is built into new initiatives from the start. The engineer will spend time reviewing configurations, developing recommendations for network security improvement, and leading ongoing projects aimed at maturing our networking defenses across data centers, cloud platforms, and production environments.

This role may require occasional travel and on-site collaboration for annual planning sessions or major incident response activities. As part of an evolving and highly collaborative security program, the Network Security Engineer adds significant value by shaping secure network architecture, strengthening detection capabilities, reducing attack surface across the enterprise, and helping the business maintain a resilient, reliable, and secure technology ecosystem.

Remote Work Qualifications

• Access to a reliable and secure high-speed internet connection. Cable or fiber internet connections (at least 75mbps download/10mbps upload) are preferred, as satellite connections often cannot support the technologies used to perform day-to-day tasks.
• Access to a home router and modem.
• A dedicated home office space that is noise- and distraction-free. The space should have strong wireless connection or a wired Ethernet connection (wired connection is preferred, if possible).
• A valid, physical address (apartment, suite, etc.). PO Boxes are not supported, as a physical address is required for you to receive your computer equipment.
• The desire and ability to work and communicate with other team members via chat, webcam, etc.
• Legal residents of one of the following states: (AK, AL, AR, AZ, CT, DE, FL, GA, IA, ID, IN, KS, KY, LA, MD, ME, MI, MN, MO, MS, NC, ND, NH, NM, NV, OH, OK, PA, SC, SD, TN, TX, UT, VA, VT, WI, WV, and WY).

We only accept W-2 candidates, H-1B sponsorship is not available.

Responsibilities

Own the design and implementation of network security controls across on-premises, cloud, and containerized environments, ensuring that segmentation, access controls, and monitoring capabilities align with enterprise security standards and business needs.

Serve as the primary security partner to the Network Engineering and Cloud teams, providing expert guidance on secure architectures, connectivity models, and risk mitigation strategies. This includes influencing design decisions and ensuring security is embedded into new and existing infrastructure.

Lead initiatives that strengthen network security posture, such as segmenting critical systems, securing DMZ and public-facing zones, improving container network controls, and maturing detection and logging across hybrid environments.

Act as a key contributor to the organization’s threat detection strategy by ensuring appropriate network telemetry is collected, normalized, and integrated into the SIEM. Work closely with the SIEM engineer and SOC to improve alerting fidelity and visibility across the network.

Drive continuous improvement efforts by reviewing existing configurations and architectures, identifying weaknesses or opportunities, and developing actionable plans to enhance security, resilience, and operational efficiency.

Support incident response activities, providing deep network-level expertise during investigations, helping contain threats, and contributing to root-cause analysis and long-term remediation.

Develop and maintain comprehensive network security documentation, including architectural diagrams, standards, change records, and incident reports that support audit readiness and ongoing operational excellence.

Collaborate cross-functionally with security, infrastructure, and application teams to ensure consistent application of network security controls and to promote a culture of security-first design.

Provide mentorship and guidance to junior security staff and partner teams as needed. This role does not have direct reports but may provide technical leadership on projects and influence others across the organization.

Physical Requirements

• Work is performed while sitting/standing and interfacing with a personal computer.
• Requires the ability to communicate effectively using speech, vision, and hearing.
• Requires the regular use of hands for simple grasping and fine manipulations.
• Requires occasional bending, squatting, crawling, climbing, and reaching.
• Requires the ability to occasionally lift, carry, push, or pull medium weights, up to 50lbs.

Qualifications

Experience

• 5+ years of hands-on network security engineering experience, supporting hybrid environments (on-prem, cloud, and containerized platforms).
• Deep expertise with enterprise firewall technologies (e.g., Palo Alto, Cisco ASA, Checkpoint), including policy tuning, rule optimization, and secure architecture planning.
• Strong experience with IDS/IPS platforms, including tuning signatures, interpreting alerts, and improving detection coverage.
• Proven ability to design and implement network segmentation and micro-segmentation, including creation of secure zones, DMZs, and controlled pathways to reduce lateral movement risk.
• Hands-on experience with cloud networking and cloud-native security controls, such as AWS Security Groups, Azure NSGs, and secure VPC/VNet architecture.
• Experience with secure remote access technologies, including VPN configuration, encryption standards, and identity-based access controls.
• Strong network traffic analysis experience, using tools such as Wireshark, SolarWinds, or Splunk to support threat detection and incident response.
• Demonstrated success leading or owning security improvement projects, particularly in network segmentation, cloud security, or detection/monitoring initiatives.
• Experience integrating network telemetry into SIEM platforms and collaborating with SOC/SIEM engineers to improve alert fidelity and visibility.
• Experience contributing to or supporting incident response, including containment, investigation, and root-cause analysis from a network-security perspective.

Education

This role does not require a degree. We value relevant skills and experience and alignment with our core values above all else.

Desired Traits & Skills

• Advanced understanding of securing containerized environments, including network controls between containers, container hosts, and surrounding infrastructure.
• Strong knowledge of securing public-facing and DMZ environments, including threat-modeling and appropriate layered defenses.
• Familiarity with Zero Trust principles and modern network security patterns aligned with that approach.
• Ability to influence architecture decisions across network, cloud, and security teams through clear communication and sound technical judgment.
• Excellent written and verbal communication skills, including the ability to produce high-quality documentation and explain complex concepts to diverse audiences.
• A proactive, ownership-driven mindset, with a focus on problem-solving, continuous improvement, and identifying gaps before they become issues.
• Strong cross-team collaboration and leadership presence, even without formal direct reports—able to guide junior staff and influence partners across the organization.
• Comfort with scripting or automation tools (e.g., Python, Ansible) to streamline security workflows and enhance consistency in configurations.