IT Engineer II Network Security

About The Position

Requirements

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field preferred.
• 4-7 years of experience in infrastructure, networking, or network security support and administration.
• Experience supporting enterprise firewalls, switching, routing, VPNs, wireless, and core security controls in a production environment is required.
• Experience in a manufacturing, multi-site, or operationally sensitive environment is strongly preferred.
• Strong operational understanding of TCP/IP, subnetting, VLANs, trunking, STP, EtherChannel, routing fundamentals, DHCP, DNS, and common enterprise LAN/WAN constructs.
• Able to administer standard firewall policies, address objects, NAT, zones, interfaces, remote access, and site-to-site VPNs under approved standards.
• Supports enterprise wireless troubleshooting, authentication issues, access policies, and switch port changes for user, server, and site connectivity.
• Uses monitoring and management tools effectively for health checks, alert review, configuration validation, and ticket evidence gathering.
• Comfortable with command-line diagnostics, log review, packet-path validation, and basic packet capture interpretation.
• Understands how network telemetry, firewall logs, and control changes support SOC investigations and incident response workflows.
• Produces clean incident notes, change records, implementation plans, rollback steps, and as-built updates.
• Primarily office environment; personal protective equipment may be required in mill or plant areas.
• Ability to support occasional after-hours changes, incident response, maintenance windows, and on-call activities as required.
• Up to 10% travel may be required for site support, project work, or major incidents.
• Long periods of sitting, screen time, and technical troubleshooting are expected.
• Employees must be able to perform the essential functions of this position satisfactorily, with reasonable accommodation where applicable.

Nice To Haves

• Industry certifications such as CCNA, PCNSA, Security+, Network+, Aruba, Fortinet, or equivalent are a plus.
• Exposure to scripting or automation using Python, PowerShell, or vendor APIs is helpful, though not required for deep engineering ownership.
• Cisco switching and routing, Palo Alto firewalls and Panorama, Aruba networking and wireless, VPN technologies, NAC platforms such as Cisco ISE or Aruba ClearPass, load balancer awareness, network monitoring platforms, SIEM-integrated network log sources, and common enterprise tools used for ticketing, change control, and documentation.

Responsibilities

• Monitor and support firewalls, switches, routers, VPN connectivity, NAC-related components, wireless infrastructure, and core network security services.
• Work assigned incidents, alarms, and service requests within defined SLAs and operating procedures.
• Restore service for common failures involving routing, switching, access policies, interfaces, tunnels, wireless connectivity, and device health.
• Perform log review and basic event correlation across network and security tools to support incident triage and operational visibility.
• Implement standard and pre-approved changes for firewall rules, NAT objects, security zones, switch ports, VLAN updates, ACLs, routing changes, VPN updates, and device hardening activities.
• Validate change scope, prerequisites, rollback steps, and post-change testing before and after implementation.
• Participate in patching, code upgrades, certificate maintenance, and lifecycle activities under senior engineering guidance.
• Support high availability, resiliency, and uptime objectives across enterprise and site network environments.
• Administer day-to-day security configurations in line with approved standards and policy.
• Support management of perimeter controls, remote access, segmentation controls, and secure connectivity patterns.
• Review and remediate basic control gaps such as stale rules, unused objects, misconfigurations, weak administrative practices, and device hygiene issues.
• Partner with cybersecurity operations teams on investigations, containment support, and evidence collection involving network-based events.
• Perform structured troubleshooting using CLI, dashboards, packet-level indicators, logs, routing tables, policy inspection, and vendor tools.
• Identify whether issues are related to transport, routing, switching, firewall policy, DNS, proxy, certificate, authentication, or endpoint behavior.
• Document findings, impact, suspected cause, and actions taken before escalating to L3 engineers, architects, vendors, or telecom providers.
• Provide quality handoff material that reduces rework and accelerates root-cause resolution.
• Maintain accurate device records, diagrams, runbooks, standard operating procedures, and implementation notes.
• Update configuration standards, support documentation, and knowledge articles based on recurring operational patterns.
• Recommend operational improvements that reduce outages, improve monitoring, simplify support, and strengthen security posture.
• Participate in problem management and lessons learned for repeat incidents and failed changes.
• Work collaboratively with infrastructure, cybersecurity, service desk, server, cloud, application, and plant / site teams.
• Support site and mill environments where security, resiliency, and production continuity are critical.
• Communicate clearly with technical and non-technical stakeholders regarding outages, change windows, risk, and restoration progress.
• Support occasional after-hours work for maintenance, incidents, and major change execution.

Benefits

• medical
• dental
• vision
• paid time off includes vacation days, personal days, and company holidays