Network Security Engineer

About The Position

Requirements

• 5+ years of hands-on experience in network security engineering, with demonstrated expertise in enterprise firewall administration and network perimeter security (CCNP Security-level or equivalent experience).
• 3+ years of hands-on experience with Palo Alto Networks NGFWs, including Panorama management, security policy design, and advanced threat prevention features (App-ID, User-ID, WildFire).
• Solid hands-on experience with Cisco ASA and/or Firepower (FTD/FMC) – access control policies, IPS tuning, platform upgrades, and migration planning.
• Strong working knowledge of Cisco ISE for NAC, 802.1X, RADIUS/TACACS+, device profiling, and guest access management.
• Experience with VPN technologies including Cisco AnyConnect/Secure Access and IPSec site-to-site tunnels; understanding of certificate-based authentication and split tunneling design.
• Solid understanding of core network security protocols and concepts including TCP/IP, BGP, EIGRP, ACLs, NAT, SSL/TLS inspection, and network segmentation/micro-segmentation.
• Familiarity with Cisco Catalyst SD-WAN security capabilities, including application-aware policy enforcement, encrypted transport, and security service chain integration.
• Experience with Cisco Umbrella/Secure Access or similar DNS-layer security and cloud-delivered security platforms; working knowledge of URL filtering, threat intelligence, and SaaS policy management.
• Experience working within an ITIL-based change management process; comfortable authoring change requests, presenting to CAB, and performing post-implementation and after-action reviews.
• Ability to work with the Microsoft Suite and Customers Bank’s internal collaboration and ticketing applications; familiarity with scripting (e.g., Python, Ansible) for firewall automation and policy management is a plus.
• Must be legally eligible to work in the United States without sponsorship, now or in the future, to be considered.

Nice To Haves

• Familiarity with security and compliance frameworks relevant to a regulated financial institution (e.g., PCI-DSS, SOX, NIST CSF, FFIEC); ability to translate regulatory requirements into technical security controls.
• Palo Alto Networks certifications (PCNSE or equivalent) are preferred; Cisco security certifications (CCNP Security, CCIE Security) are also highly valued.
• A demonstrated track record carries equal weight to certifications.
• ITIL Foundation certification or equivalent experience with change and incident management practices.
• Experience with Microsoft Azure networking and cloud security, including Azure Firewall, NSGs, Virtual WAN, ExpressRoute, and integration with on-premises security infrastructure.

Responsibilities

• Design, deploy, and manage Palo Alto Networks next-generation firewalls (NGFWs), including security policies, NAT, App-ID, User-ID, Threat Prevention, URL Filtering, and WildFire across the enterprise and branch locations.
• Administer and maintain Cisco ASA and Firepower (FTD) firewalls, managing access control policies, intrusion prevention, and platform lifecycle including upgrades and patching.
• Manage and maintain VPN infrastructure, including Cisco AnyConnect/Secure Access remote access, as well as site-to-site IPSec tunnels, ensuring secure and reliable connectivity for remote users and branch offices.
• Support and secure the Cisco Catalyst SD-WAN environment, including applying security policies, traffic segmentation, and ensuring encrypted transport across WAN fabrics.
• Administer Cisco Umbrella/Secure Access DNS-layer security and web filtering policies, managing category-based controls, threat intelligence integrations, and reporting across the enterprise.
• Able to lead investigation and response to network-layer security incidents, anomalies, and policy violations.
• Participate in and lead change management activities in accordance with ITIL best practices, ensuring proper documentation, approvals, post-implementation reviews, and compliance with regulatory requirements.
• Collaborate with the Information Security, Cloud, and Infrastructure teams to design and implement network segmentation, zero-trust controls, and security architecture improvements aligned to PCI-DSS, SOX, and NIST frameworks.
• Work both independently and collaboratively across IT teams, vendors, and business stakeholders to deliver security projects, resolve incidents, and drive continuous improvement of the network security posture.
• Maintain thorough documentation of firewall policies, network security architecture, runbooks, and standard operating procedures.

Benefits

• Personal development plans