Network Security Principal Engineer

About The Position

Requirements

• Requires a Bachelor's degree in Computer Science, Cybersecurity, or a related field, or 6 -10+ years of equivalent relevant work or military experience.
• Deep expertise working in Carrier/Service Provider Network Engineering and Security, specifically securing Leaf-Spine/CLOS topologies (VXLAN, EVPN, MP-BGP) using technologies like Cisco IOS-XR/NX-OS and Nokia SR OS (TiMOS).
• Expert-level understanding of routing security, including BGP and IGP security, is mandatory eg: BGP hijacking, Route injection.
• Hands-on experience working with internet-scale data sets such as Netflow, BGP, DNS, and IDS logs.
• Fluency in security frameworks, particularly the application of CIS Benchmarks (Level 1 & 2 hardening) and mitigating MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) on network devices, along with a solid understanding of network security fundamentals.
• Expertise in using Python, API, Ansible, or Terraform-type tools to automate and develop custom security “health checks” on network devices.
• Demonstrated leadership skills are required, along with the ability to lead and manage cross-functional projects, build consensus, resolve conflict, negotiate, and possess strong analytical and communication skills.

Nice To Haves

• Prefer CCIE (Service Provider or Security) or Nokia NRS II/SRA. Additional certifications such as Juniper JNCIE, F5 BIG-IP Specialist or Expert, CISSP, CCSP, OSCP, GCIH, and Cysa are beneficial.
• Practical experience with Splunk, Elasticsearch, or well-recognized SIEM tools for data analysis, dashboard creation, alerting, automation, risk-based alerting, managing notable events, and defining/tuning correlation searches.
• Ability to run & interpret network scans using tools such as Tenable Nessus, Qualys, Rapid7 InsightVM, or OpenVAS. Ability to interpret CVSS scores and prioritize risk.
• Knowledge of modern routing security techniques such as RPKI, MacSec, BGPSec, TCP-AO, GTSM, gNMI/gRPC.
• Knowledge of encryption technologies (IPsec, TLS), UNIX or Linux systems engineering expertise with a variety of variants, and security tools, including Firewalls, VPNs, IDS/IPS, DDoS mitigation, and encryption for data in transit (e.g., IPsec, or TLS) and at rest.
• Familiarity with Identity and Access Management (IAM) solutions, the system development lifecycle, and mitigating network/system/application layer attacks.
• If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.

Responsibilities

• Act as the security subject matter expert in network design reviews, ensuring that all network assets meet stringent carrier-grade security standards.
• Drive security architecture, lead policy implementation, manage incident response, and integrate security principles early into the development lifecycle.
• Analyze network logs and configurations to identify vulnerabilities, recommend & build proactive mitigations.
• Leverage tools or custom automation, eg, Python, Ansible playbooks to run automated audits against security benchmarks, ensuring security compliance.
• Develop comprehensive assessment reports and provide recommendations for remediation.
• Conduct proactive threat hunting across the identity, endpoint, and network telemetry to uncover adversary behavior and reduce dwell time.
• Build and refine incident playbooks and response runbooks, ensuring repeatable workflows for high-impact scenarios (ransomware, phishing, insider threat, DDoS, etc).
• Lead network security incident response activities, including triage, containment, eradication, and recovery for disruptive threats.
• Execute root cause analysis for incidents, perform regular security control assessments, and lead strategic security solution implementation in a highly scalable environment.
• Drive continuous improvement of network visibility and telemetry collection to strengthen detection and response capabilities.
• Communicate clearly and effectively, articulating complex technical concepts to diverse internal and external audiences.

Benefits

• Our benefits are designed to help you move forward in your career, and in areas of your life outside of Verizon. From health and wellness benefit options including: medical, dental, vision, short and long term disability, basic life insurance, supplemental life insurance, AD&D insurance, identity theft protection, pet insurance and group home & auto insurance.
• We also offer a matched 401(k) savings plan, up to 8 company paid holidays per year and up to 6 personal days per year, paid parental leave, adoption assistance and tuition assistance, plus other incentives, we’ve got you covered with our award-winning total rewards package.
• Depending on the role, employees have the opportunity to receive compensation in the form of premium pay such as overtime, shift differential, holiday pay, allowances, etc.
• Newly hired employees receive up to 15 days of vacation per year, which grows with additional service.
• For part-timers, your coverage will vary as you may be eligible for some of these benefits depending on your individual circumstances.
• The salary will vary depending on your location and confirmed job-related skills and experience.
• This is an incentive based position with the potential to earn more.
• For part-time roles, your compensation will be adjusted to reflect your hours.
• The annual salary range for the location(s) listed on this job requisition based on a full-time schedule is: $120,500.00 - $231,000.00.