Principal Engineer Network Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field or four or more years of work experience.
• Six or more years of relevant experience required, demonstrated through one or a combination of work and/or military experience, or specialized training.
• Expert-level experience in securing/hardening networks in multi-vendor environments (Cisco IOS-XR/XE, Palo Alto, F5, Arista).
• Proven ability to leverage TCP/IP internals, DNS security, and flow-based analysis (NetFlow/IPFIX) to baseline network behavior and intercept sophisticated lateral movement.
• Strong practical experience with Splunk/SIEM tools is necessary for data analysis, dashboard creation, alerting, automation, risk-based alerting, managing notable events, and defining/tuning correlation searches.
• Familiarity with Identity and Access Management (IAM) solutions is also beneficial.
• Demonstrated leadership skills are required, along with the ability to lead and manage cross-functional projects, build consensus, resolve conflict, negotiate, and possess strong analytical, communication, and programming skills.

Nice To Haves

• Possession of a CCIE (Service Provider or Security) or Nokia NRS II/SRA is required.
• Additional certifications such as CISSP, CompTIA Security+, OSCP, CCNP, CCIE, or CCNA are beneficial.
• Expertise in using Python, Ansible, or Terraform to automate network device configurations and operations.
• Competence in using Splunk or Elasticsearch for network data analysis, creating dashboards, setting up alerts, and handling large-scale internet data sources (Netflow, BGP, DNS, IDS logs).
• Knowledge of Firewalls, VPNs, IDS/IPS, DDoS mitigation, encryption technologies (IPsec, TLS), identifying vulnerabilities in RAN, and Security Information and Event Management (SIEM) tools like Splunk.
• Familiarity with Network Function Virtualization (NFV), Identity and Access Management (IAM) solutions, the system development lifecycle, mitigating network/system/application layer attacks, and working with SQL/NoSQL databases and UNIX/Linux operating systems.
• Strong organizational, project management, and written/verbal communication abilities, with the capacity to collaborate with various stakeholders and demonstrate leadership and mentoring skills.
• Fluency in security frameworks, particularly the application of CIS Benchmarks (Level 1 & 2 hardening) and mitigating MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) on network devices, along with a solid understanding of network security fundamentals.

Responsibilities

• Set strategic direction and define architectural patterns for long-term resilience.
• Lead the design, architecture, and implementation of cutting-edge network security solutions to address technology gaps.
• Act as the security subject matter expert in network design reviews, ensuring that all network assets meet stringent carrier-grade security standards and embed secure design patterns.
• Drive continuous improvement of network visibility and telemetry collection.
• Conduct proactive threat hunting.
• Serve as escalation support for network security incidents.
• Execute root cause analysis for incidents.
• Perform regular security control assessments.
• Lead strategic security solution implementation in a highly scalable environment.
• Design, develop, and refine high-fidelity detection logic to identify adversarial behavior across the network.
• Develop essential technical documentation, including Playbooks, Confluence pages, Network diagrams, and Method of Procedures (MOPs).
• Drive security architecture, lead policy implementation, manage incident response, and integrate security principles early into the development lifecycle.
• Leverage tools or custom automation, eg, Python, Ansible playbooks to run automated audits against security benchmarks, ensuring zero configuration drift.
• Proactively search for signs of lateral movement, exfiltration, and persistence within the environment using the MITRE ATT&CK framework as a guide.
• Analyze network logs and configurations to identify vulnerabilities, recommend & build proactive mitigations.
• Develop comprehensive assessment reports and provide prioritized recommendations for remediations.
• Identify opportunities to mentor, guide, and delegate technical documentation/tasks to support the team and broader organization.

Benefits

• medical
• dental
• vision
• short and long term disability
• basic life insurance
• supplemental life insurance
• AD&D insurance
• identity theft protection
• pet insurance
• group home & auto insurance
• matched 401(k) savings plan
• up to 8 company paid holidays per year
• up to 6 personal days per year
• paid parental leave
• adoption assistance
• tuition assistance
• premium pay such as overtime, shift differential, holiday pay, allowances
• up to 15 days of vacation per year