Senior Network / Firewall Engineer - Houston, TX

About The Position

Requirements

• 5+ years of hands-on network engineering, firewall engineering, or network security engineering experience.
• Local Houston-area candidate able to work in office 5 days per week.
• Strong Azure Networking experience, including Azure VPN Gateway, virtual networks, routing, NSGs, private connectivity, and hybrid networking.
• Strong experience with Sophos or another major enterprise firewall platform such as Fortinet, Palo Alto, Cisco, or Check Point.
• Strong knowledge of IPsec VPNs, SSL VPNs, routing, switching, segmentation, firewall policies, NAT, high availability, and secure remote access.
• Hands-on experience with BGP and dynamic routing.
• Solid understanding of DNS and DHCP design, troubleshooting, and security best practices.
• Understanding of why DNS and DHCP should not be hosted directly on firewalls, including separation of duties, availability, scalability, logging, auditability, and change-control risks.
• Strong understanding of encryption, PKI, certificate-based authentication, secure management access, and network security best practices.
• Ability to troubleshoot complex production issues under pressure.
• Ability to work full-time on-site in Houston, Texas.

Nice To Haves

• Sophos firewall experience.
• Cradlepoint or large-scale cellular router experience.
• F5 BIG-IP, WAF, load-balancing, Azure WAF, Azure Application Gateway, or Azure Front Door experience.
• Azure Monitor, Microsoft Sentinel, Defender for Cloud, Intune, or similar monitoring/security tooling experience.
• Enterprise PKI and certificate lifecycle experience.
• Certifications such as CCNP, CCNA, NSE, PCNSE, Sophos, Azure Network Engineer Associate, Security+, CISSP, or equivalent practical experience.

Responsibilities

• Design, build, maintain, and troubleshoot IPsec and SSL VPN networks.
• Support Azure VPN Gateway, Azure Networking, Sophos firewalls, Cradlepoint, switches, Wi-Fi, WAF, and load-balancing platforms.
• Manage and support a Cradlepoint environment of 20,000+ devices.
• Configure and troubleshoot dynamic routing, including internal BGP.
• Manage Sophos firewalls or become proficient with Sophos within the first 30 days if experienced with another major firewall platform.
• Support F5 BIG-IP, Azure WAF, Azure Application Gateway, and Azure Front Door.
• Ensure DNS and DHCP are centrally managed, monitored, logged, secured, and not hosted directly on firewalls.
• Ensure firewalls are used as security enforcement points, not as core infrastructure service providers.
• Patch, monitor, log, audit, and secure network infrastructure.
• Maintain centralized logging, centralized audit logging, centralized authentication, centralized monitoring, and alerting.
• Ensure network links, management access, VPNs, and sensitive data flows are encrypted.
• Use Zedcor’s internal PKI solution for device identity, certificates, authentication, encryption, and secure management.
• Document network designs, firewall rules, routing policies, VPN configurations, standards, and runbooks.
• Support incident response, change management, vulnerability remediation, disaster recovery, SOC 2, FedRAMP, and StateRAMP readiness.

Benefits

• Tools, mentorship, and an environment to help you thrive and grow in your technical career.