Senior Network Security Engineer
About The Position
The Senior Network Security Engineer is responsible for oversight and governance input on design, implementation, and continuous improvement of Wintrust’s enterprise network security program. In this role, you will function as a senior technical authority in designing and maintaining robust security architectures and working with information technology partners to help safeguard enterprise infrastructure. Your role centers on a deep command of network protocols (TCP/IP, BGP, OSPF), next-generation firewall management, and SD-WAN optimization to ensure resilient data flow and threat mitigation. Enhanced knowledge of VPNs, IDS/IPS, DNS, IPAM, enterprise proxy and Zero Trust principles are core for helping promote growth and maturity of the network security program.
Requirements
- Bachelor’s degree or equivalent experience
- 5-7 years of related hands-on experience
- Networking: strong command of TCP/IP, BGP, OSPF, MPLS, and SD-WAN optimization; Proficiency in both on-premises and cloud network design
- Security: Expertise in Next-Generation Firewalls (NGFW), Virtual Private Networks (VPN), Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS), Domain Name Systems (DNS), IP Address Management (IPAM), Web Application Firewalls (WAF), Network Access Control (NAC), Network Detection & Response (NDR), and enterprise proxies such as BlueCoat, Netskope or comparable technology.
Nice To Haves
- 5+ years designing/implementing Defense-in-Depth for complex, multi-site networks.
- Experience with M&A integrations or multi-tenant environments preferred
- Preferred experience navigating and using Algosec as the tool conducting the analysis.
- Experience must include implementing DNSSEC, configuring redundant DNS architectures, and utilizing DNS Filtering (Cisco Umbrella) and ability to evaluate proxy architecture and categorical blocking.
- Senior to expert-level experience with core networking and routing protocols, including TCP/IP (Layers 1-7), BGP, OSPF, and EIGRP.
- Experience securing hybrid-cloud environments (AWS, Azure, GCP) using cloud-native networking like VPCs, Security Groups, and Cloud Next-Gen Firewalls is a plus
- Preferred tooling: AlgoSec, Cisco Firepower (FMC/SMA), Cisco IPS/IDS, Infoblox, Cloudflare WAAF, and Cisco Secure Web Appliance, Azure Networks (VNet, peering, Network Security Groups, UDR)
Responsibilities
- Lead the continuous cleanup and optimization of firewall rules and NGFW policies to eliminate redundancy, reduce latency, and enforce necessary access control.
- Provide expertise in managing enterprise DNS infrastructures (e.g., Infoblox, BlueCat, or Windows DNS) and managing enterprise proxy solution (BlueCoat, Zscaler etc.).
- Strong command of DDI (DNS, DHCP, and IPAM) to maintain a sole source of truth for the corporate IP space.
- Direct the evaluation, selection, and deployment of enterprise-grade security tools, ensuring they resolve specific technology gaps and align with carrier-grade security standards.
- Provide input on programmatic and technical deficiencies to secure and optimize Wintrust’s network security posture.
Benefits
- Medical Insurance
- Dental
- Vision
- Life insurance
- Accidental death and dismemberment
- Short-term and long-term Disability Insurance
- Parental Leave
- Employee Assistance Program (EAP)
- Traditional and Roth 401(k) with company match
- Flexible Spending Account (FSA)
- Employee Stock Purchase Plan at 5% discount
- Critical Illness Insurance
- Accident Insurance
- Transportation and Commuting Benefits
- Banking Benefits
- Pet Insurance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
