Senior/Staff Network Security Engineer

About The Position

Requirements

• 8+ years of network security engineering experience securing enterprise, cloud, and OT/lab environments
• Deep, hands-on expertise in next-gen firewalls (Palo Alto, Fortinet), AWS NFW, WAFs, IDS/IPS, NAC/802.1X, PKI, VPN, and ZTNA solutions (Zscaler, Prisma Access, or equivalent)
• Strong understanding of core network protocols (TCP/IP, BGP, OSPF, VLAN, 802.1X, TLS/PKI) and cloud networking security principles (AWS, GCP, or Azure)
• Hands-on experience with IaC and automation tooling including Terraform, Python, CI/CD pipelines, and REST APIs
• Experience with network security monitoring, threat detection, and security operations tooling (SIEM, IDS/IPS, Zeek, Suricata, vulnerability management platforms), including integration with network controls
• Proven experience supporting major compliance initiatives (NIST 800-53, CSF 2.0, ISO 27001), including control implementation and evidence collection

Nice To Haves

• Experience in autonomous vehicle, robotics, or automotive environments
• Certifications: PCNSE, AWS Security Specialty, CCNP/CCIE Security, or CISSP
• Experience experimenting with or deploying AI/ML-based security capabilities (e.g., anomaly detection, behavioral analytics, LLM-driven copilots) in network or cloud security workflows

Responsibilities

• Design, implement, and maintain secure hybrid/multi-cloud network architectures (AWS/GCP, CloudWAN, SD-WAN); enforce zero-trust access controls and network segmentation across corporate, data center, lab, and edge environments; develop and maintain related policies, standards, and architecture diagrams
• Own and operate next-generation firewall platforms (Palo Alto Networks, Fortinet), managing policy architecture, segmentation, NAT, URL filtering, SSL/TLS decryption, and threat prevention tuning
• Architect, operate, and own the lifecycle of secure remote access solutions (VPN, ZTNA, GlobalProtect, site-to-site tunnels), ensuring high availability, certificate-based authentication, and integration with identity providers (SAML, Entra ID)
• Drive automation and Infrastructure-as-Code (IaC) using Terraform, Python, CI/CD, and REST APIs for configuration management, firewall policies, and security baselines; integrate LLM-based tools to streamline operational tasks and reduce manual toil
• Oversee security operations including 24/7 network security monitoring, traffic analysis, threat detection, vulnerability assessments, and remediation; support compliance requirements by conducting security reviews for new projects and infrastructure changes
• Lead 802.1X/certificate-based Network Access Control (NAC) initiatives across wired and wireless environments
• Define team roadmap, mentor engineers, and lead cross-functional security initiatives with Product Security, SRE, IT, and Software Engineering teams

Benefits

• paid time off (e.g. sick leave, vacation, bereavement)
• unpaid time off
• Zoox Stock Appreciation Rights
• Amazon RSUs
• health insurance
• long-term care insurance
• long-term and short-term disability insurance
• life insurance