Sr Network Security Engineer

About The Position

Requirements

• Strong knowledge of information security and network security principles, controls, and best practices across cloud, on-premises, and remote-workforce environments.
• Hands-on experience assessing, configuring, or operating Fortinet firewall environments (FortiGate, FortiAnalyzer, FortiManager) at scale.
• Demonstrated knowledge of cloud network security in Microsoft Azure (NSGs, Azure Firewall, Application Gateway/WAF, private endpoints, hub-and-spoke design, ExpressRoute/VPN gateways).
• Demonstrated knowledge of cloud network security in AWS (security groups, NACLs, AWS Network Firewall, WAF, Transit Gateway, PrivateLink).
• Experience defining security requirements and reviewing architectures for ZTNA and secure remote access for distributed and remote-first workforces.
• Demonstrated experience with network segmentation, micro-segmentation, and zero-trust networking principles.
• Proficiency in network protocols, routing, switching, TLS inspection, and packet/flow analysis.
• Proven ability to investigate, analyze, and respond to network-based security incidents.
• Exposure to artificial intelligence platforms and the network security considerations specific to them.
• Strong understanding of healthcare-relevant regulatory and framework requirements (HIPAA, NIST 800-53, SOC 2, CMS) as they apply to network security controls.
• Ability to communicate network security findings, risks, and recommendations effectively to both technical and non-technical stakeholders.
• Strong organizational skills with the ability to manage multiple workstreams simultaneously.
• Bachelor’s degree in computer science, Information Systems, Network Engineering, Cybersecurity, or related field. Equivalent professional experience may be considered in lieu of a degree.
• Minimum of 6–8 years of progressive experience in network engineering and/or network security, with at least 3 years in a dedicated network security role and demonstrated cloud network security experience.

Nice To Haves

• Fortinet NSE 4 / NSE 5 / NSE 7 certifications
• Microsoft AZ-700 (Azure Network Engineer Associate) certification
• AWS Advanced Networking Specialty or AWS Security Specialty certification
• CISSP certification
• CCNP Security certification
• GIAC GCIA / GCIH certification
• Experience in healthcare, financial services, or other regulated industries
• Familiarity with maturing security programs in cloud-primary, remote-first organizations
• Experience with infrastructure-as-code and automation for network security (Terraform, Ansible, scripting)

Responsibilities

• Define and maintain PPL's network security requirements, standards, and baselines for cloud, on-premises, and remote-access environments.
• Review and validate network architecture and design changes from a security perspective.
• Drive PPL's zero-trust networking strategy across all environments.
• Evaluate, recommend, and provide security requirements for new network security technologies.
• Define network-layer and zero-trust controls for enterprise AI service traffic.
• Partner closely with the broader Infrastructure team to translate network security requirements into actionable engineering work.
• Collaborate with DevOps and Cloud Engineering teams to embed network security controls into infrastructure-as-code and CI/CD pipelines.
• Partner with Application Development teams on secure application network design.
• Conduct security reviews and assessments of PPL's network environment, including Fortinet, Azure, and AWS network controls.
• Lead periodic firewall rule reviews, segmentation validation, and review of third-party network connections.
• Validate secure configuration of network and network security devices against industry benchmarks and internal standards.
• Coordinate with the vulnerability management program to identify, prioritize, and track remediation of network-related vulnerabilities.
• Lead architecture-level network security review for new initiatives.
• Develop and report network security posture metrics to leadership.
• Serve as the Information Security team's senior escalation point for network-related security incidents.
• Lead network forensics activities, including packet capture analysis and flow analysis.
• Utilize the SIEM platform during incident investigation and response.
• Leverage the enterprise XDR platform to correlate network signal with endpoint, identity, and email data.
• Lead network-specific threat hunting and adversary behavior analysis.
• Direct network-layer containment actions during active incidents.
• Contribute to post-incident reviews, identifying network-related root causes and recommending improvements.
• Provide security oversight of network monitoring tools and platforms.
• Collaborate with SOC analysts on tuning network-layer detections.
• Maintain situational awareness of emerging network-based threats, vulnerabilities, and attack vectors.
• Maintain documentation for network security standards, review procedures, runbooks, and assessment findings.
• Provide network security input into risk assessments.
• Partner with the GRC function to evidence network security controls for audits.
• Collaborate with the GRC function on the development, maintenance, and enforcement of network security policies.
• Review and approve WAF and firewall policy changes, AI service access requests, and temporary security exceptions.
• Communicate network security findings, risks, and recommendations to both technical and non-technical audiences.
• Contribute to security awareness initiatives.
• Provide technical mentorship and direction to junior security and SOC staff.

Benefits

• Base salary within the posted range
• Compensation may vary for positions based in high cost-of-labor markets