Network Security Engineer

Network Engineer / Senior Infrastructure Engineer

Full-Time | Multi-Site Environment | Periodic On-Site Visits

Position Overview

We are seeking a highly skilled Network Engineer to lead the design, remediation, security hardening, and long-term modernization of our multi-site IT infrastructure environment. This role is responsible for defining technical standards, architecting secure network and identity solutions, developing IT and cybersecurity policies, and directing operational execution performed by the on-site Junior Systems Administrator.

This is a hands-on technical leadership role requiring strong expertise in network security, firewall management, Active Directory architecture, vulnerability remediation, VPN access control, and enterprise infrastructure governance.

The successful candidate must be highly responsive, organized, and capable of independently driving infrastructure and cybersecurity initiatives across multiple concurrent workstreams.

Key Responsibilities

Network Infrastructure & Security

• Design, configure, and maintain secure network infrastructure across multiple business locations
• Lead firewall modernization initiatives including Fortinet and Palo Alto environments
• Configure and manage:
• Security policies
• VPN infrastructure
• NAT rules
• Threat prevention profiles
• URL filtering
• Access control policies
• Design and implement secure VLAN segmentation and firewall zoning strategies
• Eliminate insecure network configurations and improve overall network architecture
• Architect secure enterprise Wi-Fi authentication using 802.1X and credential-based access controls

Firewall & VPN Administration

• Manage Fortinet and Palo Alto firewall environments including firmware upgrades and security remediation
• Design secure VPN access models using Active Directory Security Groups and least-privilege principles
• Replace legacy or end-of-life network infrastructure with modern secure solutions
• Maintain and improve remote access security and network segmentation policies

Active Directory & Identity Governance

• Design and maintain Active Directory architecture and Group Policy standards
• Develop tiered administrative access models and privileged access controls
• Architect and deploy MFA across administrative and remote access systems
• Design and document formal joiner/mover/leaver identity governance processes
• Eliminate shared administrative accounts and implement secure role-based access controls

Vulnerability & Patch Management

• Own vulnerability management and remediation programs using Qualys, Tenable, or equivalent tools
• Define patching standards, remediation SLAs, and compliance reporting processes
• Design and maintain formal patch management policies and operational procedures
• Direct remediation priorities and provide technical guidance to the Junior Systems Administrator

Security Hardening & Compliance

• Design and deploy enterprise security hardening standards using Group Policy Objects (GPOs)
• Enforce organization-wide controls including:
• SMB signing
• TLS hardening
• Weak cipher removal
• NLA enforcement for RDP
• Automatic screen lock policies
• Lead SSL/TLS certificate lifecycle remediation and management initiatives
• Improve endpoint, network, and identity security posture across the organization

Documentation & Policy Development

• Write and maintain:
• IT security policies
• Infrastructure standards
• Technical runbooks
• Architecture documentation
• Operational procedures
• Develop core policies including:
• Acceptable Use Policy
• Password Policy
• Access Control Policy
• Incident Response Policy
• Data Handling Policy
• Provide clear technical documentation for both IT teams and business leadership

Leadership & Technical Direction

• Provide technical leadership and operational guidance to the Junior Systems Administrator
• Break down projects into actionable implementation tasks
• Prioritize remediation initiatives and manage multiple concurrent infrastructure projects
• Act as the primary technical escalation point for complex infrastructure and security issues

Required Qualifications

• 3–6 years of experience in network engineering, infrastructure engineering, or senior systems administration
• Strong hands-on experience with Fortinet and Palo Alto firewall environments
• Advanced knowledge of:
• Network segmentation
• VLANs
• VPNs
• Active Directory
• Group Policy
• MFA implementation
• Windows Server environments
• Experience designing secure infrastructure and identity governance frameworks
• Strong understanding of SSL/TLS, certificate lifecycle management, and security hardening
• Experience with vulnerability management and patch governance programs
• Strong technical documentation and policy writing skills
• Ability to work independently across multiple sites and priorities

Nice-to-Have Skills

• SIEM and centralized log management experience
• Penetration testing coordination and remediation planning
• Azure / Entra ID and hybrid identity environments
• Managed Detection & Response (MDR) vendor experience
• PowerShell scripting and automation
• Virtualization and cloud infrastructure exposure

Preferred Certifications

• Palo Alto PCNSA or PCNSE
• Fortinet NSE 4 or higher
• CompTIA Security+
• Cisco CCNA
• Microsoft AZ-500 or SC-200

Soft Skills & Culture Fit

• Strong written and verbal communication skills
• Highly organized and detail-oriented
• Responsive and dependable while working remotely or across multiple locations
• Strong prioritization and project ownership capabilities
• Calm and solution-focused under pressure
• Able to clearly delegate and mentor junior technical staff
• Comfortable making recommendations and owning technical outcomes

Work Environment

• Full-time permanent role
• Shared resource supporting multiple locations
• Hybrid / remote-capable with periodic on-site visits
• High-impact technical leadership position
• Immediate hiring priority