Senior Network Security Engineer

Job Title: Senior Network Security Engineer

Location: Orange, CT

Duration: 6 months

Description:

Duties: Job Summary

We are seeking a highly skilled Senior Network Security Engineer to join our team and play a key role in securing, optimizing, and transforming our enterprise network infrastructure. The ideal candidate will have deep expertise in firewall security, NAT, IPSEC, SD-WAN, routing protocols (EIGRP, BGP, OSPF), and cloud security solutions. This position will focus on managing and enhancing our security infrastructure, which includes:

Cisco ASA, Checkpoint, Fortinet FortiGate, Palo Alto Firewalls.

Radware for DDoS protection.

Zscaler ZIA/ZPA for cloud security.

SD-WAN for optimized global connectivity.

EIGRP, BGP, and OSPF-based network routing.

NAT policy design and implementation

A key initiative for this role is leading the migration from Checkpoint to Fortinet firewalls while ensuring seamless network security operations. Additionally, the engineer will support and enhance our SD-WAN deployment for optimized global connectivity and application performance.

Key Responsibilities

Lead the migration from Checkpoint to Fortinet, including policy conversion, rule optimization, and traffic validation.

Manage and maintain Cisco ASA, Palo Alto, Fortinet, and Checkpoint firewalls across corporate, cloud, and remote sites.

Design and optimize firewall rule sets for improved security, performance, and compliance.

Perform risk assessments and firewall audits to ensure network security best practices.

Manage and optimize SD-WAN architecture to improve application performance and reduce latency.

Implement policy-based traffic steering, failover mechanisms, and WAN optimization.

Troubleshoot SD-WAN performance issues, routing conflicts, and connectivity problems.

Work with network and security engineers to ensure secure connectivity between on-premises, branch locations, and cloud.

Design and implement NAT policies, including static NAT, dynamic NAT, and PAT (Port Address Translation).

Configure and troubleshoot EIGRP, BGP, and OSPF for enterprise and cloud routing.

Optimize routing policies to ensure high availability, redundancy, and performance.

Administer and optimize Zscaler ZIA/ZPA solutions for secure cloud access and web filtering.

Implement zero-trust security policies for cloud applications and remote users.

Troubleshoot Zscaler tunnels, proxy configurations, and application access issues.

Implement and maintain Radware DDoS protection to safeguard network infrastructure from volumetric and application-layer attacks.

Configure IPS/IDS solutions to detect and mitigate security threats.

Work with SOC teams to analyze and respond to security incidents.

Lead firewall, SD-WAN, NAT, and routing issue troubleshooting affecting business-critical applications.

Perform packet capture analysis and use security logs to diagnose network issues.

Work with vendors (Cisco, Fortinet, Palo Alto, Zscaler) to resolve complex technical issues.

Develop and enforce firewall and network security policies in compliance with NIST, CIS benchmarks, and ISO 27001 standards.

Develop scripts (Python, Bash, PowerShell) for automating firewall audits and SD-WAN policy updates.

Optimize firewall and SD-WAN policies to reduce latency and improve efficiency.

Implement network automation frameworks to streamline security operations

Skills: Required Skills & Experience

5-8 years of experience in network security engineering.

Expertise in Fortinet FortiGate, Checkpoint, Palo Alto, and Cisco ASA firewalls.

Strong knowledge of SD-WAN solutions (Fortinet SD-WAN, Cisco SD-WAN, Prisma Access).

Experience configuring and troubleshooting EIGRP, BGP, and OSPF routing protocols.

Hands-on experience managing Zscaler ZIA/ZPA for cloud security.

Proficiency in VPN technologies (IPSec, SSL, GRE, DMVPN, L2TP) and their security implications.

Strong skills in NAT, firewall rule optimization, and routing table analysis.

Experience with Radware DDoS protection, IPS/IDS, and threat mitigation.

Knowledge of zero-trust security architectures and secure SD-WAN implementation.

Strong analytical skills for troubleshooting network security issues, including packet captures and firewall logs.

Keywords:

Education: Preferred Qualifications

Certifications: Fortinet NSE 4/7, Checkpoint CCSA/CCSE, Palo Alto PCNSA/PCNSE, Cisco CCNP Security, Zscaler ZCCP, SD-WAN certifications.

Experience with AWS, Azure, and GCP cloud security best practices.

Familiarity with SIEM solutions for security event monitoring.

Experience automating security tasks using Python, Ansible, or Terraform.