Network Security Engineer (Wayne, PA)

Vaco is currently seeking a Network Security Engineer for a 3-6M C2H opportunity that is located in Wayne, PA (onsite 4-5 days per week). The Network Security Engineer will focus on the protecting the integrity and availability of platforms that are vital to K-12 educational organizations. The Network Security Engineer will design, implement, maintain, and support the network security infrastructure. The Network Security Engineer will safeguard sensitive data and ensure continuous, secure access to the SaaS solutions for all staff across the nation.

• Network Security Architecture - Design / Test / Implement Robust / Scalable Secure Network Solutions | Firewalls / Micro-Segmentation / Security Gateways Aligning with Cloud-First Strategy
• Security / Compliance Alignment - Ensure Network Infrastructure Adheres to Internal Security Policies / External Compliance Requirements Relevant to Education Technology / Data Privacy (FERPA / COPPA / State-Specific Regulations)
• Architecture Documentation - Develop / Maintain Network Security Architecture Documentation / Technical Standards / Operational Playbooks
• Network Security Operations - Manage / Monitor Next-Generation Security Systems (NGFWs / WAFs / IDS / IPS) to Detect / Prevent / Respond to Network-Based Threats
• Security Assessments - Conduct Security Audits / Vulnerability Assessments / Penetration Testing on Network Infrastructure to Identify / Remediate Weaknesses
• Platform Maintenance - Implement Configuration Changes / Patching / Upgrades on Network Security Devices while Minimizing Service Disruption
• Access Control Management - Administer NAC / AAA Services (RADIUS / TACACS+) to Enforce Least-Privilege Access
• Incident Response - Lead Investigation / Resolution of Network Security Incidents as a Member of the Security Incident Response Team (SIRT)
• SOC Collaboration - Partner with SOC to Tune SIEM Correlation Rules Related to Network Activity / Anomalies
• Security Reporting - Deliver Clear Reports on Network Security Status / Incident Metrics / Risk Posture to Technology / Executive Leadership
• Integrity / Data Protection - Commitment to Protecting Sensitive Data (PII / SPII Related to Students / Educators)
• Exceptional Communication Skills - Ability to Translate Complex Security Vulnerabilities into Clear / Actionable Risks for Technical / Non-Technical Stakeholders
• Problem Solving - Strong Analytical Skills to Diagnose / Resolve Complex Network Security Issues Under Pressure
• Adaptability / Continuous Learning - Proactive Learner / Staying Current with Emerging Cybersecurity Threats / Defense Mechanisms Relevant to the EdTech Sector, Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.
• California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
• Virginia residents may access our state specific policies here.
• Residents of all other states may access our policies here.
• Canadian residents may access our policies in English here and in French here.
• Residents of countries governed by GDPR may access our policies here.

Pay Transparency Notice

Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

• the individual's skill sets, experience and training;
• licensure and certification requirements;
• office location and other geographic considerations;
• other business and organizational needs.

With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.

• Network Security Engineer (3+ years) - Dedicated Focus on Security Principles / Implementation
• Networking (expertise) - TCP/IP / RoutingProtocols (BGP / OSPF) | Securing Large-Scale / Multi-VLAN / Virtualized Network Environments | Conducting Security Audits / Vulnerability Assessments / Penetration Testing to Identify / Remediate Weaknesses
• Security Platforms (hands-on) - Enterprise Firewall Platforms (Palo Alto / Fortinet / Cisco) | Managing Security in Public Cloud Environments (AWS / Azure)
• Automation / Scripting (proficiency) - Python / Bash / Configuration Management Tools (Ansible) to Automate Network Security Tasks

PREFERRED (not required)

• Certifications - CISSP / CCNP Security / PCNSE / AWS/Azure Security Certifications
• SaaS Security (direct experience) - Securing a High-Availability / Multi-Tenant SaaS Environment
• DevSecOps (familiarity) - Integrating Security Controls into CI/CD Pipelines / IaC Practices
• Micro-Segmentation (practical experience) - Designing / Implementing Zero Trust / Micro-Segmentation Architectures