Senior Network Security Engineer

MSP4 operates as the embedded IT department for a portfolio of clients spanning professional services, legal, distribution, manufacturing, and government sectors. Environments range from 50 to 1,500 users and carry real compliance obligations: CMMC L2, NIST 800-171, and SOC 2 are active requirements across multiple clients, not aspirational targets.

This role owns network and security engineering across that portfolio. You will design, deploy, and maintain firewall, switching, routing, and SD-WAN infrastructure for clients with serious uptime and regulatory requirements. Platform depth across Palo Alto, Fortinet, and Cisco is the baseline. Security posture work (segmentation, policy review, compliance evidence, hardening) is part of the job, not an afterthought. You will work under the direction of our Principal Solutions Architect, who owns design authority. The expectation is precise execution, thorough documentation, and sound judgment applied within established architecture, not the impulse to re-platform what is already working., * Design and implement network and security infrastructure across multi-site client environments: campus, branch, datacenter, and cloud-connected architectures

• Manage firewall platforms at scale: Palo Alto with Panorama, Fortinet with FortiManager, Cisco ASA/FTD, Juniper SRX, and Sophos XG/XGS
• Configure and maintain enterprise switching and routing (BGP, OSPF, HSRP/VRRP, VLANs, spanning tree, QoS) across Cisco Catalyst/Nexus, Juniper EX, Aruba, and Meraki environments
• Implement and manage SD-WAN solutions where applicable, including failover design, policy routing, and carrier diversity
• Apply network segmentation, micro-segmentation, and zero-trust access controls in support of CMMC L2, NIST 800-171, and SOC 2 compliance requirements
• Conduct firewall policy audits, rule cleanup, and hardening reviews; produce documentation that satisfies compliance evidence requirements
• Support VPN and remote access infrastructure (IPsec, SSL/TLS, GlobalProtect, FortiClient) across client environments
• Respond to network security incidents, assist with forensic review, and implement corrective controls
• Produce network diagrams, runbooks, and change documentation that meet audit standards and enable other engineers to maintain what you build
• Travel to client sites as needed for network deployments and project-based engagements

Do you have experience in Security engineering?, * 6 or more years of network and security engineering experience across complex, multi-site production environments in professional services, manufacturing, distribution, legal, or government sectors

• Hands-on depth with at least two major firewall platforms (Palo Alto with Panorama, Fortinet with FortiManager, Cisco FTD/ASA, Juniper SRX, or Sophos XGS), including policy management at scale
• Routing and switching fluency: BGP, OSPF, EIGRP, HSRP/VRRP, spanning tree variants, 802.1Q, and QoS. Not conceptual familiarity. Operational depth.
• Experience supporting compliance audits. SOC 2 Type II is the most common baseline in this client base; you should know what it means to produce audit-ready network diagrams, collect evidence for access controls, and document firewall policy in a way that satisfies an auditor
• Familiarity with NIST 800-171 or CMMC L2 network controls is a plus, not a requirement. Several clients are actively pursuing CMMC Level 2 certification and we will bring you up to speed on the specifics. What matters is the ability to translate a compliance requirement into a network policy.
• Familiarity with datacenter networking (top-of-rack switching, spine/leaf topologies, VXLAN) is a plus
• Network security tooling experience: IDS/IPS, NAC (Cisco ISE, Aruba ClearPass), SIEM integration, and log forwarding
• Ability to read and apply architecture standards established by others without requiring constant design input
• Relevant certifications (PCNSE, NSE 4+, CCNP Enterprise or Security, JNCIS) are a plus, not a requirement
• Ability to produce clear technical documentation: network diagrams, firewall policy documentation, change records, and audit-ready evidence packages that another engineer can follow and an auditor can rely on
• Prior experience in a multi-client service delivery environment is an advantage; comfort maintaining consistent security posture across varied client environments matters here