Lead Information Security Engineer

Infrastructure Security is seeking a Lead Information Security Engineer to serve as a technical lead and subject matter expert (SME) for securing a large-scale, highly complex enterprise network environment. This role supports a global organization with significant internet-facing services and extensive private and public cloud connectivity.

The ideal candidate will design, implement, and maintain scalable network security controls across segmented internal networks, hybrid cloud platforms, and modern architectures. You will provide expert guidance on network security architecture, participate in enterprise design and risk reviews, and collaborate closely with network engineering, cloud, application, and risk teams to ensure alignment with security, regulatory, and compliance requirements., As a Lead Information Security Engineer, you will:

• Provide expert-level engineering guidance for complex infrastructure and network security initiatives
• Design, implement, and sustain enterprise-scale network security controls across on-premises and cloud environments
• Translate security policies, standards, and regulatory requirements into enforceable technical controls
• Lead network security architecture and design reviews, including presenting recommendations to leadership
• Identify and assess security risks, vulnerabilities, and control gaps; recommend and evaluate remediation options
• Support and lead network-based security incident response, including traffic analysis and root cause investigations
• Conduct post-incident analysis and contribute to long-term mitigation and resilience strategies
• Review, correlate, and interpret security logs and telemetry
• Provide security consulting for large enterprise projects to ensure compliance with corporate security standards
• Design, document, test, and maintain complex security solutions across networking, cloud, AI, and edge technologies
• Mentor and provide technical leadership to engineers and virtual teams
• Collaborate effectively with stakeholders at all levels, including engineering, cloud, application, risk, compliance, and audit teams

• 5+ years of Information Security Engineering experience, or equivalent demonstrated through work experience, training, military service, or education
• Deep hands-on experience with enterprise firewall platforms such as Palo Alto, Check Point, Cisco, or Fortinet
• Strong expertise in firewall policy design, rule lifecycle management, and network traffic segmentation
• Advanced understanding of core networking concepts, including:

• TCP/IP, routing, switching, and VLANs
• DNS, DHCP, NTP
• SSL/TLS, VPN technologies

Technical Expertise - Network Security

Required Experience With:

• Network intrusion detection and prevention systems (IDS/IPS)
• Secure web gateways and proxy technologies
• Network load balancers and edge security controls

Cloud & Hybrid Network Security

• Experience securing cloud networking environments such as AWS, Azure, or Google Cloud Platform, including:

• Virtual networks (VPCs / VNets)
• Cloud-native firewalls and security services
• Private connectivity (VPN, Direct Connect, ExpressRoute)

• Ability to design consistent and repeatable network security patterns across on-premises and cloud platforms

Zero Trust & Modern Architectures

• Practical experience implementing:

• Zero Trust Network Access (ZTNA)
• Micro- and macro-segmentation
• Network access control (NAC)

• Strong understanding of how identity, endpoint posture, and network controls integrate within Zero Trust architectures

Engineering & Security Design Skills

• Ability to perform threat modeling and network-focused risk assessments
• Experience reviewing network designs for security gaps, misconfigurations, and compliance risks
• Proficiency in producing:

• Network security design documentation
• Architecture diagrams
• Control rationales suitable for audit and regulatory review

Incident Response & Resilience

• Experience supporting or leading network-based incident response efforts
• Strong skills in traffic analysis during active security incidents
• Knowledge of network resiliency, high availability, and DDoS protection strategies

Compliance & Regulatory Alignment

• Strong familiarity with security frameworks and regulatory expectations, including:

• NIST Cybersecurity Framework (CSF)
• NIST SP 800-53
• CIS Critical Security Controls
• FFIEC / financial services regulatory guidance

• Experience supporting audits, regulatory exams, and internal control testing
• Ability to clearly articulate technical security decisions in business risk terms

Preferred (Nice to Have) Qualifications

• Experience managing network security at large enterprise scale
• Familiarity with automation and infrastructure-as-code (e.g., Python, firewall-as-code)
• Experience evaluating or onboarding new security technologies
• Background creating or maintaining enterprise security policies or standards
• Advanced knowledge of the OSI model and its application to cybersecurity
• Industry certifications (preferred, not required):

• CISSP, CCSP
• PCNSE, CCNP Security, CCIE Security
• GIAC (GCIA, GCIH)
• Cloud security certifications (AWS or Azure Security)