Network Security Engineer Specialist

Thisposition is not eligible for visa sponsorship, now or in the future. Candidates must be a US Citizen or Green Card Holder

This position is hybrid 3 days per week in either our Cincinnati, OH or Atlanta, GA office

Are you ready to write your next chapter?

Make your mark at one of the biggest names in payments.We'relooking for aNetwork Security Engineer Specialistto join ourever-evolvingEdge&NetworkSecurityteamandhelp us unleash the potential of every business.

This role strengthens and evolves our secure access and network security platforms across a global enterprise environment. This is a hands-on technical leadership role focused primarily on Secure Web Gateway (SWG), Proxy, SASE, Secure Access, and related network security controls, withresponsibility for IPS/IDS and firewall-adjacent security capabilities.

Our core platforms include Zscaler (ZIA / ZPA) and Palo Alto Networks technologies, including Panorama, on-prem NGFW, cloud NGFW, Threat Prevention, and Prisma Access.

This role supports approximately 30,000 users globally across the US, UK, and APAC,operatingin a full proxy environment with selectiveprivate access, including broad SSL inspection coverage. You will lead engineering and delivery efforts, improve service reliability, mentor other engineers, and act as a technical escalation point during high-severity incidents.

This is an engineering-first role, with approximately 80% of time focused on design, implementation, tuning, and operational improvement, and approximately 20% supporting incident mitigation and high-severity response.

On-Call Expectations:Participatein a rotating on-call schedule for incidents.Act as a senior escalation point formajor issuesaffecting secure access, proxy, SASE, or related network security services.Contribute to post-incident analysis and ensure durable corrective actions are implemented.Participate in readiness activities, operational reviews, and resilience improvements for critical control-plane services.

Whatyou'llownas theNetwork Security Engineer Specialist

• Lead engineering and continuous improvement for SWG, Proxy, SASE, Secure Access, and IPS/IDS across a global enterprise environment.

• Administer and harden Zscaler (ZIA/ZPA) and Palo Alto platforms, including Panorama, Prisma Access, NGFW, and Threat Prevention.

• Design andmaintainscalable security policies for internet access, private application access, SSL inspection, traffic steering, and threat prevention.

• Drive high-quality changes through safe rollout planning, validation, rollback readiness, and post-change review.

• Improve platform reliability, policy quality, and user experience through standardization, tuning, and operational improvements.

• Serve as a technical lead and escalation point for complex issues, high-risk changes, and high-severity incidents.

• Mentor other engineers, review work, and helpestablishbest practices, standards, and runbooks.

• Partner with SOC/IR, Network Operations, infrastructure, application teams, and vendors to deliver secure and reliable services.

• Improve logging, telemetry, SIEM integration, and operational visibility while reducing noise and strengthening control effectiveness.

• Track and improve key measures such as policy accuracy, false positives, service reliability, change success, and time to mitigation.

• Leadvendorescalations and hold partners accountable for response quality, root cause depth, and durable resolution.

• Bachelor's degree in a related field and 7+ years of experience, or equivalent practical experience.

• Experience in network security or security engineering roles.

• Strong hands-on experience with SWG, Proxy, SASE, or Secure Access in enterprise environments.

• Strong knowledge of Zscaler ZIA/ZPA and Palo Alto technologies including Panorama, NGFW, Threat Prevention, and Prisma Access.

• Experience with proxy policy, SSL inspection, traffic steering, secure access, threat prevention, and user access troubleshooting.

• Strong networking and security fundamentals including TCP/IP, TLS, DNS, routing, NAT, certificates, and zero trust.

• Experience in large-scale global environments and ability to serve as a senior escalation point during major incidents.

• Proven ability to mentor engineers, review work, and communicate effectively across teams.

It'sa bonus if youhave

• Experience with IPS/IDS tuning and false-positive reduction.

• Experience with Prisma Access, cloud NGFW, or hybrid architectures.

• Familiarity with Terraform, Python, CI/CD, or automation for security platforms.

• Exposure to WAF technologies (Akamai, Cloudflare, or F5 Distributed Cloud), regulated environments, or relevant certifications such as PCNSE or Zscaler.

About the team

To learn more about our winning teams, check out ourworld-class teamsthatown itevery day.

What makes aWorldpayer?It'ssimple: Think, Act, Win. We stay curious, always asking the rightquestionsandfinding creative solutions to simplify the complex.We'redynamic,everyWorldpayeris empowered to make the right decisions for their customers. Andwe'redetermined, always staying openandwinning and failing as one.