Network Security Engineer Specialist

This position is not eligible for visa sponsorship, now or in the future. Candidates must be a US Citizen or Green Card Holder, Make your mark at one of the biggest names in payments. We're looking for a Network Security Engineer Specialist to join our ever-evolving Edge&Network Security team and help us unleash the potential of every business.

This role strengthens and evolves our secure access and network security platforms across a global enterprise environment. This is a hands-on technical leadership role focused primarily on Secure Web Gateway (SWG), Proxy, SASE, Secure Access, and related network security controls, withresponsibility for IPS/IDS and firewall-adjacent security capabilities.

Our core platforms include Zscaler (ZIA / ZPA) and Palo Alto Networks technologies, including Panorama, on-prem NGFW, cloud NGFW, Threat Prevention, and Prisma Access.

This role supports approximately 30,000 users globally across the US, UK, and APAC,operatingin a full proxy environment with selectiveprivate access, including broad SSL inspection coverage. You will lead engineering and delivery efforts, improve service reliability, mentor other engineers, and act as a technical escalation point during high-severity incidents.

This is an engineering-first role, with approximately 80% of time focused on design, implementation, tuning, and operational improvement, and approximately 20% supporting incident mitigation and high-severity response.

On-Call Expectations: Participate in a rotating on-call schedule for incidents. Act as a senior escalation point formajor issuesaffecting secure access, proxy, SASE, or related network security services.Contribute to post-incident analysis and ensure durable corrective actions are implemented.Participate in readiness activities, operational reviews, and resilience improvements for critical control-plane services.

What you'll own as the Network Security Engineer Specialist

• Lead engineering and continuous improvement for SWG, Proxy, SASE, Secure Access, and IPS/IDS across a global enterprise environment.

• Administer and harden Zscaler (ZIA/ZPA) and Palo Alto platforms, including Panorama, Prisma Access, NGFW, and Threat Prevention.

• Design and maintain scalable security policies for internet access, private application access, SSL inspection, traffic steering, and threat prevention.

• Drive high-quality changes through safe rollout planning, validation, rollback readiness, and post-change review.

• Improve platform reliability, policy quality, and user experience through standardization, tuning, and operational improvements.

• Serve as a technical lead and escalation point for complex issues, high-risk changes, and high-severity incidents.

• Mentor other engineers, review work, and help establish best practices, standards, and runbooks.

• Partner with SOC/IR, Network Operations, infrastructure, application teams, and vendors to deliver secure and reliable services.

• Improve logging, telemetry, SIEM integration, and operational visibility while reducing noise and strengthening control effectiveness.

• Track and improve key measures such as policy accuracy, false positives, service reliability, change success, and time to mitigation.

• Lead vendor escalations and hold partners accountable for response quality, root cause depth, and durable resolution.

• Bachelor's degree in a related field and 7+ years of experience, or equivalent practical experience.

• Experience in network security or security engineering roles.

• Strong hands-on experience with SWG, Proxy, SASE, or Secure Access in enterprise environments.

• Strong knowledge of Zscaler ZIA/ZPA and Palo Alto technologies including Panorama, NGFW, Threat Prevention, and Prisma Access.

• Experience with proxy policy, SSL inspection, traffic steering, secure access, threat prevention, and user access troubleshooting.

• Strong networking and security fundamentals including TCP/IP, TLS, DNS, routing, NAT, certificates, and zero trust.

• Experience in large-scale global environments and ability to serve as a senior escalation point during major incidents.

• Proven ability to mentor engineers, review work, and communicate effectively across teams.

It's a bonus if you have

• Experience with IPS/IDS tuning and false-positive reduction.

• Experience with Prisma Access, cloud NGFW, or hybrid architectures.

• Familiarity with Terraform, Python, CI/CD, or automation for security platforms.

• Exposure to WAF technologies (Akamai, Cloudflare, or F5 Distributed Cloud), regulated environments, or relevant certifications such as PCNSE or Zscaler.

What makes a Worldpayer? It's simple: Think, Act, Win. We stay curious, always asking the right questions and finding creative solutions to simplify the complex. We're dynamic, every Worldpayer is empowered to make the right decisions for their customers. And we're determined, always staying open and winning and failing as one.