Network & Security Engineer

• Own the design, operation, and security of Citadel's network infrastructure across all sites. Maintain firewalls, switching, wireless, ISP connectivity, and backup connectivity. Design and implement upgrades to support growth, lead network design and turn-up for new Citadel facilities, and maintain secure connectivity between sites, between sites and the cloud, and for remote users.
• Own the design, operation, and security of Citadel's voice and unified communications infrastructure, including the company's calling system, VOIP infrastructure, and integration with Microsoft 365 communications.
• Maintain consistent network and security service quality across all Citadel sites. Travel between sites is heavier during the initial standardization phase across existing sites and during turn-up of new sites, and lighter once the environment reaches steady state.
• Perform in line with established KPIs and service-level targets, including network availability, security patch SLA, mean time to remediate vulnerabilities, mean time to respond to security incidents, and related measures. Track and report performance regularly to IT leadership.
• Serve as the internal technical counterpart to the company's security SOC and MDR provider, who operate detection, monitoring, and response. Partner closely on detection tuning, alert triage, investigation, and remediation.
• Own endpoint security policy across the Microsoft 365 platform, including Microsoft Defender for Endpoint configuration, conditional access, identity hardening, and Intune security baselines. Partner with the IT manager and the support team on day-to-day operation and enforcement.
• Own technical email security controls, including anti-phishing, anti-malware, secure transport, and tenant security configuration. Partner with the IT manager on user-facing reporting and response workflows.
• Run Citadel's vulnerability management process in partnership with the MDR provider. Operate scanning tooling, prioritize findings, and drive remediation across the IT organization.
• Own identity and access management hardening, including multi-factor authentication, conditional access policy, privileged access controls, and account lifecycle hygiene.
• Set program direction and content for Citadel's cybersecurity awareness program, including training plans, phishing simulation strategy, and ongoing user education topics. Partner with the IT manager, who runs the user-facing activities and reporting.
• Conduct third-party security review of new vendors, software platforms, and integrations before they enter the environment. Assess data handling, integration security, and ongoing risk; track approval and remediation.
• Coordinate Citadel's response to external security assessments, including penetration testing, cyber insurance reviews, customer security questionnaires, and regulatory inquiries. Scope engagements, work with vendors, maintain evidence, and track remediation.
• Deliver assigned IT projects within networking and security, and contribute to broader IT initiatives. Coordinate with IT leadership and peers, and engage external specialists and contractors as needed.
• Partner with IT leadership and peers in infrastructure, support, and software development on initiatives originating in those service lines. Contribute network and security expertise to keep delivery on track.
• Own vendor relationships within the network and security portfolio, including ISPs, network hardware, security tooling, and specialized contractors. Take on broader IT vendor relationships as assigned.
• Own the network and security operating budget, with broader budget scope as assigned. Track expenses, project upcoming needs, and provide input on annual IT budget planning.
• Own the on-call rotation for network and security incidents. Drive diagnosis, coordinate internal and external resources, and engage directly in resolution.
• Own incident communication for network and security events. Notify IT leadership and impacted business stakeholders, provide regular status updates throughout an incident, and deliver post-incident summaries with root cause and follow-up actions.
• Conduct periodic internal security audits across user access, identity hygiene, configuration baselines, vulnerability posture, and policy adherence. Remediate findings in partnership with the IT manager.
• Maintain and enforce IT network and security policies, procedures, runbooks, technical documentation, and asset inventory. Contribute to the creation and modification of policies as needed.
• Identify and propose improvements in network design, security posture, monitoring coverage, and tool consolidation. Deliver approved initiatives.

Non-Essential Functions

• Running cables and installing hardware.
• Other duties as assigned., * This position has no direct reports.
• Coordinates day-to-day with external network and security contractors, managed-service providers, and the company's SOC and MDR partner.
• Provides technical guidance and security expertise to IT team peers and to business stakeholders as needed., Travel between Citadel sites is required for installation work, network upgrades, security audits, and on-site infrastructure tasks. Travel will be more frequent during the initial standardization phase across existing sites and during turn-up of new facilities, and lighter once the environment reaches steady state. Travel is primarily regional with occasional overnight stays based on operational need or project demands.

Do you have experience in Wireless network design?, Do you have a Bachelor's degree?, * Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Network Engineering, or a related technical discipline. Equivalent professional experience considered in lieu of degree.

• 7+ years of progressive experience in enterprise network engineering and information security.
• Hands-on experience designing, deploying, and operating enterprise networks, including next-generation firewalls (Palo Alto or comparable), enterprise switching (Cisco or comparable), and wireless (Meraki or comparable).
• Hands-on experience with endpoint security platforms, including Microsoft Defender for Endpoint and modern identity and access management (Microsoft Entra ID, conditional access, multi-factor authentication).
• Experience operating in partnership with a managed detection and response (MDR) provider or security operations center (SOC).
• Experience with vulnerability management, including scanning tooling (Tenable Nessus or comparable), prioritization, and driving remediation across an organization.
• Experience operating in an environment with regular external security assessments (penetration testing, cyber insurance reviews, customer security audits) and remediating findings under deadline.
• Experience supporting multi-site operations or production environments where uptime, security, and consistency of service are operational requirements.
• Experience delivering IT projects from scope through completion, including scheduling, vendor coordination, and budget tracking.
• Demonstrated ability to communicate technical concepts clearly to non-technical business stakeholders and to senior leadership.
• Demonstrated experience adhering to and enforcing security best practices across network, endpoint, and identity domains., * Experience in aviation, aerospace, manufacturing, MRO, or other regulated operational environments.
• Active IT industry certifications such as CompTIA Security+ or Network+, Cisco CCNA / CCNP, Palo Alto PCNSA / PCNSE, Microsoft Security or Identity certifications, CISSP, GIAC, or comparable.
• Experience designing and bringing up network infrastructure at new sites or facilities.
• Experience with SD-WAN, zero-trust architecture, network segmentation, or related modern network design patterns.
• Familiarity with security frameworks (NIST, CIS) and audit or compliance work.
• Experience with security awareness platforms (KnowBe4 or comparable).
• Experience administering identity and access controls in a hybrid or cloud-first environment.
• Experience with VOIP or unified communications infrastructure., * Deep technical expertise across enterprise networking (firewalls, switching, wireless, routing) and information security (endpoint, identity, vulnerability management, security monitoring).
• Strong working knowledge of Microsoft 365 security tooling (Defender, Entra, Intune security baselines, conditional access) sufficient to set policy that the IT team operates against day-to-day.
• Strong troubleshooting and root-cause analysis discipline across complex network and security incidents.
• Project delivery and prioritization skills across simultaneous initiatives, with the ability to plan, document, and coordinate technical projects end to end.
• Ability to translate technical concepts for business and senior leadership audiences.
• Strong written and verbal communication, particularly during security incidents and operational events.
• Strong organizational, documentation, and operational discipline. Maintains current documentation and engages stakeholders proactively.
• Ability to work autonomously and make sound technical decisions in fast-moving situations.
• Customer service mindset with focus on responsiveness, professionalism, and follow-through.
• Self-motivated, adaptable, and committed to staying current as threats and technologies evolve.

This position is considered OFFICE WORK which is characterized as follows.

• Almost exclusively indoors during the day and occasionally at night.
• Occasional exposure to airborne dust in the workplace.
• Work surface is stable (flat).
• After-hours and on-call work is required for critical systems support and incident response.

Information technology is foundational to how Citadel Aviation operates at every site, from the systems that move work across the hangar floor and the shops to the platforms that support administrative staff. Secure, reliable network and identity infrastructure enable Citadel to operate without interruption, protect its work and its people, and meet its obligations to customers and partners. This role owns the design, operation, and security of Citadel's network and identity infrastructure across every Citadel site: reliable connectivity, a hardened identity platform, and a security posture that scales with the business. The role serves as Citadel's internal technical counterpart to the company's security SOC and managed detection and response (MDR) provider, partners with IT leadership and peers across IT and the business, owns assigned IT projects, and is accountable for the reliability of the network and the strength of the security posture across every site., The technology stack includes Palo Alto next-generation firewalls, Cisco switching, Meraki wireless, Microsoft 365 with Entra ID for identity, Microsoft Defender for Endpoint and Intune for endpoint security and management, Tenable for vulnerability management, and KnowBe4 for security awareness. Security operations are delivered in partnership with an external SOC and MDR provider.