Network Security Lead

The Network Security Lead is responsible for designing, implementing, and governing client's global network security architecture across data centers, labs, offices, and cloud environments. This role blends deep engineering expertise with strategic leadership, driving architecture, automation, and operational excellence across the company's hybrid infrastructure. You will own the architecture and evolution of all network security domains - including core and lab networks, firewalls, on-premise proxies, and cloud connectivity - while managing the Managed Service Provider (MSP) responsible for daily operations. This position also emphasizes AI-driven automation, using machine learning and analytics to reduce manual work and enhance detection, response, and configuration management across the enterprise., Architectural Leadership

• Design and maintain client's global network security architecture, including:
• Core corporate and data center networks
• Lab network segmentation and lab firewalls
• On-premises proxies and remote access gateways
• Cloud security architecture (Azure, AWS, GCP) - hub-spoke and zero-trust models
• Define and execute the long-term network security roadmap, balancing resilience, scalability, and performance.
• Develop secure reference architectures for Prisma Access SD-WAN, NGFW, Infoblox DNS/DHCP, and VPN platforms.
• Collaborate with Infrastructure, Network, Cloud, and InfoSec teams to ensure consistent policy enforcement and visibility.

Operational Oversight & Vendor Management:

• Lead and manage the MSP handling L2/L3 network security engineering and administration
• Define performance metrics, escalation procedures, and automation goals for MSP services.
• Conduct regular audits, technical reviews, and ensure adherence to SLAs and architectural standards.
• Oversee incident response coordination for network-related security events and P1/P2 outages
• Manage operational procedures such as firewall object management, certificate/license updates, and troubleshooting
• Oversee SOP-based tasks - AV updates, DR activities, firewall deployments, and privileged access workflows.
• Maintain and update network security SOP documentation in line with evolving technologies.

Automation & AI Integration:

• Implement AI/ML technologies for automated telemetry analysis, anomaly detection, and response workflows.
• Integrate AIOps, predictive analytics, and autonomous configuration management to reduce manual troubleshooting.
• Drive adoption of automated rule verification, configuration compliance, and zero-touch provisioning.

Engineering & Governance:

• Provide expert guidance on routing, switching, segmentation, encryption, and authentication frameworks.
• Develop ad enforce network security policies and standards, integrating with enterprise GRC systems.
• Review and approve firewall rules, ACLs, and proxy configurations.
• Conduct security architecture reviews for new projects and cloud integrations.
• Participate in Quarterly Business Reviews (QBRs) and executive governance meetings to report security posture and improvements.

Mentorship & Collaboration:

• Serve as a technical mentor to Infrastructure and InfoSec engineers.
• Partner with CISO, Cloud Security, and SOC leaders to align network and cyber defense strategies.
• Collaborate with compliance and audit teams to ensure control effectiveness and documentation.

Compliance & Audit Coordination:

• Coordinate with audit teams to supply technical evidence, logs, and SOP compliance documentation.
• Support access verification and audit comment tracking activities.

Platform & Product Expertise:

• Maintain expertise in client-specific platforms (Panorama, NP Extranet, aiSSD) and browser integrations.
• Support troubleshooting and integration improvement initiatives.

Incident Response & Troubleshooting:

• Lead and participate in root cause analysis and remediation for network-related incidents.
• Demonstrate strong understanding of day-to-day troubleshooting SOPs and non-functional error resolution.

• Deep expertise in network and security architecture design, including:
• NGFWs, VPNs, SD-WAN (Prisma Access), segmentation, proxies, hybrid connectivity
• Network automation tools (Ansible, Terraform, Python)
• Routing & switching protocols (BGP, OSPF, EIGRP, VXLAN, MPLS)
• Infoblox DNS/DHCP/IPAM, SSL/TLS, PKI, SSO/SAML/OAuth
• Cloud networking (Azure, AWS, GCP) - transit gateways, VPC/VNet security groups, private endpoints
• Strong understanding of Zero Trust Network Architecture (ZTNA) and Secure Access Service Edge (SASE).
• Proven vendor management and contract governance experience.
• Demonstrated experience in AI/automation for network management and analytics.
• Excellent communication, leadership, and strategic planning skills.

Education & Certifications:

• Bachelor's or Master's degree in Computer Science, Computer Engineering, or related field.
• 8+ years of experience in network security or infrastructure engineering.
• 3+ years in architecture-level leadership or MSP oversight.

Preferred Certifications:

• Cisco CCNP / CCIE Security
• Palo Alto PCNSE
• AWS Certified Advanced Networking or Azure Network Engineer Associate
• CISSP or equivalent cybersecurity certification

Success Metrics:

• Delivery of an integrated global network security architecture supporting both corporate and lab environments.
• Reduction in MTTD/MTTR through AI-enabled automation.
• Demonstrated SLA compliance and operational maturity of MSP-delivered services.