Lead Network Security Assessment Engineer
Role details
Job location
Tech stack
Job description
Client is seeking a Lead Network Security Assessment Engineer to drive complex, enterprise-wide security assessments and provide technical leadership across network security initiatives. This role combines deep technical expertise with leadership responsibilities, guiding assessment strategy, mentoring engineers, and influencing remediation efforts across the organization.
The ideal candidate brings strong experience in large-scale environments and has the ability to lead threat hunting initiatives, coordinate across teams, and ensure consistent security assessment practices aligned with the client's risk posture.
Job Details:
I. WORK TO BE PERFORMED:
The contractor shall provide expert-level network security engineering services to review, assess, hunt for known flaws and threat indicators, and document findings identified through red team testing and accelerated resolution of Security Operational Readiness Tests (SORTS) across the enterprise network infrastructure. Work encompasses the full technology stack managed by the network team, with emphasis on systematic security assessment of current configurations, threat hunting against known vulnerabilities and adversary TTPs, identification of security gaps, and actionable findings aligned to operational standards and risk tolerance., Cisco ISE - policy set assessment, profiling review, MAB/802.1X configuration analysis, guest and BYOD segmentation evaluation
Web & DNS
Broadcom/Symantec Blue Coat web proxy - policy assessment, SSL inspection gap analysis, category and exception hygiene review
BlueCat DNS/IPAM - zone security assessment, DNSSEC validation review, rogue record identification, IPAM access control evaluation
Load Balancing & Application Delivery
F5 BIG-IQ, LTM, and AFM - iRule security assessment, AFM policy review, SSL profile analysis, BIG-IQ RBAC evaluation
Visibility & Detection
Gigamon- traffic intelligence fabric assessment, filtering map review, out-of-band tap integrity verification
ExtraHop - detection rule review, threat coverage assessment, SIEM/SOAR integration validation
Time & Infrastructure
NTP appliances - stratum configuration assessment, authentication review (MD5/SHA1), ACL restriction analysis, source validation
Threat hunting - Known Vulnerability Hunt
· Cross-reference all in-scope platforms against current NVD/CVE databases, CISA Known Exploited Vulnerabilities (KEV) catalog, and vendor security advisories
· Identify unpatched or unmitigated CVEs present in the environment and assess exploitability given current network context
· Document all findings with CVE identifiers, CVSS scores, affected assets, and recommended remediation priority
Requirements
The contractor must demonstrate hands-on proficiency and hold current certifications or equivalent documented experience in each of the following:
Firewall & Segmentation
Cisco ACI fabric policy model assessment, EPG/contract review, micro segmentation gap analysis
Cisco Firepower Threat Defense (FTD) - configuration assessment, policy and rule review, platform hardening analysis
Check Point firewalls - physical and virtual (R8x), SmartConsole policy assessment, IPS module and signature review
Routing & Switching
Cisco routers and switches - IOS/IOS-XE security configuration assessment, control plane protection review, routing protocol security analysis (BGP, OSPF authentication, prefix filtering)
Virtualized Cisco routers deployed in AWS (8000V) - cloud-native security control assessment, security group alignment review, route table integrity validation, · Minimum 7 years of enterprise network security engineering experience with demonstrated assessment and/or threat hunting expertise
· Must hold at least two of: CCIE (Security or Enterprise), CCNP Security, Check Point CCSE, F5 301B, AWS Advanced Networking Specialty
· At least one designated team member must hold a recognized threat hunting or threat intelligence credential (GCIA, GCIH, GCFE, GCTI, or equivalent)
· Experience conducting or supporting formal security assessments, red team remediation engagements and/or remediation required
Skills
security leadership, advanced threat hunting, security architecture
Top Skills Details
security leadership,advanced threat hunting,security architecture
Additional Skills & Qualifications
Overall Must-Have Skills:
Firewall, segmentation, and network infrastructure security (Cisco ACI, FTD, Check Point)
Routing/switching security (BGP, OSPF, AWS networking)
Threat hunting, CVE analysis, and vulnerability assessment
Security tools: F5, Blue Coat, Gigamon, ExtraHop, DNS/IPAM
Identity/access control (Cisco ISE) and network security governance
Strong documentation, reporting, and remediation guidance
Experience in regulated or financial services environments is strongly preferred.
Benefits & conditions
This is a Contract position based out of Chicago, IL.
Pay and Benefits
The pay range for this position is $100.00 - $125.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: * Medical, dental & vision * Critical Illness, Accident, and Hospital * 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available * Life Insurance (Voluntary Life & AD&D for the employee and dependents) * Short and long-term disability * Health Spending Account (HSA) * Transportation benefits * Employee Assistance Program * Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type