Lead Network Security Assessment Engineer

TEKSYSTEMS INC.
Chicago, United States of America
yesterday

Role details

Contract type
Temporary contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 260K

Job location

Chicago, United States of America

Tech stack

IEEE 802.1X
Amazon Web Services (AWS)
Proxy Servers
iOS
User Authentication
Border Gateway Protocol
Cisco Routers
Profiling
Computer Security
Databases
Domain Name System Security Extensions
DNS
Network Security
Network Architecture
Network Control
Routing
Cisco Nexus Switches
Open Shortest Path First
Broadcom
Red Team (Cyber Security)
Secure Hash Algorithm
Security Information and Event Management
Software Deployment
Symantec
Transport Layer Security
Identity Services Engine
Load Balancing
Firewalls (Computer Science)
Cybercrime
Check Point Firewalls
Routing & Switching
BIG-IP Advanced Firewall Manager (AFM)
Firepower
Cisco networks
Vulnerability Analysis

Job description

Client is seeking a Lead Network Security Assessment Engineer to drive complex, enterprise-wide security assessments and provide technical leadership across network security initiatives. This role combines deep technical expertise with leadership responsibilities, guiding assessment strategy, mentoring engineers, and influencing remediation efforts across the organization.

The ideal candidate brings strong experience in large-scale environments and has the ability to lead threat hunting initiatives, coordinate across teams, and ensure consistent security assessment practices aligned with the client's risk posture.

Job Details:

I. WORK TO BE PERFORMED:

The contractor shall provide expert-level network security engineering services to review, assess, hunt for known flaws and threat indicators, and document findings identified through red team testing and accelerated resolution of Security Operational Readiness Tests (SORTS) across the enterprise network infrastructure. Work encompasses the full technology stack managed by the network team, with emphasis on systematic security assessment of current configurations, threat hunting against known vulnerabilities and adversary TTPs, identification of security gaps, and actionable findings aligned to operational standards and risk tolerance., Cisco ISE - policy set assessment, profiling review, MAB/802.1X configuration analysis, guest and BYOD segmentation evaluation

Web & DNS

Broadcom/Symantec Blue Coat web proxy - policy assessment, SSL inspection gap analysis, category and exception hygiene review

BlueCat DNS/IPAM - zone security assessment, DNSSEC validation review, rogue record identification, IPAM access control evaluation

Load Balancing & Application Delivery

F5 BIG-IQ, LTM, and AFM - iRule security assessment, AFM policy review, SSL profile analysis, BIG-IQ RBAC evaluation

Visibility & Detection

Gigamon- traffic intelligence fabric assessment, filtering map review, out-of-band tap integrity verification

ExtraHop - detection rule review, threat coverage assessment, SIEM/SOAR integration validation

Time & Infrastructure

NTP appliances - stratum configuration assessment, authentication review (MD5/SHA1), ACL restriction analysis, source validation

Threat hunting - Known Vulnerability Hunt

· Cross-reference all in-scope platforms against current NVD/CVE databases, CISA Known Exploited Vulnerabilities (KEV) catalog, and vendor security advisories

· Identify unpatched or unmitigated CVEs present in the environment and assess exploitability given current network context

· Document all findings with CVE identifiers, CVSS scores, affected assets, and recommended remediation priority

Requirements

The contractor must demonstrate hands-on proficiency and hold current certifications or equivalent documented experience in each of the following:

Firewall & Segmentation

Cisco ACI fabric policy model assessment, EPG/contract review, micro segmentation gap analysis

Cisco Firepower Threat Defense (FTD) - configuration assessment, policy and rule review, platform hardening analysis

Check Point firewalls - physical and virtual (R8x), SmartConsole policy assessment, IPS module and signature review

Routing & Switching

Cisco routers and switches - IOS/IOS-XE security configuration assessment, control plane protection review, routing protocol security analysis (BGP, OSPF authentication, prefix filtering)

Virtualized Cisco routers deployed in AWS (8000V) - cloud-native security control assessment, security group alignment review, route table integrity validation, · Minimum 7 years of enterprise network security engineering experience with demonstrated assessment and/or threat hunting expertise

· Must hold at least two of: CCIE (Security or Enterprise), CCNP Security, Check Point CCSE, F5 301B, AWS Advanced Networking Specialty

· At least one designated team member must hold a recognized threat hunting or threat intelligence credential (GCIA, GCIH, GCFE, GCTI, or equivalent)

· Experience conducting or supporting formal security assessments, red team remediation engagements and/or remediation required

Skills

security leadership, advanced threat hunting, security architecture

Top Skills Details

security leadership,advanced threat hunting,security architecture

Additional Skills & Qualifications

Overall Must-Have Skills:

Firewall, segmentation, and network infrastructure security (Cisco ACI, FTD, Check Point)

Routing/switching security (BGP, OSPF, AWS networking)

Threat hunting, CVE analysis, and vulnerability assessment

Security tools: F5, Blue Coat, Gigamon, ExtraHop, DNS/IPAM

Identity/access control (Cisco ISE) and network security governance

Strong documentation, reporting, and remediation guidance

Experience in regulated or financial services environments is strongly preferred.

Benefits & conditions

This is a Contract position based out of Chicago, IL.

Pay and Benefits

The pay range for this position is $100.00 - $125.00/hr.

Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: * Medical, dental & vision * Critical Illness, Accident, and Hospital * 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available * Life Insurance (Voluntary Life & AD&D for the employee and dependents) * Short and long-term disability * Health Spending Account (HSA) * Transportation benefits * Employee Assistance Program * Time Off/Leave (PTO, Vacation or Sick Leave)

Workplace Type

About the company

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. About TEKsystems and TEKsystems Global Services We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com. The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, for all positions located in the city and county of San Francisco, we will consider for employment qualified applicants with arrest and conviction records. Massachusetts Lie Detector: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Use of Artificial Intelligence (AI): We may use Artificial Intelligence (AI) to support parts of our hiring process, including sourcing, screening, and evaluating candidates. AI helps assess applications and qualifications, but final decisions are made by our hiring team. By applying, you acknowledge and agree that your application may be reviewed using AI tools.

Apply for this position