Principal Network Security Engineer

The Principal Network Security Engineer plays a pivotal role in safeguarding the organization's infrastructure by architecting, deploying, and managing advanced network security platforms. This is a high-impact position within a newly formed team dedicated to mission-critical initiatives, where reliability, resilience, and exceeding expectations are standard. We’re seeking a strategic thought leader and self-driven engineer with a deep security-first mindset and a strong sense of product ownership—someone who can lead the transformation and continuous evolution of our network security ecosystem in alignment with our business and cybersecurity objectives.

Core

Skills & Experience:

• Expert-level in NAC platform administration and configuration (Forescout preferred)
• Strong understanding of network security principles. CISSP certification is desired but not required
• Working experience deploying and operating Identity platforms (Cisco ISE preferred)
• Exposure to Microsoft Active Directory, Microsoft Entra , and LDAP
• Knowledge of network fundamentals (TCP/IP, VLANs, VRFs, VPN, Dynamic Routing). CCNP certification preferred
• Strong understanding of how Network and Security infrastructure operate at Layer 2, Layer 3 & Layer 4-7
• Knowledge of network authentication protocols including EAP/802.1x, TACACS, RADIUS, OAuth
• Experience working with Public Key Infrastructure and tools (Venafi)
• Expert-level experience working with Linux, Windows, and MacOS operating systems
• Experience with scripting languages (Bash, Python, Perl, Powershell) and IaC tools like Ansible or Terraform
• Proficient with packet data tools like Wireshark to perform deep-level forensic analysis
• Ability to perform security analysis using SIEM and Analytics tools (Azure Sentinel, Log Analytics)
• Expert-level writing skills to create playbooks and standard operating procedures
• Experience with web APIs and data serialization languages (JSON, YAML)
• Exposure to cloud service providers such as Azure or AWS
• Working experience with Next Generation Firewalls (Checkpoint, Palo Alto) or host-based firewalls (Illumio)
• Good understanding of DNS, DHCP, and IPAM systems

Certifications:

The following certifications are strongly preferred

FSCA - Forescout Certified Administrator

FSAA - Forescout Advanced Administrator

FSCE - Forescout Certified Engineer

Tasks & Responsibilities:

• As the product owner for Network Access Control (NAC) and Identity Services platforms, the Principal Network Security Engineer will lead the strategic direction, architecture, and operational excellence of these technologies.
• Solution Architecture & Design Partner with cross-functional stakeholders to architect and deliver secure, scalable solutions tailored to evolving business and security requirements.
• Deployment & Configuration Lead global deployment and configuration of NAC appliances and Identity Services platforms across data centers, ensuring consistency, reliability, and compliance.
• Device Discovery & Profiling Implement advanced profiling techniques to identify and classify all network-connected devices, enforcing access only for authorized and trusted endpoints.
• Policy Creation & Enforcement Define and enforce granular access control policies based on device posture, driving network segmentation and strengthening the organization’s security posture.
• Threat Detection & Response Monitor for anomalous device behavior and orchestrate automated responses to mitigate potential threats in real time.
• Compliance Management Leverage platform capabilities to ensure continuous compliance with internal standards and external regulatory requirements through robust reporting and audit trails.
• Security Ecosystem Integration Seamlessly integrate NAC and Identity platforms with next-gen firewalls, SIEMs, endpoint protection, and other security tools to create a unified defense strategy.
• Customer Support & Enablement Provide expert-level support to internal teams, manage escalations, and deliver training to promote platform adoption and operational readiness.
• Automation & Orchestration Utilize modern development tools and Git Ops practices to automate deployment, configuration, and lifecycle management of security platforms.
• Standards & Documentation Establish architectural patterns, define operational standards, and maintain comprehensive documentation using Confluence and draw.io to ensure transparency and repeatability.