Principal Network Security Engineer

Role: Principal Network Security Engineer

Location: Chicago, IL OR Tempe, AZ

Duration: 6 Months with possibility for extension

The Principal Network Security Engineer plays a pivotal role in safeguarding the organization’s infrastructure by architecting, deploying, and managing advanced network security platforms. This is a high-impact position within a newly formed team dedicated to mission‑critical initiatives, where reliability, resilience, and exceeding expectations are standard. We’re seeking a strategic thought leader and self‑driven engineer with a deep security‑first mindset and a strong sense of product ownership—someone who can lead the transformation and continuous evolution of our network security ecosystem in alignment with our business and cybersecurity objectives.

Experience Level: 3 – Senior

• Expert‑level in NAC platform administration and configuration (Forescout preferred)
• Strong understanding of network security principles. CISSP certification is desired but not required
• Working experience deploying and operating Identity platforms (Cisco ISE preferred)
• Exposure to Microsoft Active Directory, Microsoft Entra , and LDAP
• Knowledge of network fundamentals (TCP/IP, VLANs, VRFs, VPN, Dynamic Routing). CCNP certification preferred
• Strong understanding of how Network and Security infrastructure operate at Layer 2, Layer 3 & Layer 4‑7
• Knowledge of network authentication protocols including EAP/802.1x, TACACS, RADIUS, OAuth
• Experience working with Public Key Infrastructure and tools (Venafi)
• Expert‑level experience working with Linux, Windows, and MacOS operating systems
• Experience with scripting languages (Bash, Python, Perl, Powershell) and IaC tools like Ansible or Terraform
• Proficient with packet data tools like Wireshark to perform deep‑level forensic analysis
• Ability to perform security analysis using SIEM and Analytics tools (Azure Sentinel, Log Analytics)
• Expert‑level writing skills to create playbooks and standard operating procedures
• Experience with web APIs and data serialization languages (JSON, YAML)
• Excellent problem‑solving and troubleshooting abilities with an emphasis on security
• Strong communication skills to collaborate with technical and non‑technical stakeholders
• Exposure to cloud service providers such as Azure or AWS
• Working experience with Next Generation Firewalls (Checkpoint, Palo Alto) or host‑based firewalls (Illumio)
• Good understanding of DNS, DHCP, and IPAM systems
• Previous experience at a financial organization is a plus

• FSCA - Forescout Certified Administrator
• FSAA - Forescout Advanced Administrator
• FSCE - Forescout Certified Engineer

As the product owner for Network Access Control (NAC) and Identity Services platforms, the Principal Network Security Engineer will lead the strategic direction, architecture, and operational excellence of these technologies. This role demands a proactive security mindset and a deep sense of ownership to ensure the platforms are resilient, scalable, and aligned with enterprise security goals.

• Solution Architecture & Design – Partner with cross‑functional stakeholders to architect and deliver secure, scalable solutions tailored to evolving business and security requirements.
• Deployment & Configuration – Lead global deployment and configuration of NAC appliances and Identity Services platforms across data centers, ensuring consistency, reliability, and compliance.
• Device Discovery & Profiling – Implement advanced profiling techniques to identify and classify all network‑connected devices, enforcing access only for authorized and trusted endpoints.
• Policy Creation & Enforcement – Define and enforce granular access control policies based on device posture, driving network segmentation and strengthening the organization’s security posture.
• Threat Detection & Response – Monitor for anomalous device behavior and orchestrate automated responses to mitigate potential threats in real time.
• Compliance Management – Leverage platform capabilities to ensure continuous compliance with internal standards and external regulatory requirements through robust reporting and audit trails.
• Security Ecosystem Integration – Seamlessly integrate NAC and Identity platforms with next‑gen firewalls, SIEMs, endpoint protection, and other security tools to create a unified defense strategy.
• Customer Support & Enablement – Provide expert‑level support to internal teams, manage escalations, and deliver training to promote platform adoption and operational readiness.
• Automation & Orchestration – Utilize modern development tools and Git Ops practices to automate deployment, configuration, and lifecycle management of security platforms.
• Standards & Documentation – Establish architectural patterns, define operational standards, and maintain comprehensive documentation using Confluence and draw.io to ensure transparency and repeatability.