Network Security Engineer

We are seeking an experienced Network Security Engineer with deep technical expertise in identifying, prioritizing, and remediating network vulnerabilities, including zero-day threats, across hybrid environments. The ideal candidate will have a strong security mindset, hands-on experience with vulnerability management tools, and the ability to harden infrastructure using best practices and industry standards.

• Analyze and act upon vulnerability assessments from tools such as Tenable, Qualys, AWS Inspector, etc.

• Remediate common network vulnerabilities including:

  • IP spoofing

  • Use of default credentials

  • Open/unused ports

  • Unencrypted communication protocols (e.g., Telnet, SNMPv1)

  • Missing firmware or OS-level patches

• Enforce secure alternatives like SSH and SNMPv3, and ensure TLS 1.2/1.3 is implemented for encrypted communications.

• Apply hardening techniques across firewalls, routers, and switches based on CIS Benchmarks, NIST standards, and industry best practices.

• Configure and maintain robust network security controls such as:

  • ACLs (Access Control Lists)

  • VLAN segmentation

  • DMZ configurations

  • Micro-segmentation for zero trust environments

• Secure and limit access to network management interfaces by applying least-privilege principles.

• Design and enforce segmentation and egress control within hybrid and cloud environments to mitigate lateral movement risks.

• Maintain security for cloud network architectures, including:

  • AWS VPCs, Security Groups

  • Azure NSGs

  • GCP Firewall Rules

• Support security incident response by investigating and remediating network-level threats and anomalies.

• Collaborate with penetration testing and vulnerability scanning teams to validate vulnerabilities and verify implemented remediations.

• Work with GRC and compliance teams to align network configurations with regulatory frameworks like PCI-DSS, ISO 27001, etc.

• Extensive hands-on experience in securing hybrid infrastructure (on-prem + cloud).

• Strong understanding of network protocols, firewalls, IDS/IPS, and SD-WAN architectures.

• Familiarity with infrastructure-as-code for networking and scripting (Python, Bash, or PowerShell) is a plus.

• Demonstrated ability to balance security requirements with operational usability.

• Strong collaboration and documentation skills.