Summary: The Network Security Engineer / Security Architecture & Operations Specialist - Level 3 is responsible for designing, deploying, and operating enterprise security architectures across various environments, focusing on Security Service Edge (SSE), Zero Trust architecture, SIEM engineering, and vulnerability management. The role requires a blend of engineering expertise and operational experience to support strategic deployments and daily security operations. The ideal candidate will ensure scalable and resilient security operations capabilities. This position is remote and emphasizes hands-on operational support and consulting.
Key Responsibilities:
- Design and implement SSE and Zero Trust Network Access (ZTNA) solutions
- Configure and manage Secure Web Gateways (SWG), VPN (IPSEC/SSL) architectures, and endpoint agent policies
- Lead user migration to cloud-native security platforms such as Prisma Access, Netskope, or Zscaler
- Optimize access policies aligned to Zero Trust principles
- Architect, deploy, and optimize SIEM platforms
- Perform log/data onboarding and normalization
- Integrate SIEM with ticketing/workflow systems and threat intelligence platforms
- Design and operate enterprise vulnerability management programs
- Configure and optimize scanning tools for asset discovery and classification
- Design and configure multi-vendor firewall architectures
- Implement secure connectivity and support identity integration
- Provide hands-on operational support and consulting
- Support security operations teams with incident triage enhancements
Key Skills:
- Hands-on experience with SSE / Zero Trust platforms
- Experience in SIEM engineering and security analytics
- Strong networking and security knowledge, including VPNs and firewalls
- Experience with vulnerability management tools
- Knowledge of multi-vendor firewall configurations
- Experience integrating SIEM with external platforms
- Exposure to scripting/automation for security operations workflows
- Certifications such as CISSP, CompTIA Security+, and relevant cloud/security certifications
- Strong engineering mindset with troubleshooting capability
- Effective collaboration and documentation skills
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
Job Title: Network Security Engineer / Security Architecture & Operations Specialist - Level 3
Role Overview
Seeking a skilled Network Security Engineer to design, deploy, and operate enterprise security architectures across network, cloud, and security operations environments.
This role focuses on Security Service Edge (SSE), Zero Trust architecture, SIEM engineering, and vulnerability management, ensuring scalable, resilient, and well-integrated security operations capabilities.
The ideal candidate will combine engineering expertise with operational experience, supporting both strategic deployments and day-to-day security operations.
Key Responsibilities 1. Security Service Edge (SSE) & Zero Trust Implementation
- Design and implement SSE and Zero Trust Network Access (ZTNA) solutions
- Configure and manage:
- Secure Web Gateways (SWG)
- VPN (IPSEC/SSL) architectures
- Endpoint agent policies and controls
- Lead user migration to cloud-native security platforms such as Prisma Access, Netskope, or Zscaler
- Optimize access policies aligned to Zero Trust principles (least privilege, segmentation, identity-based access)
2. SIEM Engineering & Security Analytics
- Architect, deploy, and optimize Security Information and Event Management (SIEM) platforms (e.g., Splunk)
- Perform:
- Log/data onboarding and normalization (Common Information Model)
- Development of correlation rules and detection use cases
- Integrate SIEM with:
- Ticketing/workflow systems
- Threat intelligence platforms
- Enhance detection coverage and reduce false positives through tuning and analytics optimization
3. Vulnerability Management Engineering
- Design and operate enterprise vulnerability management programs
- Configure and optimize scanning tools (e.g., Qualys, Tenable):
- Asset discovery and classification
- Scan policy automation
- Deliver:
- Vulnerability remediation insights
- As-built documentation and operational playbooks
4. Network Security & Infrastructure Engineering
- Design and configure multi-vendor firewall architectures, including:
- Palo Alto Networks NGFW
- Zscaler SASE
- Check Point
- Cisco NGFW / Firepower
- Fortinet and Juniper platforms
- Implement secure connectivity:
- IPSEC tunnels, SSL VPN
- Routing, filtering, and segmentation policies
- Support:
- Identity integration (Active Directory, SAML)
- Secure application access controls
5. Security Operations & Staff Augmentation Support
- Provide hands-on operational support and consulting, including:
- SAML-based authentication integrations
- Proxy Auto-Configuration (PAC) file development
- Application segmentation and policy tuning
- Support security operations teams with:
- Incident triage enhancements
- Platform troubleshooting and performance tuning
Required Skills & Experience Core Technical Skills
- Hands-on experience in:
- SSE / Zero Trust platforms (Prisma Access, Netskope, Zscaler)
- SIEM engineering and security analytics (Splunk preferred)
- Strong networking and security knowledge:
- VPNs (IPSEC & SSL)
- Firewalls and network segmentation
- Identity and access integration (AD, SAML)
Tools & Platforms
- SIEM: Splunk Enterprise Security (or equivalent)
- Vulnerability tools:
- Qualys VM
- Tenable.sc
- Network security:
- Multi-vendor firewall configurations
- Monitoring and analysis tools
Automation & Integration (Preferred)
- Experience integrating:
- SIEM with external platforms (ticketing, threat intel)
- Exposure to scripting/automation for:
- Security operations workflows
- Configuration optimization
Certifications (Preferred)
- CISSP (ISC )
- CompTIA Security+
- Palo Alto PCNSE
- Fortinet NSE 4
- Relevant cloud/security certifications
Soft Skills & Attributes
- Strong engineering mindset with hands-on troubleshooting capability
- Ability to bridge architecture and operations (build vs run)
- Strong documentation skills (design docs, runbooks, as-built artifacts)
- Effective collaboration with SOC, network, and cloud teams
- High attention to detail and problem-solving approach