Senior Network Security Engineer

Job Title: Senior Network Security Engineer
Location: Orange, CT – Onsite, 5 days a week
Duration: 1 Year Minimum with likelihood of extension

Rate: HOURLY

About the Role:
Our client is seeking a highly skilled Senior Network Security Engineer to join their team and play a key role in securing, optimizing, and transforming their enterprise network infrastructure. This position involves leading critical initiatives, including the migration from Checkpoint to Fortinet firewalls, enhancing SD-WAN deployment for optimized global connectivity, and managing various security and network solutions.
This position focuses on securing and enhancing key infrastructure components, including firewalls (Cisco ASA, Checkpoint, Fortinet, Palo Alto), SD-WAN deployments, NAT policies, routing protocols, and cloud security solutions (Zscaler ZIA/ZPA). The role also requires collaboration with vendors and internal teams to address technical challenges, optimize policies, and ensure secure and efficient network operations.

Key Responsibilities:

1. Lead the migration from Checkpoint to Fortinet, including policy conversion, rule optimization, and traffic validation.
2. Manage and maintain Cisco ASA, Palo Alto, Fortinet, and Checkpoint firewalls across corporate, cloud, and remote sites.
3. Design and optimize firewall rule sets for improved security, performance, and compliance.
4. Perform risk assessments and firewall audits to ensure adherence to network security best practices.
5. Manage and optimize SD-WAN architecture to enhance application performance and reduce latency.
6. Implement traffic steering, failover mechanisms, and WAN optimization policies.
7. Ensure seamless integration across SD-WAN, firewalls, cloud security solutions, and on-premises networks.
8. Troubleshoot SD-WAN performance issues, routing conflicts, and connectivity challenges.
9. Collaborate with network and security engineers to secure connectivity between on-premises, branch locations, and cloud.
10. Design and implement NAT policies, including static NAT, dynamic NAT, and PAT.
11. Configure and troubleshoot routing protocols such as EIGRP, BGP, and OSPF for enterprise and cloud environments.
12. Optimize routing policies for high availability, redundancy, and performance.
13. Administer and optimize Zscaler ZIA/ZPA solutions for secure cloud access and web filtering.
14. Implement zero-trust security policies for cloud applications and remote users.
15. Utilize Radware DDoS protection to safeguard infrastructure from attacks.
16. Configure IPS/IDS solutions to detect and mitigate security threats.
17. Work closely with SOC teams to analyze and respond to security incidents.
18. Develop scripts (Python, Bash, PowerShell) to automate firewall audits and SD-WAN policy updates.
19. Implement network automation frameworks to streamline security operations.
20. Maintain comprehensive documentation of firewall rules, SD-WAN policies, and security configurations.

Qualifications:

• 5-8 years of experience in network security engineering.
• Expertise in Fortinet FortiGate, Checkpoint, Palo Alto, and Cisco ASA firewalls.
• Proficiency in SD-WAN solutions (Fortinet SD-WAN, Cisco SD-WAN, Prisma Access).
• Strong knowledge of routing protocols (EIGRP, BGP, OSPF).
• Experience managing Zscaler ZIA/ZPA for cloud security.
• Hands-on expertise in VPN technologies (IPSec, SSL, GRE, DMVPN, L2TP).
• Familiarity with Radware DDoS protection and zero-trust security architectures.
• Excellent analytical skills for troubleshooting network security issues.
• Effective communication and interpersonal skills.
• Familiarity with ticketing tools.

Certifications preferred:

• Fortinet NSE 4/7
• Checkpoint CCSA/CCSE
• Palo Alto PCNSA/PCNSE
• Cisco CCNP Security
• Zscaler ZCCP
• SD-WAN certifications.