We are seeking a Senior Network Security Engineer to lead end-to-end Guardicore microsegmentation implementations and SASE deployments for enterprise clients. In this role, you will serve as a trusted technical advisor, owning the full delivery lifecycle from scoping and architecture through the Reveal, Monitor, and Enforce progression to production cutover. You will design segmentation strategies across hybrid data centers, multi-cloud environments, and Kubernetes clusters, while also delivering Zero Trust network access and secure edge solutions. This is a client-facing consulting role that demands both deep technical expertise and the ability to drive project workstreams, manage stakeholder expectations, and deliver polished design documentation.
Key Responsibilities – Guardicore (Akamai Centra)
Design and implement microsegmentation strategies using Akamai Guardicore Centra, including label taxonomy design (Environment, Application, Role, Location) aligned to the client's asset inventory and business context
Lead the phased deployment methodology -- Reveal (traffic visibility and application dependency mapping), Monitor (policy simulation with alerting), and Enforce (active blocking) -- per asset group and environment
Deploy and manage Guardicore platform components including Management Servers, Aggregators, and Collectors, sizing distributed clusters for enterprise-scale environments
Build application ring-fencing policies using Akamai's Essential Policy templates for ransomware mitigation, quarantine, and endpoint isolation, as well as custom segmentation rules
Configure cloud-native enforcement by orchestrating AWS Security Groups, Azure NSGs, and GCP firewall rules alongside agent-based policies for unified hybrid coverage
Deploy Guardicore agents in Kubernetes environments via Helm charts and DaemonSets, configuring CNI-level enforcement with Calico, Cilium, Azure CNI, or OpenShift OVN
Implement agentless segmentation for IoT, OT, and unmanaged devices through network integration points such as orchestrated switch ACLs and firewall rules
Deploy and tune the Deception module -- configure honeypots, traffic redirection rules, attack session recording, credential lure capture, and IoC extraction for threat intelligence feeds
Configure the Threat Intelligence Firewall and DNS Firewall to block known-malicious destinations and enforce DNS-layer security policies
Automate asset labeling, policy deployment, and incident response workflows via the Guardicore REST API, integrating with CI/CD pipelines and infrastructure-as-code tooling
Integrate Guardicore with SIEM platforms (Splunk, Microsoft Sentinel, syslog), SOAR tools, IAM providers, and ITSM platforms (ServiceNow CMDB) for unified security operations
Provide operational support including policy tuning, reveal map analysis, agent health monitoring, and troubleshooting connectivity issues across segmented environments
Key Responsibilities – SASE / Zero Trust
Design and implement SASE and Zero Trust architectures covering remote user, branch office, cloud workload, and IoT/OT use cases
Configure and deploy Zscaler ZIA/ZPA, Palo Alto Prisma Access, or equivalent platforms including traffic forwarding methods (GRE tunnels, IPsec, PAC files, client connectors)
Implement Akamai Enterprise Application Access (EAA) and Guardicore Access for unified ZTNA and microsegmentation integration
Deploy and tune Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP) policies to protect data in motion and at rest
Configure identity-based access controls integrating with Okta, Azure AD / Entra ID, SAML 2.0, SCIM provisioning, and multi-factor authentication providers
Design SD-WAN overlay and underlay integration strategies for branch connectivity, ensuring policy consistency across direct internet access and backhauled traffic paths
Deploy ZTNA connectors, application segments, and service connections with least-privilege access policies and continuous posture assessment
Develop and maintain Zero Trust maturity roadmaps for clients, mapping current-state gaps to phased implementation milestones
Architecture, Delivery, and Documentation
Lead client-facing discovery sessions, design workshops, and architecture reviews to define segmentation scope, success criteria, and deployment phasing
Own the creation of High-Level Design (HLD) and Low-Level Design (LLD) documents, network diagrams, policy matrices, and as-built documentation
Develop migration and cutover plans with rollback procedures, change management workflows, and CAB review packages
Conduct knowledge transfer sessions and train client operations teams on day-2 policy management, Reveal map interpretation, and incident response procedures
Manage project workstreams, track milestones and deliverables, and escalate risks proactively to project and account leadership
Serve as the technical escalation point for junior engineers during engagements, conducting reviews of policy configurations and providing mentorship
Contribute to internal practice development including reusable templates, deployment runbooks, and lessons-learned documentation
Required Qualifications
7+ years of network security, infrastructure security, or security engineering experience, with at least 2 years in a consulting or professional services delivery role
Demonstrated hands-on experience deploying Akamai Guardicore Centra, including label taxonomy design, policy lifecycle management, Reveal map analysis, and enforcement cutover
Production experience with at least one SASE platform (Zscaler ZIA/ZPA, Palo Alto Prisma Access, Netskope, or Cisco Secure Access) including policy configuration and connector deployment
Strong understanding of Zero Trust principles, microsegmentation architectures, east-west traffic analysis, and least-privilege network design
Hands-on experience with cloud platforms (AWS VPC, Azure VNet, GCP VPC) including security groups, NSGs, firewall rules, and cloud-native networking constructs
Experience with identity and access management platforms (Okta, Azure AD / Entra ID, SAML 2.0, SCIM) and their integration into network access policies
Working knowledge of Kubernetes and container orchestration, including pod networking, service mesh concepts, and CNI plugins (Calico, Cilium)
Experience integrating security platforms with SIEM (Splunk, Microsoft Sentinel), syslog infrastructure, and ITSM tools (ServiceNow)
Preferred Qualifications
Akamai Guardicore Certified Professional or equivalent vendor training
Industry certifications: CISSP, CCNP Security, Zscaler ZCCA/ZCCP, Palo Alto PCNSE, or CompTIA Security+
Experience with enterprise or regulated environments (healthcare, finance, government) including compliance frameworks such as PCI-DSS, HIPAA, or NIST 800-207
Multi-cloud and hybrid architecture experience spanning AWS, Azure, and GCP with infrastructure-as-code tooling (Terraform, Ansible)
Experience segmenting legacy operating systems (Solaris, AIX, Windows Server 2008/2012) and mainframe environments in large enterprise settings
Familiarity with ServiceNow CMDB integration for automated asset inventory and label synchronization
Prior consulting, professional services, or managed services background with experience scoping engagements and delivering against SOW milestones
Soft Skills
Executive-level communication skills with the ability to present technical strategies and risk assessments to C-level stakeholders and security leadership
Ability to scope engagements, set client expectations, and manage delivery timelines in a consulting environment
Self-directed, detail-oriented, and comfortable operating independently on-site at client facilities or leading remote delivery engagements
Collaborative approach to cross-functional work with networking, identity, cloud infrastructure, compliance, and application development teams
Skilled at translating complex technical concepts into business outcomes and actionable recommendations for non-technical audiences
