
Senior Network Engineer
Posted 21 hours ago

Posted 21 hours ago
This is a fully remote position, open to applicants in United States.
• Create and implement secure network frameworks that uphold identity verification, device posture, segmentation, logging, and policy-driven access across users, locations, workloads, and administrative pathways.
• Deploy and maintain SASE/ZTNA functionalities, including Cloudflare Government or similar platforms, WARP/client access, private application access, gateway policies, DNS controls, and secure administrative access routes.
• Assist in removing direct public administrative access to workloads by directing privileged access through approved identity-aware and policy-enforced access layers.
• Formulate network designs that adhere to the principle that no workload, management interface, or privileged access route circumvents identity, policy, segmentation, and telemetry controls.
• Spearhead the design and implementation of Network Access Control for office, edge, and remote site environments.
• Implement or assist with 802.1X, RADIUS policy, device certificates, VLAN segmentation, and port-level admission control.
• Divide remote site networks into suitable zones, including telemetry, management, vendor/service, and out-of-band management networks.
• Evaluate switch, firewall, router, and edge-device readiness for NAC, IPSec, logging, and configuration baseline enforcement.
• Design secure remote site connectivity utilizing IPSec/private tunnels, certificate-based authentication, route controls, firewall policies, and deterministic telemetry paths.
• Ensure edge and radar-site environments lack unnecessary public management exposure.
• Implement firewall forwarding, tunnel telemetry, configuration backup, drift detection, and site-level logging into centralized monitoring and SIEM systems.
• Collaborate with Security, Cloud Engineering, SRE, and other Engineering teams to develop detection and response use cases for tunnel anomalies, exposed management paths, unexpected peers, route alterations, failed rekeys, and suspicious traffic patterns.
• Design and facilitate cloud network connectivity patterns across various cloud hosts and restricted workload zones.
• Implement or support hub-and-spoke architectures, transit gateways, vWAN, private endpoints, DNS resolver patterns, egress inspection, firewall policies, and workload security-group guardrails.
• Collaborate with Cloud Engineering to establish baseline network guardrails for landing zones, encompassing deny-public-admin policies, centralized egress, private admin routes, flow logging, routing standards, and tagging requirements.
• Assist in cloud network segmentation for Corporate IT, restricted workloads, and other applications.
• Ensure network logs are consistently directed into centralized telemetry and SOC platforms.
• Support data-source integration for firewall logs, VPN/IPSec logs, SASE logs, NAC events, DNS logs, VPC/NSG flow logs, and remote site device logs.
• Work with the Head of IT and Security team to develop network-focused detection content, response workflows, evidence artifacts, and runbooks.
• Aid in validating detection coverage through test events, tabletop exercises, port scans, tunnel checks, and configuration drift assessments.
• Generate and maintain network diagrams, firewall rule documentation, routing designs, NAC policies, tunnel inventories, access routes, and operational runbooks.
• Support compliance evidence generation for government compliance, control areas related to access control, audit logging, communications protection, configuration management, and incident response.
• Engage in change control, architecture decision records, incident response, and post-implementation reviews.
• Collaborate closely with Security, Cloud Engineering, SRE, IT Support, and other Engineering teams to ensure smooth operational handoff.
• Must be eligible to obtain and maintain a U.S. personnel security clearance.
• 5+ years of practical network engineering experience in enterprise, hybrid cloud, regulated, or security-oriented environments.
• Strong proficiency in routing, switching, firewalling, VPNs, segmentation, DNS, NAT, TLS, certificates, and secure network design.
• Hands-on experience with firewall policy management, IPSec tunnels, site-to-site VPNs, route control, and secure edge connectivity.
• Experience with implementing or operating NAC technologies, including 802.1X, RADIUS, VLAN assignment, device profiling, or certificate-based access.
• Experience supporting remote-access or Zero Trust access platforms such as Cloudflare, Zscaler, Palo Alto Prisma Access, Cisco Secure Access, or similar.
• Experience integrating network logs into SIEM or monitoring platforms.
• Working knowledge of cloud networking concepts in AWS and/or Azure, including VPCs/VNets, routing, security groups, NACLs, private endpoints, flow logs, transit gateways, vWAN, or cloud firewalls.
• Ability to produce clear technical documentation, diagrams, implementation plans, runbooks, and operational procedures.
• Strong troubleshooting capabilities across network, identity, endpoint, cloud, and application access layers.
• Global workforce: flexible remote/hybrid opportunities.
• Engage in complex, meaningful missions with real-world impact.
• Unlimited paid time off for most roles.
• Competitive salary and equity packages.
• Comprehensive health, dental, and vision coverage.
• Access to the forefront of commercial space operations and defense innovation.
WVU Online
Mirantis
Lithia
AireSpring
Get handpicked remote jobs straight to your inbox weekly.