Senior Network Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• The Senior Network Security Engineer is a proactive technical security leader tasked with ensuring that PPL's network environment is designed, configured, and maintained in accordance with PPL's security requirements, standards, and regulatory responsibilities.

• Reporting to the Director of Cybersecurity Operations, this position establishes network security requirements, evaluates and verifies network architecture and controls, conducts security assessments and audits, and collaborates closely with the Infrastructure team's Senior Network Engineer.

• Lead the implementation of PPL's zero-trust networking strategy across cloud, physical, and remote work environments.

• Perform security evaluations and assessments of PPL's network environment.

• Act as the senior escalation point for network-related security incidents within the Information Security team.

⛳️ Requirements

• A Bachelor’s degree in computer science, Information Systems, Network Engineering, Cybersecurity, or a related discipline. Equivalent professional experience may be accepted in place of a degree.

• A minimum of 6–8 years of progressive experience in network engineering and/or network security, including at least 3 years in a dedicated network security role with proven experience in cloud network security.

• Comprehensive knowledge of information security and network security principles, controls, and best practices applicable to cloud, on-premises, and remote work environments.

• Practical experience in assessing, configuring, or managing Fortinet firewall environments (FortiGate, FortiAnalyzer, FortiManager) at scale; ability to review configurations, rules, and policies for security compliance.

• Demonstrated expertise in cloud network security within Microsoft Azure (NSGs, Azure Firewall, Application Gateway/WAF, private endpoints, hub-and-spoke design, ExpressRoute/VPN gateways) and AWS (security groups, NACLs, AWS Network Firewall, WAF, Transit Gateway, PrivateLink).

• Experience in defining security requirements and evaluating architectures for ZTNA and secure remote access for distributed and remote-first workforces, including conditional access, identity-aware proxies, and integration with modern identity platforms.

• Proven experience with network segmentation, micro-segmentation, and principles of zero-trust networking.

• Proficiency in network protocols, routing, switching, TLS inspection, and packet/flow analysis sufficient for supporting detection engineering and incident response across cloud and on-premises environments.

• Established ability to investigate, analyze, and respond to network-based security incidents, including log analysis, alert triage, and forensic review.

• Familiarity with artificial intelligence platforms and the unique network security considerations they present — including data egress controls, secure access to AI services, and monitoring of AI-related network traffic.

• Strong understanding of healthcare-specific regulatory and framework requirements (HIPAA, NIST 800-53, SOC 2, CMS) as they relate to network security controls.

• Capability to effectively communicate network security findings, risks, and recommendations to both technical and non-technical stakeholders.

• Strong organizational skills with the ability to manage multiple workstreams concurrently.

🏝️ Benefits

• Up to 10% travel expected.