Cloud Network Security Engineer (Azure)

Network Security Engineer (Azure) - Hybrid in Atlanta, GA (3x per week). Direct-hire/FTEOptomi, in partnership with a leader in the financial and investment sector, is looking to add a Network Security Engineer over cloud to their team! The Cloud Network Security Engineer will have extensive experience working with Azure, Palo Alto, F5 and Meraki to help this company build out playbooks, set up firewall rules, and assist with building out additional aspects of the network after a recent transition into the cloud (they are now 90% azure based). The Network Security Engineer will help transition over to a corporate WAN and assist with various other projects in this space to create a stronger and more robust network.Responsibilities:Design, implement, and maintain advanced security solutions, including firewalls, intrusion detection/prevention systems, VPN gateways, and cloud-native security tools.Develop, maintain, and enforce network security policies, procedures, standards, and guidelines in line with industry best practices and regulatory/compliance frameworks.Collaborate with IT stakeholders and network administrators to ensure secure, scalable, and efficient network designs that align with organizational standards.Develop and maintain automated reporting systems to monitor and present network security metrics and trends to executive management and key stakeholders. Perform regular security audits of network infrastructure to identify vulnerabilities, ensure compliance with security policies, and validate the effectiveness of implemented controls.Lead comprehensive security assessments of new and existing network configurations, including affiliated systems, to identify risks and recommend mitigation strategies.Work closely with cross-functional teams (e.g., Internal Audit, Legal, Compliance, Privacy) to strengthen the organization's network and cybersecurity posture.Create and maintain custom automation scripts using APIs and scripting languages to streamline network management, security monitoring, and threat analysis.Document automation tools and scripts, ensuring clarity, usability, and adherence to internal standards.Monitor and fine-tune network performance, identifying and addressing bottlenecks, latency, and other performance issues.Troubleshoot and resolve complex network and security issues, escalating where necessary, and implementing solutions to prevent recurrence.Manage relationships with network vendors, ensuring service quality and leveraging partnerships to optimize network performance and cost.Ensure robust connectivity across all sites, servers, endpoints, and network devices, incorporating redundancy and failover mechanisms where needed.Validate and optimize reference architectures and recommend enhancements to improve security, reduce risks, and ensure high availability.Lead or participate in incident response efforts related to network and security issues.Required Qualifications:Bachelor's Degree or 5+ years of previous network security experience.Security certifications are a plus. (CISSP, CCIE, PCNSE, CISA, SANS, Security+, etc.)Microsoft AZ-700 certification desired.Network Architecture Experience with software defined networking for cloud native and marketplace tools (Palo Alto preferred).Proficient in networking protocols including TCP/IP, UDP, HTTP/HTTPS, FTP/SFTP, DNS, DHCP, SNMP, SMTP/POP3/IMAP, and LDAP (as well as any vulnerabilities associated with them)F5, Palo Alto, Cisco, Meraki, Azure network services, Front Door, NSGs, Route Tables.Azure Data Lake Storage experience desired.DevOps Hands-on work with GitHub or Azure DevOps and associated CI/CD tooling.Infrastructure as Code Experience utilizing Terraform to automate the deployment of Azure resources; standardization with Infrastructure-as-Code (IaC) implementations.Integrating with on prem Infrastructure Designing, implementing, and managing complex network infrastructures across cloud and on-prem environments.Exceptional verbal and written communication skills, specifically the ability to communicate within the context of the intended audience, whether that be senior executives or highly technical engineering resources.Working knowledge of at least one programming language (Python, Go etc.)Hands on experience securing hybrid and cloud native infrastructure is highly preferredProven hands-on experience hardening network and security appliancesDetailed technical experience supporting and implementing SIEM & logging tools (Splunk, Kibana, etc.) and the ability to extract actionable intelligence from large volume aggregated log storage.Thorough understanding of compliance and regulatory frameworks and how they affect architecture designs and reviews.

Created: 2025-01-24