Network Security Lead

Network Security Lead DEPARTMENT: Information Technology / Enterprise Technology Services (ETS) REPORTS TO: CISO / Director, Infrastructure C Security LOCATION: Hybrid (U.S.) TYPE: Full-time, Exempt Length: 12 months, possible direct hire for the right candidate GENERAL SUMMARY The Network Security Lead is responsible for designing, implementing, and governing Client's global network security architecture across data centers, labs, offices, and cloud environments. This role combines deep engineering expertise with strategic leadership, driving architecture, automation, and operational excellence across Client's hybrid infrastructure. The Network Security Lead will own the architecture and evolution of all network security domains - including core and lab networks, firewalls, on-premise proxies, and cloud connectivity - while leading and managing the Managed Service Provider (MSP) responsible for daily engineering, administration, and network analysis. This role emphasizes AI-driven automation, leveraging machine learning and analytics to reduce manual effort and accelerate detection, response, and configuration management across the enterprise. ESSENTIAL DUTIES s RESPONSIBILITIES Architectural Leadership Design and maintain Client's global network security architecture, spanning: Core corporate and data center networks Lab network segmentation and lab firewalls On-premise proxies and remote access gateways Cloud security architecture (Azure, AWS, GCP) including hub-spoke and zero-trust models Define the long-term network security roadmap, balancing resilience, performance, and scalability. Develop secure reference architectures for Prisma Access SD-WAN, NGFW, Infoblox DNS/DHCP, and VPN platforms. Partner with Infrastructure, Network, Cloud, and InfoSec teams to ensure consistent policy enforcement and visibility across all network zones. O perational Oversight and Vendor Management Lead and manage the Managed Service Provider (MSP) responsible for L2/L3 network security engineering, administration, and monitoring. Define performance metrics, escalation procedures, and automation goals for MSP- delivered services. Ensure adherence to SLAs and architectural standards through regular audits and technical reviews. Oversee incident response coordination for network-related security events and P1/P2 outages. Ensure direct or delegated completion of network security operational procedures including firewall object management, certificate/license updates, session table maintenance, and troubleshooting incident error messages. Oversee execution of SOP-defined network security tasks (e.g., AV updates, DR activities, firewall deployments, and privileged access workflows), ensuring completeness and compliance through delegated MSP and internal resources. Lead and optimize privileged access provisioning, external user onboarding, browser extension deployment, and OTP verification processes, ensuring alignment with documented SOPs and policy standards. Regularly review, update, and contribute to network security SOP documentation to ensure operational processes remain tightly integrated with evolving enterprise requirements and new technologies. utomation and AI Integration Implement AI and machine learning technologies to automate network telemetry analysis, anomaly detection, and response workflows. Reduce manual troubleshooting and analysis by integrating AIOps, predictive analytics, and autonomous configuration management. Drive adoption of automated rule verification, configuration compliance, and zero- touch provisioning across the network security ecosystem. Engineering and Governance Provide expert guidance on routing, switching, segmentation, encryption, and authentication frameworks. Develop and enforce network security policies and standards, integrating with enterprise GRC systems. Review and approve changes to firewall rules, access control lists, and proxy configurations. Conduct security architecture reviews for new projects and cloud integrations. Participate in quarterly business reviews (QBRs) and executive governance meetings to report on security posture, incidents, and improvement initiatives. Mentorship and Collaboration Serve as a technical mentor to engineers across the Infrastructure and InfoSec teams. Collaborate with the CISO, Cloud Security, and SOC leaders to align network and cyber defense strategy. Coordinate with compliance and audit functions to ensure evidence of network security control effectiveness. Compliance and Audit Coordination: Coordinate with audit/compliance teams to supply detailed technical evidence, collect logs/reports, and document SOP compliance for both internal and external audit requirements. Facilitate audit comment tracking and support periodic access verification activities as per SOP guidance. Platform s Product Expertise: Maintain expertise in Client-specific network security platforms (e.g., Panorama, NP Extranet, aiSSD), browser integrations, and licensing schemes, supporting operational SOPs and driving troubleshooting and integration improvements." Incident Response s Troubleshooting: Own and participate in root cause analysis, session table clearances, and non- functional error remediation, demonstrating thorough knowledge of day-to-day troubleshooting SOPs. REQUIRED QUALIFICATIONS Knowledge, Skills s Abilities Expertise in network and security architecture design, including: NGFWs, VPNs, SD-WAN (Prisma Access), segmentation, proxies, and hybrid connectivity Network automation frameworks (Ansible, Terraform, Python) Routing and switching protocols: BGP, OSPF, EIGRP, VXLAN, MPLS DNS/DHCP/IPAM (Infoblox), SSL/TLS, PKI, SSO/SAML/OAuth Cloud networking (Azure, AWS, GCP) - transit gateways, VPC/VNet security groups, private endpoints Deep understanding of Zero Trust Network Architecture (ZTNA) and Secure Access Service Edge (SASE) models. Strong vendor management and contract governance experience with Managed Service Providers. Experience applying AI and automation in operational network management, security analytics, and policy optimization. Excellent communication and leadership skills to translate technical strategy into business impact. Education and Certifications Bachelor's or Master's degree in Computer Science, Computer Engineering, or related technical discipline. 8+ years of experience in network security, infrastructure engineering, or equivalent field. 3+ years of experience in architecture-level leadership or MSP oversight. Preferred certifications: Cisco CCNP/CCIE Security Palo Alto PCNSE WS Certified Advanced Networking or Azure Network Engineer Associate CISSP or equivalent cybersecurity certification SUCCESS METRICS Delivery of an integrated global network security architecture supporting both corporate and lab environments. Reduction in mean time to detect/respond (MTTD/MTTR) through AI-enabled automation. Demonstrated SLA compliance and operational maturity of MSP-delivered services. Consistent alignment with Client's enterprise risk and governance frameworks.