Distinguished Cybersecurity Engineer

Scope of the Role:  

• Direct Reports: This is an individual contributor role with no direct reports 

We are looking for a Distinguished Cybersecurity Engineer to serve as the foremost technical authority on network security across our enterprise This is a deeply hands-on senior individual contributor role for someone who thrives at the intersection of architecture, engineering, and operations This role will own the design and enforcement of our network security posture, partner with the SOC during high-impact incidents, and drive multi-quarter strategic initiatives that reduce our attack surface at the network layer.

Key Responsibilities:

1) Network Security Architecture & Strategy

• Architect and own the secure network topology for on-premises, cloud, and hybrid environments, including segmentation strategy, zero trust network access (ZTNA), and DMZ design
• Lead technical design reviews for new infrastructure, ensuring security requirements are embedded at the architecture phase
• Establish standards for secure network design, including ingress/egress controls, DMZ, and micro-segmentation

2) Firewall & Access Governance

• Serve as the final technical reviewer for firewall change requests, evaluating rule logic, business justification, least-privilege compliance, and risk exposure

• Own and drive periodic ACL cleanup campaigns, retiring stale, overly permissive, or redundant rules across the enterprise firewall estate
• Implement governance processes, automation, and periodic recertification of firewall rules

3) Web Application Firewall (WAF) Deployment & Management

• Lead the deployment, tuning, and lifecycle management of WAF solutions across production environments

• Develop and maintain custom rulesets to address emerging threats, business-specific attack patterns, and OWASP Top 10 coverage
• Continuously monitor, analyze, and improve WAF effectiveness with minimal false positives

4) Security Incident Response

• Serve as a senior escalation point for the SOC on network-related security incidents, providing deep packet analysis, traffic forensics, and containment guidance

• Assist in building detection use cases and runbooks for network-layer threats including lateral movement, C2 beaconing, DDoS, and data exfiltration
• Conduct post-incident reviews and translate findings into durable network security improvements

5) Cross-functional Leadership & Mentorship

• Act as a trusted advisor to Security, Cloud, DevOps, and Infrastructure teams

• Produce executive-level risk reporting on network security posture, initiative progress, and findings from assessments to influence stakeholders and drive alignment on security initiatives

Required Qualifications:

• 10-15 years in network engineering or network security, with at least 5 years in a senior/principal/staff security engineering role
• Deep experience designing secure network architectures in large-scale enterprise or cloud-native environments
• Strong fluency in network security concepts: zero trust, micro segmentation, SASE, SD-WAN security, and network access control
• Expert-level knowledge of TCP/IP, BGP, OSPF, DNS, TLS, HTTP/S, and common Layer 4–7 protocols
• Hands-on expertise with enterprise firewalls (Palo Alto, Check Point, or equivalent), WAF platforms, and NDR solutions
• Proven track record leading complex, cross-functional network security programs from inception to completion
• Proven experience handling complex security incidents and threat investigations
• Experience with cloud networking security (AWS VPCs, Azure VNets, GCP, security groups, transit gateways, cloud-native firewalls)

Preferred Qualifications:

• Experience implementing Zero Trust Network Architecture (ZTNA)
• Familiarity with Infrastructure as Code (Terraform, Ansible) and automation
• Familiarity with frameworks such as NIST CSF, CIS Controls, or MITRE ATT&CK for Enterprise (particularly the network-relevant techniques)
• CCIE Security, CCNA, CISSP, GIAC GPEN, or equivalent certifications

Key Competencies:

• Strategic thinking with hands-on technical depth
• Strong problem-solving and analytical skills
• Effective communication with technical and non-technical stakeholders
• Ability to lead large-scale security transformations
• High ownership and accountability