Wintrust provides community and commercial banking, specialty finance and wealth management services through its 16 bank charters and nine non-bank businesses. Wintrust delivers the sophisticated solutions of a large bank while staying true to the relationship-focused, personalized service of our community banking roots. We serve clients in all 50 states with more than 200 branch banking locations in Illinois, southwestern Florida, northwestern Indiana, west Michigan and southern Wisconsin and commercial banking offices in Chicago, Denver, Milwaukee, Grand Rapids, Mich., and in key branch banking locations throughout Illinois. Our people are the heart of our business and we are proud to rank consistently as a top place to work. Wintrust is a $66 billion financial institution based in Rosemont, Illinois, and listed on the NASDAQ Global Select Market under the symbol “WTFC.”
Why join us?
An award-winning culture! We are rated a Top Workplace by the Chicago Tribune (past 12 years) and Employee Recommended award by the Globe & Mail (past 6 years)
Competitive pay and discretionary or incentive bonus eligible
Comprehensive benefit package including medical, dental, vision, life, a 401k plan with a generous company match and tuition reimbursement to name a few
Promote from within culture
Why join this team?
This position has the opportunity to interface with and have a positive impact on multiple areas of Wintrust's business
We hold ourselves accountable to high standards, share wins, operate ethically, and have fun
Position Overview
The Senior Network Security Engineer is responsible for oversight and governance input on design, implementation, and continuous improvement of Wintrust’s enterprise network security program. In this role, you will function as a senior technical authority in designing and maintaining robust security architectures and working with information technology partners to help safeguard enterprise infrastructure. Your role centers on a deep command of network protocols (TCP/IP, BGP, OSPF), next-generation firewall management, and SD-WAN optimization to ensure resilient data flow and threat mitigation. Enhanced knowledge of VPNs, IDS/IPS, DNS, IPAM, enterprise proxy and Zero Trust principles are core for helping promote growth and maturity of the network security program.
What You’ll Do
Firewall Rule & Policy Optimization: Lead the continuous cleanup and optimization of firewall rules and NGFW policies to eliminate redundancy, reduce latency, and enforce necessary access control. Preferred experience navigating and using Algosec as the tool conducting the analysis.
Proxy and DNS Security - Provide expertise in managing enterprise DNS infrastructures (e.g., Infoblox, BlueCat, or Windows DNS) and managing enterprise proxy solution (BlueCoat, Zscaler etc.). Experience must include implementing DNSSEC, configuring redundant DNS architectures, and utilizing DNS Filtering (Cisco Umbrella) and ability to evaluate proxy architecture and categorical blocking.
DDI & IP Address Management (IPAM): Strong command of DDI (DNS, DHCP, and IPAM) to maintain a sole source of truth for the corporate IP space.
Senior to expert-level experience with core networking and routing protocols, including TCP/IP (Layers 1-7), BGP, OSPF, and EIGRP.
Experience securing hybrid-cloud environments (AWS, Azure, GCP) using cloud-native networking like VPCs, Security Groups, and Cloud Next-Gen Firewalls is a plus
Toolchain Lifecycle Leadership: Direct the evaluation, selection, and deployment of enterprise-grade security tools, ensuring they resolve specific technology gaps and align with carrier-grade security standards.
Domain Leadership – Provide input on programmatic and technical deficiencies to secure and optimize Wintrust’s network security posture.
Qualifications
Bachelor’s degree or equivalent experience
5-7 years of related hands-on experience
Networking: strong command of TCP/IP, BGP, OSPF, MPLS, and SD-WAN optimization; Proficiency in both on-premises and cloud network design
Security: Expertise in Next-Generation Firewalls (NGFW), Virtual Private Networks (VPN), Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS), Domain Name Systems (DNS), IP Address Management (IPAM), Web Application Firewalls (WAF), Network Access Control (NAC), Network Detection & Response (NDR), and enterprise proxies such as BlueCoat, Netskope or comparable technology.
Preferred tooling: AlgoSec, Cisco Firepower (FMC/SMA), Cisco IPS/IDS, Infoblox, Cloudflare WAAF, and Cisco Secure Web Appliance, Azure Networks (VNet, peering, Network Security Groups, UDR)
Benefits
Medical Insurance • Dental • Vision • Life insurance • Accidental death and dismemberment • Short-term and long-term Disability Insurance • Parental Leave • Employee Assistance Program (EAP) • Traditional and Roth 401(k) with company match • Flexible Spending Account (FSA) • Employee Stock Purchase Plan at 5% discount • Critical Illness Insurance • Accident Insurance • Transportation and Commuting Benefits • Banking Benefits • Pet Insurance
Compensation
The estimated salary range for this role is $117,000.00 - $158,000.00, along with eligibility to earn an annual bonus. Actual salaries may vary based on several factors, such as a candidate’s qualifications, skills and experience.
#LI-Hybrid
#LI-JB1
From our first day in business, Wintrust has been proud to serve a variety of unique communities and people from all walks of life. To build a company that reflects the communities we serve, we believe that fostering a unique and inclusive workplace where everyone feels valued and empowered to succeed will support our ongoing success. Wintrust Financial Corporation, including community banking and financial services subsidiaries, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information, and other legally protected categories.