Key skills
AnsibleAWSAzureCloudCyber SecurityDNSFirewallsGoogle Cloud PlatformPythonTCP/IPTerraformGCPGoogle CloudIAMOAuthSAMLGitOpsCI/CDCommunicationNetwork SecurityCloud SecurityFirewall
About this role
Role Overview
- Design, deploy, and operate network security controls across enterprise, cloud (AWS, Azure, GCP), and retail edge environments
- Implement and maintain zero-trust network access (ZTNA) policies, microsegmentation, and perimeter security using tools like Zscaler, Palo Alto Networks, and cloud-native NGFWs
- Build and maintain automation pipelines for security policy management, firewall rule lifecycle, and compliance validation — treating infrastructure as code
- Collaborate with cloud, platform, and application teams to integrate security at the network layer without blocking delivery velocity
- Serve as a subject matter expert for authentication and authorization frameworks: 802.1X, EAP-TLS, RADIUS/ClearPass, certificate management, and IAM integrations
- Monitor, triage, and respond to network security events; drive root cause analysis and long-term remediation
- Author engineering documentation, threat models, and security runbooks; contribute to architecture reviews
- Mentor engineers across the NIO organization on security best practices and automation patterns
- Participate in on-call rotation for critical security infrastructure
Requirements
- Bachelor's or master's degree in Computer Science, Engineering, Cybersecurity, or equivalent education and experience
- 7+ years of progressive enterprise security engineering experience with demonstrated depth in network security domains
- Hands-on experience with cloud security architecture across two or more major cloud platforms (AWS, Azure, GCP, OCI) — including cloud NGFW, VPC security controls, and private connectivity patterns
- Strong automation and IaC experience: Python, Terraform, Ansible, or equivalent — you write production-grade automation, not one-off scripts
- Deep expertise in network security technologies: next-gen firewalls (Palo Alto), ZTNA/SWG (Zscaler), IDS/IPS, and DDoS mitigation
- Strong working knowledge of authentication and authorization: 802.1X, EAP-TLS, RADIUS, ClearPass/ISE, SAML, OAuth, and PKI/certificate management
- Solid foundational network knowledge: TCP/IP, BGP, SD-WAN concepts, VLAN segmentation, DNS, and routing protocols — enough to own security outcomes independently
- Experience with security policy-as-code, CI/CD pipelines for network security changes, and GitOps workflows
- Effective written and verbal communication; able to produce clear RCAs, architecture docs, and executive summaries
Tech Stack
- Ansible
- AWS
- Azure
- Cloud
- Cyber Security
- DNS
- Firewalls
- Google Cloud Platform
- Python
- TCP/IP
- Terraform
Benefits
- Medical/Vision, Dental, Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources