CMG FinancialRemote
Network Engineer (Mortgage Industry)
United States of America
Full Time
11 hours ago
$110,000 - $130,000 USD
No H1B
Key skills
PythonBashPowerShellAnalyticsAzureTerraformAzure ADPrismaSAMLPerformance OptimizationLoad BalancingCommunicationNetwork SecurityZero TrustFirewall
About this role
CMG Financial is looking for an experienced Network Engineer to design, implement, and manage enterprise network infrastructure across on-premises, hybrid, and Azure cloud environments. The role involves working with cutting-edge technologies to ensure secure, high-availability connectivity for the organization.
Responsibilities:
- Review and update Palo Alto security policies, NAT rules, and App-ID/User-ID configurations
- Monitor threat prevention alerts, URL filtering hits, and WildFire submissions
- Manage VPN tunnels (site-to-site and remote access) — check tunnel status, address drops or mismatches
- Monitor NSG flow logs, Azure Network Watcher, and Connection Monitor for anomalies
- Review hub-and-spoke topology health — VNet peering, private endpoints, DNS resolution
- Check Azure Firewall policy hits and deny logs
- Implement and document approved network changes (firewall rules, VLAN changes, routing updates)
- Use Panorama/Strata Cloud Manager to push policy updates across managed firewalls
- Maintain and update network documentation (topology diagrams, runbooks, IP addressing)
- Respond to and triage network incidents — Layer 1–7 troubleshooting, root cause analysis
- Triage and prioritize incoming tickets from the service desk queue; assign severity and ownership
- Investigate and resolve network-related incidents (connectivity failures, latency, application access issues)
- Perform root cause analysis on recurring issues and document findings for problem records
- Update ticket status, add work notes, and communicate resolution steps to stakeholders
- Escalate complex issues to senior engineers or vendors with full diagnostic context (logs, captures, configs)
- Close resolved tickets with detailed resolution notes for knowledge base reuse
- Write or maintain PowerShell/Python/Bash scripts for operational tasks
- Update Terraform configs for infrastructure changes; validate and plan before apply
- Communicate with application, security, and helpdesk teams on connectivity issues
- Participate in on-call rotation; hand off or escalate as needed
- Attend change advisory or ops standup meetings
Requirements:
- Bachelor's degree in Computer Science, Information Technology, or a related field — or equivalent hands-on experience
- 3–7+ years of network engineering experience in enterprise, multi-site, or hybrid cloud environments
- Deep understanding of TCP/IP, subnetting, routing, switching, VLANs, DNS, and DHCP
- Experience Cisco Catalyst, Nexus and Meraki switches
- Experience with BGP in enterprise or hybrid cloud environments
- Hands-on experience with firewalls, including rule creation, NAT, and VPNs
- Experience with load balancing technologies (NetScaler ADC Preferred) and network segmentation, including Zero Trust design principles
- Strong troubleshooting capability across Layer 1–7, including incident response, root cause analysis, and performance optimization
- Strong understanding of network security concepts: Zero Trust architecture, IDS/IPS, and DDoS mitigation
- Experience implementing secure segmentation across on-premises and cloud environments
- Hands-on experience with Palo Alto NGFW: security policy management, NAT, App-ID, User-ID, and Content-ID
- Experience configuring site-to-site and remote access VPNs using Palo Alto firewalls
- Experience with threat prevention, URL filtering, and WildFire services
- Experience using Panorama / Strata Cloud Manager for centralized firewall management
- Experience with Prisma Access (SASE), including remote user access, service connections, and identity integration (SAML, Azure AD)
- Experience with Strata Cloud Manager for policy management, visibility, logging, and analytics
- Understanding of Zero Trust Network Access (ZTNA) and modern SASE architectures
- Experience with network monitoring and troubleshooting tools: SolarWinds, and Wireshark
- Familiarity with SD-WAN and enterprise wireless networking (802.11 standards, controllers, access points)
- Strong communication skills with the ability to work across technical and non-technical teams
- Ability to document network architecture, standards, and operational procedures
- Strong analytical and problem-solving skills with attention to detail
- Ability to participate in on-call rotation as needed
- Azure Network Engineer Associate
- Palo Alto PCNSE
- Cisco CCNA / CCNP
- Strong experience with Azure networking: VNets, subnet design, and IP addressing strategies
- Experience configuring and managing NSGs, ASGs, and Azure Firewall policies
- Experience with Azure Load Balancer (Layer 4), Application Gateway (Layer 7), and Azure Front Door
- Experience designing hybrid connectivity: Site-to-Site VPN, Point-to-Site VPN, and ExpressRoute with BGP routing
- Experience with Private Endpoints, Private Link, VNet peering, hub-and-spoke architectures, and Azure Private DNS Zones
- Experience integrating PaaS resources with virtual networks (VNet integration, service endpoints)
- Experience using Azure Network Watcher, Connection Monitor, NSG flow logs, and packet capture
- Scripting experience in Python, PowerShell, or Bash for automation and operational efficiency
- Experience with IaC tools: Terraform, ARM templates, and Bicep
- Familiarity with YAML for configuration, pipelines, and automation workflows
- Experience with Azure landing zones and large-scale hub-and-spoke architectures
- Experience with enterprise SASE deployments
- Experience in DevOps / NetDevOps environments
- Familiarity with compliance frameworks such as NIST or ISO 27001