Old Republic is a leading specialty insurer that operates diverse property & casualty and title insurance companies. They are seeking a Network Security Engineer to operationalize the Center of Excellence's architectural direction by implementing network security solutions and collaborating with various teams to ensure secure network environments.
Responsibilities:
- Implement, configure, and validate network security solutions aligned with CoE architectural standards, reference designs, and design patterns
- Build and maintain proofs-of-concept, reference implementations, and lab environments to support architectural decisions and technology evaluations
- Partner with the Security Architects and other technology staff to advance enterprise initiatives in segmentation, Zero Trust, SASE/SSE, and secure connectivity across on-prem, cloud, and subsidiary environments
- Support architectural design reviews by providing engineering perspective, feasibility analysis, and implementation guidance
- Assist in evaluating and piloting network security technologies (next-gen firewalls, SASE/SSE, NDR, DDI, WAF/CDN, micro-segmentation, etc.) and document findings for the CoE
- Implement and tune AI-driven security capabilities (e.g., ML-based NDR/IDS/IPS, behavioral analytics, anomaly detection) within network security platforms
- Help identify and mitigate risks associated with AI/ML usage, including data exposure, model security, and LLM-driven workflows from a network engineering perspective
- Configure controls in alignment with threat intelligence, regulatory requirements, and enterprise risk profiles
- Partner with subsidiary engineers, BISOs, and infrastructure teams to deploy and operate CoE-aligned solutions in a federated environment
- Document standards, build guides, runbooks, and as-built designs to enable consistent adoption across subsidiaries as the CoE expands
- Communicate effectively with technical stakeholders, presenting engineering findings, PoC results, and implementation recommendations
Requirements:
- 3-5 years of hands-on network and/or network security engineering experience
- Strong hands-on experience with routing, switching, cloud networking, and enterprise protocols (BGP, OSPF, VXLAN, IPsec, TLS, etc.)
- Strong hands-on experience with enterprise DNS, DHCP, and IPAM (DDI), including secure DNS design, DNS security controls (DNSSEC, DoH/DoT, protective DNS), and troubleshooting complex DNS resolution issues across on-prem, cloud, and remote-access (e.g., ZPA/ZIA) environments
- Hands-on implementation experience with Zero Trust, hybrid/multi-cloud, and inter-company connectivity designs
- Experience working within federated and/or multi-entity organizations (holding companies, subsidiaries, or M&A environments)
- Working familiarity with NIST CSF, ISO/IEC 27002, and CIS Controls
- Familiarity with AI-enhanced security technologies (e.g., ML-based NDR/EDR, AI-driven traffic analysis, automated threat modeling tools)
- Experience with AI-powered capabilities in AWS, Azure, and/or GCP from a network security perspective
- Hands-on engineering experience with leading network and security platforms such as Palo Alto Networks, Zscaler (ZIA/ZPA/ZDX), Infoblox, Cisco, F5, Cloudflare/Akamai, VMware NSX, or comparable technologies