Network Security Engineer

The Network Security Engineer will support the design, implementation and maintenance of network solutions, tools, processes and policies especially as it pertains to overall security. Working within the framework of the security program for TAH, they will facilitate accurate documentation of the network environment, accurate reporting from the network devices and secure solutions to networking challenges posed through business activity. The person in this position will support the TAH organization by providing timely troubleshooting and remediation of network & security events, as well as get involved in business unit projects through collaboration to provide input on secure network design.Job Details:Lead and collaborate on cross‑functional network and security initiatives by partnering with project teams, engineers, managers, and operational groups to solve technical issues and ensure optimal deployment of technology solutions.Architect, implement, and maintain secure network solutions, including firewalls (FortiGate/Palo Alto), F5 BigIP, Cisco ISE, Meraki, monitoring tools, and ZTNA‑aligned configurations, from planning through post‑implementation validation.Serve as the senior in‑house subject matter expert (SME) for networking and network security, providing advanced guidance, troubleshooting, and escalation support across the organization.Act as primary responder for security events and major network incidents, ensuring rapid mitigation, business continuity, and proper coordination with internal and partner network operations teams.Maintain high availability and performance of network infrastructure, including firewalls, switches, wireless access points, and application‑related network components.Ensure proper documentation, lifecycle management, and compliance for network systems, including configuration records, corporate security initiatives, vulnerability remediation, and change management procedures.Incumbent must follow all established Environmental Health & Safety and Quality System policies, programs, rules and practices, including but not limited to product and patient safety, the health and safety of all associates as well as the environment and community at large.Knowledge, Skills and AbilitiesFamiliar with next generation firewall technologyExperience with cloud (GCP, Azure) network and security is desirableLead application delivery and security using F5 BIG-IP (Advanced WAF/ASM, DDoS, APM, SSL/TLS, HA) in HIPAA-regulated healthcare networks.5-10 years of experience managing on-prem, hybrid, and cloud network architectures, including demonstrated expertise in security network engineeringExceptional communication (verbal and written), organizational, and interpersonal skillsDeep understanding of external and insider threat mitigation strategies and ZTNA design principlesExcellent analytical, interpersonal and communication skills with the ability to communicate complex technical issues in an easy-to-understand mannerAbility to work in a fast-paced environment, demonstrate grace under pressure, meticulous attention to details, and a methodical / analytical approachExceptional problem-solving abilities.Ethical and trustworthyIncident Response experience related to network analysisQualifications:A bachelor’s degree in computer network related field, cyber security preferred or combination of equivalent experienceMinimum 5 years’ experience administering and maintaining Fortigate, FortiManager and FortiAnalyzer required5 years of practical implementation and maintenance of network routing equipment5 years of relevant professional network engineering or administration experience, with significant exposure to a variety of technologies and domains5 years of advanced working knowledge of SDWAN and Network architecture.Experience patching and managing network configurations to include standard build installations and network system security hardeningExperience with different routing protocols, OSPF, eBGP, iBGPExperience with the following technologies preferred:IDS, IPS, AV, Application, DNS securityNetwork infrastructure (Cisco, Fortinet, F5.)Network admission control (NAC) (Aruba ClearPass, ForeScout, Cisco, etc.)Firewall management and auditingNetwork packet brokers (Gigamon, IXIA, NetScout, etc.)SSL decryption (Blue Coat, F5, Gigamon, IXIA, etc.)Wi-Fi deployment and configuration (Cisco/Meraki)Public key infrastructure (PKI)Hardware security modules (HSM)Authentication solutions (RSA, Entrust, smartcard, biometrics, etc.)Log collection and aggregation (ArcSight, McAfee / Nitro, Splunk, IBM/QRadar, etc.)Network gear OS Hardening (Fortinet, Cisco.)