Network Security Engineer

Role – Network Security EngineerLocation – San Jose, CARole OverviewAs a Senior Network Security Engineer, you will lead the architecture, implementation, and continuous optimization of our global network security infrastructure. You will be responsible for a zero-trust environment, ensuring robust perimeter defense with Palo Alto, secure access control via Aruba ClearPass, and high-performance application delivery with Avi Load Balancers. This role requires a blend of deep technical engineering and strategic policy management using FireMon.________________________________________Key ResponsibilitiesNetwork Defense: Design, deploy, and manage Palo Alto Next-Generation Firewalls (NGFW), including GlobalProtect VPN for secure remote access and Threat Prevention profiles.Identity & Access: Lead the administration of Aruba ClearPass for NAC, profiling, and guest access, ensuring seamless integration with Aruba Wireless and Edgecore switching fabric.Application Delivery: Architect and maintain Avi Load Balancers (NSX Advanced LB) to ensure high availability, global server load balancing (GSLB), and integrated WAF protection.Core Infrastructure: Manage enterprise-scale Route and Switch environments, specifically focusing on Edgecore open networking hardware and Infoblox for DDI (DNS, DHCP, and IPAM).Security Policy Management: Utilize FireMon to automate policy changes, perform risk analysis, and ensure continuous compliance across multi-vendor firewall environments.ITSM Integration: Drive operational excellence by managing lifecycles and incidents within ServiceNow (ITSM), ensuring all changes are documented and meet audit requirements.Mentorship: Act as the Tier 3 escalation point for complex network security outages and mentor junior engineers in best practices.________________________________________Technical Skills & QualificationsCore Security & NetworkingFirewalls: Advanced proficiency in Palo Alto Networks (Panorama, WildFire, GlobalProtect).Authentication: Expertise in Aruba ClearPass Policy Manager and 802.1X protocols.Load Balancing: Strong experience with Avi Networks (NSX ALB) or similar Software-Defined Load Balancers.Switching/Routing: Deep knowledge of BGP, OSPF, and EVPN-VXLAN, with hands-on experience in Edgecore or OCP-compliant hardware.DDI: Mastery of Infoblox for IP address management and DNS security.Management & ToolsAudit & Compliance: Experience using FireMon for rule cleanup, policy auditing, and compliance reporting (PCI-DSS, NIST).Wireless: Configuration and tuning of Aruba Wireless controllers and Access Points.Operations: Strong familiarity with ITSM frameworks (ServiceNow) and Agile methodologies.________________________________________Education & ExperienceExperience: 10+ years in Network Security Engineering, with at least 3 years in a Senior or Lead capacity.Education: Bachelor’s degree in Computer Science, Cyber Security, or equivalent field. Certifications (Preferred): * PCNSE (Palo Alto Certified Network Security Engineer)ACCP (Aruba Certified ClearPass Professional)CCNP Security or Routing & SwitchingFireMon Core/Policy Manager Certification