Senior Network Security Engineer
Posting Date06/30/26Application Deadline07/09/26Pay Range$97,250 - $142,500 annuallySalary offers are based on the candidate's equivalent experience and internal equity with other employees within the same job classification. This position is not eligible for overtime compensation.Job TypeUnclassifiedDepartmentEnterprise TechnologyAbout The PositionAs a Senior Network Security Engineer, you will provide expert-level engineering and operational support for the organization’s enterprise network and security infrastructure. You will play a lead role in the planning, design, implementation, and ongoing maintenance of secure network solutions across campus, data center, remote offices, cloud environments, and third-party connectivity. This includes core services such as firewall management, networking, VPNs, directory services, identity management, PKI, Web Application Firewalls (WAF), and virtual networks.In this role, you will focus on implementing and optimizing secure connectivity and access solutions, assisting with the deployment of Zero Trust Network Access (ZTNA), and managing firewall policies, VPNs, and segmentation strategies. You will collaborate with cross-functional teams to deliver secure, resilient, and high-performing network services that meet business and regulatory requirements. As a senior engineer, you will also mentor junior staff and ensure adherence to security best practices and operational standards.About UsAre you looking for a career in a dynamic organization that embraces a can-do spirit? Look no further than Maricopa County’s Office of Enterprise Technology!We are a team that prides ourselves on leveraging technology to create digital transformations. We look for ways to bring about innovative solutions while providing top-notch customer service. Apply today and become part of the team that makes a lasting impact on the future of technology at Maricopa County.Proud to OfferWork with a greater purposeTuition reimbursementExceptional work-life balance, with hybrid and alternative work schedule optionsOpportunities for growth and development within Maricopa CountyLow-cost, high-value healthcare for you and your qualifying dependentsChild care benefits, including access to our on-site center, Maricopa County Kids Club, dedicated to serving Maricopa County familiesPaid vacation, sick time, and parental leaveExtensive wellness program, including an incentiveEnrollment in the Arizona State Retirement System, a defined retirement benefit requiring a 12% monthly contribution rate that includes a 100% employer match on Day 1Want to learn more about the County’s Qualifying and Compensation Philosophy? Follow this link to learn more! Work With Us | Maricopa County, AZWe RequireFive years of progressively responsible experience in network operations and engineering within enterprise or large-scale environmentsBachelor's degree in Computer Science, Information Technology, or a closely related fieldA combination of post-secondary education and/or job-related experience may substitute for the minimum qualifications on a year-for-year basis.Other RequirementsSuccessful candidates must currently possess, or have the ability to obtain, a valid Arizona Driver's license by the time of hireWe Also ValueOkta Certified Professional / Okta Certified AdministratorCisco Certified Network Professional (CCNP) Enterprise or higherPalo Alto Networks Certified Network Security Engineer (PCNSE)Certified Information Systems Security Professional (CISSP)Experience in designing, implementing, and managing enterprise network infrastructure, including on-premises, cloud, and hybrid solutionsExperience with enterprise LAN/WAN architecture and wireless networking, including planning, deployment, and troubleshooting across campus and remote locationsExperience deploying and configuring Multi-Factor Authentication (MFA) policies using tools such as Microsoft Entra ID, Okta, or Duo to enhance access securityExperience supporting the design and troubleshooting of Single Sign-On (SSO) integrations using SAML, OIDC, and OAuth protocols across enterprise applicationsExperience configuring, managing, and troubleshoting Next-Generation Firewalls (NGFW)—such as Palo Alto Networks —including security policies, application control, threat prevention, URL filtering, and VPN servicesExperience implementing and supporting VPN solutions, including site-to-site and remote access configurations, with a focus on performance and securityProficiency in network automation and scripting (e.g., Python, Ansible, or REST APIs) to streamline configuration management and operational tasksJob ContributionsDesign, architect, and govern enterprise network security frameworks and secure connectivity models, establishing standards for firewall policy design, segmentation architecture, and secure access across on-premises, cloud, and hybrid environments; ensure solutions align with enterprise risk tolerance, cybersecurity frameworks, and long-term infrastructure strategyEngineer and enforce identity-integrated network access controls, developing and implementing authentication and authorization models that align network infrastructure with IAM platforms (e.g., Okta, Microsoft Entra ID, Active Directory), enabling Zero Trust Network Access (ZTNA) and ensuring secure, policy-driven access across users, devices, and applicationsLead and govern the enterprise firewall policy lifecycle, including the evaluation, risk-based approval, and continuous optimization of firewall rules and access controls; assess business needs against security risk, ensuring compliance with regulatory requirements and minimizing exposure to unauthorized access or lateral movement within the networkDesign and oversee SD-WAN architecture and advanced network segmentation strategies, ensuring secure and resilient connectivity across geographically dispersed environments while enforcing traffic isolation, performance optimization, and alignment with enterprise security and compliance requirementsDesign and oversee SD-WAN architecture and advanced network segmentation strategies, ensuring secure and resilient connectivity across geographically dispersed environments while enforcing traffic isolation, performance optimization, and alignment with enterprise security and compliance requirementsDevelop and implement advanced automation and orchestration solutions using scripting, APIs, and configuration management tools to enforce standardized configurations, reduce manual intervention, and ensure consistent application of security policies across complex network environmentsDevelop, maintain, and govern comprehensive technical and architectural documentation, including network security standards, system designs, configurations, and procedures, ensuring alignment with audit requirements, operational continuity, and enterprise governance practiceEstablish and enforce domain registration and external DNS governance controls, including lifecycle management, security monitoring, and protection mechanisms to prevent unauthorized changes, domain hijacking, and exposure to external threat vectorsServe as the senior technical authority and escalation point for complex and high-risk network security issues, conducting deep technical analysis, guiding remediation efforts, and making informed decisions that directly impact enterprise security posture and operational continuityCollaborate with cross-functional technical teams and stakeholders to integrate secure network and access control solutions into new and existing systems, ensuring that architecture, implementations, and configurations align with enterprise standards, security frameworks, and business requirementsContinuously assess and enhance the organization’s network security posture by evaluating emerging threats, technologies, and industry best practices, translating findings into strategic engineering improvements and actionable recommendationsSupport and lead technical components of audit, compliance, and regulatory initiatives (e.g., CJIS, HIPAA, NIST), including designing and validating controls, responding to audit findings, and ensuring network security architecture meets evolving compliance and governance expectationsWorking ConditionsExerting up to 10 lbs. occasionally or negligible weights frequently; sitting most of the timePosition is typically office or administrative work and is not substantially exposed to adverse environmental conditionsSelection ProcedureConsideration will only be given to candidates who submit online applicationsCandidates will be contacted primarily through email and their Workday online application profileMust pass a pre-employment background and/or fingerprint investigation as required by statute or policy, including drug and alcohol testing requirements for positions designated as safety-sensitiveMaricopa County is an equal opportunity employer and is committed to providing equal employment opportunities to all applicants. If you require a reasonable accommodation during the application process or to perform the essential functions of the position under the Americans with Disabilities Act (ADA), please contact MHRFeedback@maricopa.gov to initiate the interactive process.Apply Now!