Advance your potential – and reach your goals

Position Overview: The Lead Network Security Architect is responsible for defining and advancing the organization’s network security architecture and strategy. This role provides technical leadership in designing secure network environments, translating cybersecurity principles into practical implementations, and guiding engineering teams that operate security platforms.

The architect develops security frameworks, reference architectures, and policy models that protect enterprise systems and data. While possessing deep technical knowledge of platforms such as Palo Alto Networks firewalls, the role focuses on designing secure solutions and mentoring engineers who implement those designs.

This position serves as a senior technical leader, partnering with infrastructure, cloud, and security teams to ensure the organization’s network architecture aligns with modern cybersecurity practices and business objectives.

Work Schedule: This position is a hybrid Monday-Friday with in-office attendance expected Tuesday through Thursday. Team members are expected to be flexible with their schedule to support up to two after-hours planned maintenance windows per week.

The Lead Network Security Engineer will work in a large infrastructure team and be required to support specific duties, including, but not limited to:

Security Architecture and Strategy

• Design and maintain the organization’s network security architecture
• Design security control frameworks for network segmentation, access control, and traffic inspection
• Develop reference architectures for secure connectivity across data center, cloud, and remote environments
• Translate cybersecurity best practices and threat intelligence into practical network security controls
• Align network security architecture with Zero Trust and least-privilege principles

Secure Network Design

• Design secure routing and segmentation strategies across enterprise networks
• Establish standards for firewall policy architecture, NAT strategy, and traffic classification
• Define secure connectivity patterns for internal services, partner integrations, and internet access
• Guide architecture decisions related to VPNs, remote access, and identity-aware networking
• Ensure resiliency and secure design across critical infrastructure

Security Platform Leadership

• Provide architectural guidance for platforms such as:
  • Palo Alto Networks firewalls and Panorama
  • VPN and secure remote access solutions
  • Network segmentation and microsegmentation
  • SASE and cloud network security services
• Develop architectural standards for how security controls are implemented across these platforms
• Evaluate new security technologies and recommend improvements

Mentorship and Technical Leadership

• Mentor network and security engineers in applying security architecture principles
• Provide design guidance for complex implementations and major infrastructure changes
• Review security designs and firewall policy changes for alignment with architectural standards
• Guide contractors and junior engineers responsible for day-to-day platform operations

Governance & Risk Alignment

• Collaborate with cybersecurity to translate risk management objectives into network security controls
• Support incident response by helping identify architectural improvements to prevent future threats
• Contribute to security audits, compliance initiatives, and risk assessments
• Establish and maintain security architecture documentation and standards

Platform Lifecycle & Engineering Support

• Provide architectural oversight for major upgrades and platform lifecycle changes
• Guide certificate management strategy, encryption standards, and authentication methods
• Support troubleshooting of complex security issues across network platforms
• Ensure operational teams follow architecture and policy standards

Required Skills and Qualifications:

• 7+ years of network security or cybersecurity experience
• Strong foundation in cybersecurity principles including:
  • Network segmentation
  • Zero Trust architecture
  • Identity-aware access control
  • Secure network design
• Deep understanding of enterprise firewall platforms
• Experience designing and maintaining IPSec and remote access VPN architecture
• Strong understanding of routing and network protocols including BGP and OSPF
• Experience guiding engineers responsible for operational security platforms
• Strong analytical and threat-informed thinking

Preferred Qualification

• Experience with Panorama at enterprise scale
• Experience with SASE platforms or secure access solutions
• Experience with cloud network security architectures
• Familiarity with automation and infrastructure-as-code approaches to security infrastructure
• Experience working with SIEM, EDR/XDR, or SOC teams
• Experience designing Zero Trust and/or microsegmentation architectures

Leadership Competencies

• Strategic security thinking
• Ability to translate security concepts into actionable engineering designs
• Strong mentorship and technical leadership skills
• Clear communication with engineering, security, and executive stakeholders
• Ability to balance security requirements with operational practicality