Principal Engineer Network Security

About The Position

Requirements

• Bachelor’s degree or four or more years of relevant work experience.
• Six or more years of relevant work experience, demonstrated through one or a combination of work and/or military experience, or specialized training.
• Demonstrated leadership skills as a project and/or team lead for cross-functional project teams and vendor management.
• Expert understanding of Spine, Leaf, SDN, OTNGN, and Hub & Spoke network architectures.
• Expert-level understanding of routing and switching security, including BGP and IGP security, is mandatory, e.g., BGP hijacking, Route injection, and managing complex ACLs.
• Hands-on experience with internet-scale data sets such as Netflow, BGP, DNS, and IDS logs.
• Fluency in security frameworks, particularly the application of CIS Benchmarks (Level 1 & 2 hardening) and mitigating MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) on network devices, along with a solid understanding of network security fundamentals.
• Expertise in using Python, API, Ansible, or Terraform-type tools to automate and develop custom security “health checks” on network devices.
• Ability to assess and understand complex transport and 5G-SA network architectures.
• Understanding of network security fundamental policies and principles.
• Experience with utilizing SIEM tools like Splunk for performing analysis.

Nice To Haves

• Network Security certifications such as CISSP or other ISC2 certifications.
• Routing and Switching certifications like CCNP, CCIE, or equivalent vendor certs.
• Experience with Splunk performing data analysis, Dashboard creation, alerting, and automation.
• Familiarity with Identity and Access Management (IAM) solutions and SIEM tools.
• Demonstrated organization and project management skills.
• Knowledge of technical products and systems development lifecycle within a large global enterprise environment.
• Effective written, interpersonal, and verbal communication skills.
• Ability to work with diverse stakeholder,s including highly technical teams, business owners, and executives.
• Strong leadership and mentoring abilities, with experience guiding and developing teams

Responsibilities

• Owning the Network security posture, Security Lifecycle and protection against threats across the Broadband access network.
• Understanding complex network architectures utilizing various protocols, topologies, and vendor hardware.
• Demonstrating subject matter expertise with Routers, switches, and other networking gear, as well as Security Information and Event Management (SIEM) tools, particularly Splunk and ISE.
• Leveraging automation platforms to develop scripts and tools to enhance security operations.
• Playing a key role in monitoring, analyzing, and leading response to network security incidents while implementing proactive measures to safeguard critical assets.
• Continuously monitoring and proactively detecting threats to safeguard network functions and assets, with a focus on leveraging automation and AI.
• Accountability for the network security scorecard for each network element type.
• Collaborating with internal organizations and vendors to improve security posture by implementing Network Security Policies across diverse network elements.
• Planning, designing, and leading execution of Network Security policies across all owned assets.
• Utilizing existing expertise of routing, switching and network architecture to build a deep understanding of the network assets under your span of control and the product and feature roadmap.
• Quickly assessing the impact of vulnerabilities and identify End-of-Life/End-of-Support hardware/software to create and lead a remediation plan.
• Discovering, identifying, and inventorying all network assets and asset information (model, version, etc) in your respective area of responsibility.
• Driving continuous improvement of network visibility and telemetry collection to strengthen detection and response capabilities.
• Leading the development of baseline operations for the team and implement threat detections, automated alerts to proactively identify potential cyber threats, leveraging SIEM tools such as Splunk.
• Leading the development of incident response protocols to quickly identify, contain, and resolve network security incidents and threats.
• Executing root cause analysis for incidents, perform regular security control assessments, and lead strategic security solution implementation in a highly scalable environment.
• Ensuring that the security controls planned for the Networks are operating effectively by performing audits.
• Leveraging network automation and scripting to make the process efficient.
• Leading the development and upkeep of network automation systems for ongoing security monitoring and early identification of security incidents.
• Offering technical guidance and expert feedback on the Vendor Plan of Record (POR), selection of security/monitoring tools, and vendor engagements.
• Developing essential technical documentation, including playbooks, Confluence pages, Network diagrams, and Method of Procedures (MOPs).
• Preparing and delivering quarterly presentations to leadership detailing project status and updates.
• Mentoring Team members as well as Organizational partners and act as the overall SME.
• Building healthy relationships across the Operations, Engineering, and Planning organizations to better understand the current and future landscape of the network.

Benefits

• health and wellness benefit options including: medical, dental, vision, short and long term disability, basic life insurance, supplemental life insurance, AD&D insurance, identity theft protection, pet insurance and group home & auto insurance
• matched 401(k) savings plan
• up to 8 company paid holidays per year and up to 6 personal days per year
• paid parental leave
• adoption assistance and tuition assistance
• incentive based position with the potential to earn more
• Newly hired employees receive up to 15 days of vacation per year, which grows with additional service