Senior Network Security Engineer

Wintrust•Rosemont, IL

4d•$117,000 - $158,000•Hybrid

About The Position

Wintrust provides community and commercial banking, specialty finance and wealth management services through its 16 bank charters and nine non-bank businesses. Wintrust delivers the sophisticated solutions of a large bank while staying true to the relationship-focused, personalized service of our community banking roots. We serve clients in all 50 states with more than 200 branch banking locations in Illinois, southwestern Florida, northwestern Indiana, west Michigan and southern Wisconsin and commercial banking offices in Chicago, Denver, Milwaukee, Grand Rapids, Mich., and in key branch banking locations throughout Illinois. Our people are the heart of our business and we are proud to rank consistently as a top place to work. Wintrust is a $66 billion financial institution based in Rosemont, Illinois, and listed on the NASDAQ Global Select Market under the symbol “WTFC.” 5+ years designing/implementing Defense-in-Depth for complex, multi-site networks. Experience with M&A integrations or multi-tenant environments preferred Why join us? An award-winning culture! We are rated a Top Workplace by the Chicago Tribune (past 12 years) and Employee Recommended award by the Globe & Mail (past 6 years) Competitive pay and discretionary or incentive bonus eligible Comprehensive benefit package including medical, dental, vision, life, a 401k plan with a generous company match and tuition reimbursement to name a few Promote from within culture Why join this team? This position has the opportunity to interface with and have a positive impact on multiple areas of Wintrust's business We hold ourselves accountable to high standards, share wins, operate ethically, and have fun Position Overview The Senior Network Security Engineer is responsible for oversight and governance input on design, implementation, and continuous improvement of Wintrust’s enterprise network security program. In this role, you will function as a senior technical authority in designing and maintaining robust security architectures and working with information technology partners to help safeguard enterprise infrastructure. Your role centers on a deep command of network protocols (TCP/IP, BGP, OSPF), next-generation firewall management, and SD-WAN optimization to ensure resilient data flow and threat mitigation. Enhanced knowledge of VPNs, IDS/IPS, DNS, IPAM, enterprise proxy and Zero Trust principles are core for helping promote growth and maturity of the network security program.

Requirements

Bachelor’s degree or equivalent experience
5-7 years of related hands-on experience
Networking: strong command of TCP/IP, BGP, OSPF, MPLS, and SD-WAN optimization; Proficiency in both on-premises and cloud network design
Security: Expertise in Next-Generation Firewalls (NGFW), Virtual Private Networks (VPN), Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS), Domain Name Systems (DNS), IP Address Management (IPAM), Web Application Firewalls (WAF), Network Access Control (NAC), Network Detection & Response (NDR), and enterprise proxies such as BlueCoat, Netskope or comparable technology.

Nice To Haves

Preferred tooling: AlgoSec, Cisco Firepower (FMC/SMA), Cisco IPS/IDS, Infoblox, Cloudflare WAAF, and Cisco Secure Web Appliance, Azure Networks (VNet, peering, Network Security Groups, UDR)
Experience with M&A integrations or multi-tenant environments preferred

Responsibilities

Firewall Rule & Policy Optimization : Lead the continuous cleanup and optimization of firewall rules and NGFW policies to eliminate redundancy, reduce latency, and enforce necessary access control. Preferred experience navigating and using Algosec as the tool conducting the analysis.
Proxy and DNS Security - Provide expertise in managing enterprise DNS infrastructures (e.g., Infoblox, BlueCat, or Windows DNS) and managing enterprise proxy solution (BlueCoat, Zscaler etc.). Experience must include implementing DNSSEC, configuring redundant DNS architectures, and utilizing DNS Filtering (Cisco Umbrella) and ability to evaluate proxy architecture and categorical blocking.
DDI & IP Address Management (IPAM): Strong command of DDI (DNS, DHCP, and IPAM) to maintain a sole source of truth for the corporate IP space.
Senior to expert-level experience with core networking and routing protocols, including TCP/IP (Layers 1-7), BGP, OSPF, and EIGRP.
Experience securing hybrid-cloud environments (AWS, Azure, GCP) using cloud-native networking like VPCs , Security Groups , and Cloud Next-Gen Firewalls is a plus
Toolchain Lifecycle Leadership : Direct the evaluation, selection, and deployment of enterprise-grade security tools, ensuring they resolve specific technology gaps and align with carrier-grade security standards.
Domain Leadership – Provide input on programmatic and technical deficiencies to secure and optimize Wintrust’s network security posture.