Skip to main content

Senior Network Security Engineer

Job DescriptionJob Description

About Us

Schring Consulting is a provider of IT Professional Services, focusing on helping businesses succeed through planning, building, and deploying initiatives. Founded in 2003, Schring has expertise in project delivery & execution, software development, and IT staff augmentation.

 

Role Description

We are seeking a highly skilled Senior Network Security Engineer in a contract role in the Worcester, MA area. This role requires hybrid onsite presence at least 3 days/week. The ideal candidate will possess extensive experience in network architecture, threat detection & response, vulnerability management, and system security plans. As a senior member of the network/cybersecurity team, you will play a critical role in safeguarding our cloud and on-premises environments, ensuring compliance with industry standards, and supporting high availability and disaster recovery initiatives.

 

Responsibilities

  • Design, implement, and maintain secure network architectures including LAN, WAN, VPN, MPLS, and SD-WAN solutions.
  • Manage and configure Palo Alto network devices to enforce security policies.
  • Conduct vulnerability assessments using SIEM tools like Splunk and Sentinel; perform threat detection & response activities to identify and mitigate security incidents.
  • Implement network security controls including BGP, OSPF, firewall rules, IPsec VPNs, SSL/TLS encryption protocols, and network segmentation strategies.
  • Conduct vulnerability research and penetration testing to identify potential threats; lead incident recovery efforts following security breaches.
  • Support cloud computing environments such as AWS and Azure with secure cloud architecture design including VPCs, Security Groups, Network Firewall.
  • Automate security operations using scripting like Python or Bash; utilize Ansible or Terraform for infrastructure as code (IaC).
  • Maintain compliance with regulatory frameworks such as NIST 800-171, FERPA, HIPAA; prepare documentation for audits including system hardening procedures and system security plans.

 

Required Qualifications

- & Access Control (Architect-level)

  • Sources: Deep understanding of sources like Active Directory, Entra ID, and Aruba ClearPass and their use in security policing.
  • Palo Alto : Cloud Engine (CIE), User-ID (agent & agentless) and their integration with the sources above.
  • NAC & Posture: Deep understanding of Network Access Control (NAC) solutions (like ClearPass) and Device Posture Checking to grant specific access based on both and device health.

- Palo Alto Platform (Architect-level)

  • Threat Prevention: SSL Decryption, advanced Security Profiles (Threat, Wildfire, URL Filtering, DNS Security).
  • Connectivity: Complex IPSec site-to-site tunnels, GlobalProtect (VPN & ZTNA), and Clientless VPNs.
  • Management: Panorama.
  • Threat Intelligence: Cortex Data Lake and/or intel feed aggregators (e.g., Minemeld).

- Security Architecture & Design (Architect-level)

  • Zero-Trust Network Design: Proven ability to design and implement network architecture based on Zero Trust principles.
  • Macro-Segmentation: Designing high-level security "zones" (e.g., Data Center, Campus, IoT, Cloud) and the inter-zone policies.

- Cloud & Hybrid Security (Architect-level)

  • Cloud- Controls: Mastery of security constructs within AWS (VPCs, Security Groups, AWS Network Firewall) and Azure (VNets, NSGs, Azure Firewall).
  • SASE/SSE: Deep understanding of Secure Access Service Edge principles and their integration with on-prem security.

- Monitoring & Visibility

  • SIEM/SOAR Integration: Architecting log flows (syslog, NetFlow, IPFIX) to platforms like Splunk or Sentinel for effective threat hunting.
  • Traffic Analysis: Deep packet capture and analysis skills (e.g., Wireshark) for high-level troubleshooting.
  • NPM: Understanding of Network Performance Monitoring (NPM) tools and the impact of security on performance.

- Core Networking (Expert-level)

  • Routing Protocols: BGP, OSPF.
  • Network Services: LACP, DHCP, DNS.

- DDoS Mitigation (Architect-level)

  • Deep understanding of DDoS attack vectors and mitigation strategies.
  • Familiarity with major DDoS solutions, both cloud-based and hybrid (e.g., Akamai Prolexic, Radware DefensePro).

- Automation & Process

  • Scripting: Hands-on experience with Ansible and/or Python.
  • Documentation: Ability to create build guides, templates, and "gold standard" playbooks.

- Governance & Compliance

  • Proven ability to translate compliance frameworks (e.g., NIST 800-171, FERPA, HIPAA) into specific technical controls.
  • Experience with the audit process and providing evidence of control effectiveness.

 

Required Experience

  • 10+ years in network and security.
  • 3-5 years in a formal Architect or Lead/Principal role.
  • Proven experience translating high-level standards from an Architecture Review Board into operational processes and automation.
  • Proven experience mentoring and developing the skills of a technical team.
  • Must be able to work on-site 3 days per week for collaboration.

 

Certifications

  • CISSP
  • PCNSE (Palo Alto Networks Certified Network Security Engineer)
  • CCIE-Security (Cisco Certified Internetwork Expert - Security)

 

Skills / Secondary Knowledge

  • Knowledge of Web Application Firewalls (WAF).
  • Familiarity with advanced DNS security platforms (e.g., Cisco Umbrella, Infoblox).