[Remote] Sr Network Security Engineer
Note: The job is a remote job and is open to candidates in USA. Public Partnerships LLC (PPL) provides support for individuals with disabilities and chronic illnesses to self-direct their care. The Senior Network Security Engineer will be responsible for ensuring the security of PPL's network environment, including cloud infrastructure and physical locations, by defining security requirements, conducting assessments, and collaborating with various teams to implement security controls.ResponsibilitiesDefine and maintain PPL's network security requirements, standards, and baselines for cloud, on-premises, and remote-access environments — including Fortinet firewall configuration baselines, Azure and AWS network security baselines, segmentation standards, and secure remote-access requirementsReview and validate network architecture and design changes from a security perspective — providing requirements, recommendations, and sign-off as appropriate before changes are implemented by Infrastructure or Cloud EngineeringDrive PPL's zero-trust networking strategy across cloud, physical, and remote-workforce environments — establishing the security model, segmentation principles, and identity-aware access requirements that Infrastructure and Cloud Engineering execute againstEvaluate, recommend, and provide security requirements for new network security technologies (SASE/SSE platforms, NDR, DNS security, etc.) that improve visibility, reduce risk, and support automation across the enterpriseDefine network-layer and zero-trust controls for enterprise AI service traffic — including egress policies, conditional access, and data-leakage protections for approved AI assistants (e.g., Microsoft Copilot, Claude) to enable responsible AI use while protecting PHI and proprietary dataPartner closely with the broader Infrastructure team — including the Sr. Network Engineer, systems and cloud engineers, and supporting infrastructure staff — to translate network security requirements into actionable engineering work and maintain consistent controls across Azure, AWS, Fortinet, and remote-access environmentsCollaborate with DevOps and Cloud Engineering teams to embed network security controls into infrastructure-as-code, CI/CD pipelines, and automated deployment patterns — ensuring network security is enforced consistently and at the speed of deliveryPartner with Application Development teams on secure application network design — reviewing API exposure, service-to-service communication, ingress/egress requirements, and third-party integration patterns to ensure new and existing applications align with PPL's network security standardsConduct security reviews and assessments of PPL's network environment — including Fortinet firewall and wireless infrastructure (e.g., FortiGate, FortiAnalyzer), Azure network controls (NSGs, Azure Firewall, Application Gateway/WAF, private endpoints, ExpressRoute/VPN gateways), AWS network controls (security groups, NACLs, AWS Network Firewall, WAF, Transit Gateway, etc.), and ZTNA/VPN platformsLead periodic firewall rule reviews, segmentation validation, access-path analysis, and review of third-party network connections (vendor VPNs, B2B integrations, partner tunnels) and approved AI service connections to identify overly permissive rules, stale exceptions, and gaps against PPL's security standards; partner with Infrastructure on remediationValidate secure configuration of network and network security devices against industry benchmarks (e.g., CIS, Fortinet hardening guides, cloud provider best practices) and PPL's internal standards — through periodic reviews and continuous posture monitoring where availableCoordinate with the vulnerability management program to identify, prioritize, and track remediation of network-related vulnerabilities across Fortinet devices, cloud network services, and supporting infrastructureLead architecture-level network security review for new initiatives — including new applications, SaaS solutions, and IT purchases with network connectivity or data-flow implications — ensuring alignment with PPL's network security standardsDevelop and report network security posture metrics to leadership — including firewall rule review coverage, segmentation gaps, network vulnerability remediation, and progress against zero-trust initiatives — to inform program prioritization and demonstrate control effectivenessServe as the Information Security team's senior escalation point for network-related security incidents — supporting investigation, containment, eradication, and recovery efforts across cloud and on-premises environmentsLead network forensics activities, including packet capture analysis, flow analysis (NetFlow, VPC flow logs), and review of firewall, proxy, and DNS logs to reconstruct attacker activity and inform response decisionsUtilize the SIEM platform during incident investigation and response — running network-focused queries across firewall, proxy, DNS, and cloud network telemetry to correlate events, identify scope, and reconstruct attacker activityLeverage the enterprise XDR platform to correlate network signal with endpoint, identity, and email data during incidents — enabling cross-domain visibility that informs containment, remediation, and root-cause analysisLead network-specific threat hunting and adversary behavior analysis aligned to MITRE ATT&CK and current threat intelligence — particularly for techniques involving network reconnaissance, lateral movement, and data exfiltration in cloud and remote-access environments — in partnership with the Security Operations, IT & Cloud Security, AppSec/DevSecOps, and GRC functions across the broader incident response programDirect network-layer containment actions (firewall blocks, segmentation changes, DNS sinkholing, conditional access enforcement, etc.) during active incidents — working through Infrastructure for execution and ensuring changes are documented and reversibleContribute to post-incident reviews, identifying network-related root causes and recommending architectural, configuration, or operational improvementsProvide security oversight of network monitoring tools and platforms — including NDR, IDS/IPS, DNS security, and the use of firewall, proxy, and TLS-inspection logs — ensuring detections, alerts, and logging meet PPL's security requirementsCollaborate with SOC analysts on tuning network-layer detections to reduce false positives, improve signal quality, and align with current threat intelligenceMaintain situational awareness of emerging network-based threats, vulnerabilities, and attack vectors (e.g., ransomware command-and-control patterns, DNS tunneling, cloud lateral movement) and translate them into updated requirements, detections, and review prioritiesMaintain documentation for network security standards, review procedures, runbooks, and assessment findings to support operational consistency and audit readinessProvide network security input into risk assessments, evaluating systems, applications, vendors, and services for network-layer exposure and recommending mitigating or compensating controlsPartner with the GRC function to evidence network security controls for NIST 800-53, HIPAA, SOC 2, and CMS audits — including firewall rule review evidence, segmentation documentation, cloud network configuration, and remote-access control artifactsCollaborate with the GRC function on the development, maintenance, and enforcement of network security policies, standards, and procedures across the organizationReview and approve WAF and firewall policy changes, AI service access requests, and temporary security exceptions — ensuring requests align with PPL's network security standards and that exceptions are documented, time-bounded, and tracked through to remediation or renewalPartner across Infrastructure, Cloud Engineering, DevOps, Application Development, and the broader Cybersecurity team to translate security requirements into effective controls without disrupting business operationsCommunicate network security findings, risks, and recommendations to both technical and non-technical audiences, including leadershipContribute to security awareness initiatives, particularly around safe remote work practices, secure remote access, and phishing/social-engineering threats with a network componentProvide technical mentorship and direction to junior security and SOC staff on network security concepts, tooling, and investigation techniquesSkillsStrong knowledge of information security and network security principles, controls, and best practices across cloud, on-premises, and remote-workforce environmentsHands-on experience assessing, configuring, or operating Fortinet firewall environments (FortiGate, FortiAnalyzer, FortiManager) at scale; ability to review configurations, rules, and policies for security complianceDemonstrated knowledge of cloud network security in Microsoft Azure (NSGs, Azure Firewall, Application Gateway/WAF, private endpoints, hub-and-spoke design, ExpressRoute/VPN gateways) and AWS (security groups, NACLs, AWS Network Firewall, WAF, Transit Gateway, PrivateLink)Experience defining security requirements and reviewing architectures for ZTNA and secure remote access for distributed and remote-first workforces, including conditional access, identity-aware proxies, and integration with modern identity platformsDemonstrated experience with network segmentation, micro-segmentation, and zero-trust networking principlesProficiency in network protocols, routing, switching, TLS inspection, and packet/flow analysis sufficient to support detection engineering and incident response across cloud and on-premises environmentsProven ability to investigate, analyze, and respond to network-based security incidents, including log analysis, alert triage, and forensic reviewExposure to artificial intelligence platforms and the network security considerations specific to them — including data egress controls, secure access to AI services, and monitoring of AI-related network trafficStrong understanding of healthcare-relevant regulatory and framework requirements (HIPAA, NIST 800-53, SOC 2, CMS) as they apply to network security controlsAbility to communicate network security findings, risks, and recommendations effectively to both technical and non-technical stakeholdersStrong organizational skills with the ability to manage multiple workstreams simultaneouslyBachelor's degree in computer science, Information Systems, Network Engineering, Cybersecurity, or related field. Equivalent professional experience may be considered in lieu of a degreeMinimum of 6–8 years of progressive experience in network engineering and/or network security, with at least 3 years in a dedicated network security role and demonstrated cloud network security experienceOne or more of: Fortinet NSE 4 / NSE 5 / NSE 7, Microsoft AZ-700 (Azure Network Engineer Associate), AWS Advanced Networking Specialty or AWS Security Specialty, CISSP, CCNP Security, or GIAC GCIA / GCIHExperience in healthcare, financial services, or other regulated industries; familiarity with maturing security programs in cloud-primary, remote-first organizations; experience with infrastructure-as-code and automation for network security (Terraform, Ansible, scripting)Company OverviewPPL is the leading service provider for self-directed care programs. It was founded in 1999, and is headquartered in Alpharetta, Georgia, USA, with a workforce of 1001-5000 employees. Its website is https://pplfirst.com.Company H1B SponsorshipPublic Partnerships | PPL has a track record of offering H1B sponsorships, with 4 in 2025, 4 in 2024, 8 in 2023, 5 in 2022. Please note that this does not guarantee sponsorship for this specific role.