CCDS is seeking an experienced Senior Network Security Engineer to enhance our cybersecurity team. In this pivotal role, you will be responsible for designing and implementing robust security measures to protect our clients’ network infrastructure. You will lead complex security initiatives, conduct risk assessments, and ensure compliance with industry regulations. This position requires strong leadership skills, technical expertise, and a proactive approach to identifying and mitigating security threats.
Role summary
Design, implement, and operate secure, high-availability enterprise networks and security controls across data center, campus, branch, and cloud. You’ll lead projects (design/build), own day-to-day operations (changes, tuning, monitoring), and perform configuration/architecture reviews and assessments that reduce risk and improve performance.
Key responsibilities
- Design & architecture
- Build scalable Layer 2/3 network designs (routing/switching, wireless) with HA, segmentation, and zero-trust principles (NAC/ZTNA).
- Produce HLD/LLD, as-built docs, and runbooks; align designs with security and compliance requirements.
- Implementation & operations
- Deploy, configure, and maintain firewalls, WAF, IPS, SWG/Web Gateway, endpoint protection, VPN gateways, and load balancers.
- Operate NAC (802.1X/MAB/posture), enforce access policies, and onboard devices safely.
- Maintain rule hygiene, perform change requests, upgrades/patching, backups, and capacity/performance tuning.
- Monitoring, detection & response
- Integrate logs/telemetry into SIEM/NDR; create detections, dashboards, and response playbooks.
- Coordinate DDoS protections and certificate/key management; troubleshoot across the stack (network ↔ app).
Requirements
Required skills & experience
5+ years in enterprise networking/security (or equivalent impact), With 5 or more skills of the following:
· Routing/Switching: VLANs, STP, OSPF/BGP, VRRP/HSRP, QoS, HA.
· Wireless: Controllers/APs, WPA2/3, enterprise 802.1X.
· Firewalls: Policy/NAT, SSL/IPsec VPN, HA, logging.
· NAC: 802.1X/MAB/posture, guest/BYOD workflows.
· Secure Web Gateway (Proxy).
· Endpoint Protection (EPP/EDR).
· Web Application Firewall (WAF).
· Load Balancing.
· Intrusion Prevention System (IPS).
· Strong troubleshooting (packet capture, flow analysis), change management, and documentation.
Preferred (nice to have)
- Firewall management platforms (e.g., Panorama, FortiManager).
- ZTNA design/operations.
- Email security gateways and anti-phish controls.
- Sandboxing/file detonation.
- DNS Security (e.g., Infoblox).
- DNS Load Balancing (e.g., F5 GSLB)..
- SIEM (e.g., Splunk, QRadar).
- DDoS protections (cloud or on-prem).
- MDM (e.g., Ivanti).
- VPN gateway design at scale (remote access).
- Cloud security (AWS/Azure/GCP native controls, secure networking).
- Hands-on with configuration/architecture reviews and network assessments.
Certifications (preferred)
CCNP/CCIE Security or Enterprise, PCNSE, Fortinet NSE 4–7+, Check Point CCSA/CCSE, F5-CA/CTS, Zscaler (ZCCA-IA/ZCCP), AWS/Azure security, GIAC (e.g., GCIH, GCIA). Equivalent experience welcomed.
Benefits
- Medical Insurance
- Paid Time Off
- Working Remotely
- Training & Development
- Performance Bonus