Lead Network Security Engineer

Lead Network Security Engineer - 100% remote (EST Hours)

Optomi, in partnership with a client that specializes in the IT space, offering infrastructure solutions, is looking to add a full-time Network Security Engineer/Consultant to their team! The Lead Network Security Engineer will come with a deep understanding of network security principles, threat landscapes, and best practices. This role will serve as a trusted advisor to clients, leading engagements from initial assessment to final delivery. Your expertise will be critical in helping clients protect their networks from evolving cyber threats and ensuring their security controls align with business objectives and regulatory requirements.

Responsibilities:

• Serve as the primary technical point of contact for clients on network security projects.
• Architect and design secure network solutions leveraging technologies such as:
• Firewalls: Palo Alto Networks (PAN-OS), Cisco ASA/FTD, Fortinet (FortiGate), Check Point.
• Intrusion Prevention/Detection Systems (IPS/IDS): Cisco Firepower, Palo Alto Networks WildFire/Threat Prevention.
• Secure Access Service Edge (SASE) / Zero Trust: Palo Alto Prisma Access, Zscaler, Cisco Duo.
• VPN Solutions: Site-to-site, remote access, and client-based VPNs.
• Network Access Control (NAC): Cisco ISE, FortiNAC, Aruba ClearPass.
• Lead the hands-on implementation and configuration of network security technologies.
• Perform migrations and upgrades of existing network security infrastructure.
• Conduct comprehensive network security assessments, identifying vulnerabilities and providing actionable recommendations.
• Lead client workshops and discussions to understand their security challenges, business needs, and technical requirements.
• Develop and present strategic network security roadmaps and solutions to C-level executives and technical teams.

Qualifications:

• 8+ years experience in network engineering with at least 5 years focused on network security consulting, design and implementation
• Expert-level knowledge of firewalls, IDS/IPS, VPN, and network segmentation principles.
• Hands-on experience with SASE and Zero Trust architectures.
• Proven experience with multiple major network security platforms (Palo Alto, Cisco, Fortinet, etc.) is essential.
• Strong understanding of TCP/IP, routing protocols (BGP, OSPF), and switching.
• Familiarity with cloud security concepts (AWS, Azure, GCP) and how they integrate with on-premise networks.
• Experience with scripting or automation tools (e.g., Python, Ansible) is a plus.
• Certifications: Palo Alto Networks Certified Network Security Engineer (PCNSE), Cisco Certified Network Professional (CCNP) Security or Cisco Certified Internetwork Expert (CCIE) Security, Fortinet Certified Solution Specialist (FCSS), Certified Information Systems Security Professional (CISSP), GIAC certifications, etc.
• Exceptional communication, presentation, interpersonal skills