IBERDROLA Renewables
Job Title: Senior Network Security Engineer
Department: Information Technology
Reports to: Director - Network Technology
Location:
In Office , Orange CT The base salary range for this position is dependent upon experience and location, ranging from: $114,332.80 - $142,916 Job Summary We are seeking a highly skilledSenior Network Security Engineerto join our team and play a key role insecuring, optimizing, and transforming our enterprise network infrastructure. The ideal candidate will have deep expertise infirewall security, NAT, IPSEC, SD-WAN, routing protocols (EIGRP, BGP, OSPF), and cloud security solutions. This position will focus on managing and enhancing our security infrastructure, which includes: Cisco ASA, Checkpoint, Fortinet FortiGate, Palo Alto Firewalls.
Radware for DDoS protection.
Zscaler ZIA/ZPA for cloud security.
SD-WAN for optimized global connectivity.
EIGRP, BGP, and OSPF-based network routing.
NAT policy design and implementation
A key initiative for this role is leading themigration from Checkpoint to Fortinet firewallswhile ensuring seamless network security operations. Additionally, the engineer will support and enhance ourSD-WAN deploymentfor optimized global connectivity and application performance. Key Responsibilities Lead themigration from Checkpoint to Fortinet, includingpolicy conversion, rule optimization, and traffic validation.
Manage and maintainCisco ASA, Palo Alto, Fortinet, and Checkpoint firewallsacross corporate, cloud, and remote sites.
Design and optimize firewall rule sets for improvedsecurity, performance, and compliance.
Performrisk assessments and firewall auditsto ensure network security best practices.
Manage and optimizeSD-WAN architectureto improve application performance and reduce latency.
Implementpolicy-based traffic steering, failover mechanisms, and WAN optimization.
Ensure seamlessintegration between SD-WAN, firewalls, cloud security solutions, and on-prem networks.
TroubleshootSD-WAN performance issues, routing conflicts, and connectivity problems.
Work with network and security engineers to ensuresecure connectivity between on-premises, branch locations, and cloud.
Design and implementNAT policies, includingstatic NAT, dynamic NAT, and PAT (Port Address Translation).
Configure and troubleshootEIGRP, BGP, and OSPFfor enterprise and cloud routing.
Optimize routing policies to ensurehigh availability, redundancy, and performance.
Work closely with the network engineering team to enhanceSD-WAN, inter-site, and cloud connectivity.
Administer and optimizeZscaler ZIA/ZPA solutionsforsecure cloud access and web filtering.
Implementzero-trust security policiesfor cloud applications and remote users.
TroubleshootZscaler tunnels, proxy configurations, and application access issues.
Implement and maintainRadware DDoS protectionto safeguard network infrastructure from volumetric and application-layer attacks.
ConfigureIPS/IDS solutionsto detect and mitigate security threats.
Work withSOC teamsto analyze and respond to security incidents.
Leadfirewall, SD-WAN, NAT, and routing issue troubleshootingaffecting business-critical applications.
Performpacket capture analysisand use security logs to diagnose network issues.
Work with vendors (Cisco, Fortinet, Palo Alto, Zscaler) to resolve complex technical issues.
Develop and enforcefirewall and network security policiesin compliance withNIST, CIS benchmarks, and ISO 27001 standards.
Conductregular security audits and risk assessments.
Maintain up-to-datedocumentation of firewall rules, SD-WAN policies, and security configurations.
Developscripts (Python, Bash, PowerShell)for automating firewall audits and SD-WAN policy updates.
Optimize firewall and SD-WAN policies toreduce latency and improve efficiency.
Implementnetwork automation frameworksto streamline security operations.
Required Skills & Experience 5-8 years of experienceinnetwork security engineering.
Expertise inFortinet FortiGate, Checkpoint, Palo Alto, and Cisco ASA firewalls.
Strong knowledge ofSD-WAN solutions (Fortinet SD-WAN, Cisco SD-WAN, Prisma Access).
Experience configuring and troubleshootingEIGRP, BGP, and OSPF routing protocols.
Hands-on experience managingZscaler ZIA/ZPAfor cloud security.
Proficiency inVPN technologies (IPSec, SSL, GRE, DMVPN, L2TP)and their security implications.
Strong skills inNAT, firewall rule optimization, and routing table analysis.
Experience withRadware DDoS protection, IPS/IDS, and threat mitigation.
Knowledge ofzero-trust security architectures and secure SD-WAN implementation.
Strong analytical skills fortroubleshooting network security issues, including packet captures and firewall logs.
Qualifications Certifications :Fortinet NSE 4/7, Checkpoint CCSA/CCSE, Palo Alto PCNSA/PCNSE, Cisco CCNP Security, Zscaler ZCCP, SD-WAN certifications.
Experience withAWS, Azure, and GCP cloud security best practices.
Familiarity withSIEM solutionsfor security event monitoring.
Experienceautomating security tasksusing Python, Ansible, or Terraform.
Company: AVANGRID MANAGEMENT COMPANY, LLC. Mobility Information Please note that any applicant who is not a of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country. At Avangrid we provide fair and equal employment and advancement opportunities for all employees and candidates regardless of , , , , , , , marital status, , protected veteran status or any other status protected by federal, state, or local law. If you are an individual with a or a disabled veteran who is unable to use our online tool to search for or to apply for jobs, you may request a reasonable accommodation by contacting our People and Organization department at careers@avangrid.com. Avangrid employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut, Maine, Massachusetts, and New York within Avangrid Network and Corporate functions. This does not include those that will work for Avangrid Power. Job Posting End Date: September-22-2025 #J-18808-Ljbffr
In Office , Orange CT The base salary range for this position is dependent upon experience and location, ranging from: $114,332.80 - $142,916 Job Summary We are seeking a highly skilledSenior Network Security Engineerto join our team and play a key role insecuring, optimizing, and transforming our enterprise network infrastructure. The ideal candidate will have deep expertise infirewall security, NAT, IPSEC, SD-WAN, routing protocols (EIGRP, BGP, OSPF), and cloud security solutions. This position will focus on managing and enhancing our security infrastructure, which includes: Cisco ASA, Checkpoint, Fortinet FortiGate, Palo Alto Firewalls.
Radware for DDoS protection.
Zscaler ZIA/ZPA for cloud security.
SD-WAN for optimized global connectivity.
EIGRP, BGP, and OSPF-based network routing.
NAT policy design and implementation
A key initiative for this role is leading themigration from Checkpoint to Fortinet firewallswhile ensuring seamless network security operations. Additionally, the engineer will support and enhance ourSD-WAN deploymentfor optimized global connectivity and application performance. Key Responsibilities Lead themigration from Checkpoint to Fortinet, includingpolicy conversion, rule optimization, and traffic validation.
Manage and maintainCisco ASA, Palo Alto, Fortinet, and Checkpoint firewallsacross corporate, cloud, and remote sites.
Design and optimize firewall rule sets for improvedsecurity, performance, and compliance.
Performrisk assessments and firewall auditsto ensure network security best practices.
Manage and optimizeSD-WAN architectureto improve application performance and reduce latency.
Implementpolicy-based traffic steering, failover mechanisms, and WAN optimization.
Ensure seamlessintegration between SD-WAN, firewalls, cloud security solutions, and on-prem networks.
TroubleshootSD-WAN performance issues, routing conflicts, and connectivity problems.
Work with network and security engineers to ensuresecure connectivity between on-premises, branch locations, and cloud.
Design and implementNAT policies, includingstatic NAT, dynamic NAT, and PAT (Port Address Translation).
Configure and troubleshootEIGRP, BGP, and OSPFfor enterprise and cloud routing.
Optimize routing policies to ensurehigh availability, redundancy, and performance.
Work closely with the network engineering team to enhanceSD-WAN, inter-site, and cloud connectivity.
Administer and optimizeZscaler ZIA/ZPA solutionsforsecure cloud access and web filtering.
Implementzero-trust security policiesfor cloud applications and remote users.
TroubleshootZscaler tunnels, proxy configurations, and application access issues.
Implement and maintainRadware DDoS protectionto safeguard network infrastructure from volumetric and application-layer attacks.
ConfigureIPS/IDS solutionsto detect and mitigate security threats.
Work withSOC teamsto analyze and respond to security incidents.
Leadfirewall, SD-WAN, NAT, and routing issue troubleshootingaffecting business-critical applications.
Performpacket capture analysisand use security logs to diagnose network issues.
Work with vendors (Cisco, Fortinet, Palo Alto, Zscaler) to resolve complex technical issues.
Develop and enforcefirewall and network security policiesin compliance withNIST, CIS benchmarks, and ISO 27001 standards.
Conductregular security audits and risk assessments.
Maintain up-to-datedocumentation of firewall rules, SD-WAN policies, and security configurations.
Developscripts (Python, Bash, PowerShell)for automating firewall audits and SD-WAN policy updates.
Optimize firewall and SD-WAN policies toreduce latency and improve efficiency.
Implementnetwork automation frameworksto streamline security operations.
Required Skills & Experience 5-8 years of experienceinnetwork security engineering.
Expertise inFortinet FortiGate, Checkpoint, Palo Alto, and Cisco ASA firewalls.
Strong knowledge ofSD-WAN solutions (Fortinet SD-WAN, Cisco SD-WAN, Prisma Access).
Experience configuring and troubleshootingEIGRP, BGP, and OSPF routing protocols.
Hands-on experience managingZscaler ZIA/ZPAfor cloud security.
Proficiency inVPN technologies (IPSec, SSL, GRE, DMVPN, L2TP)and their security implications.
Strong skills inNAT, firewall rule optimization, and routing table analysis.
Experience withRadware DDoS protection, IPS/IDS, and threat mitigation.
Knowledge ofzero-trust security architectures and secure SD-WAN implementation.
Strong analytical skills fortroubleshooting network security issues, including packet captures and firewall logs.
Qualifications Certifications :Fortinet NSE 4/7, Checkpoint CCSA/CCSE, Palo Alto PCNSA/PCNSE, Cisco CCNP Security, Zscaler ZCCP, SD-WAN certifications.
Experience withAWS, Azure, and GCP cloud security best practices.
Familiarity withSIEM solutionsfor security event monitoring.
Experienceautomating security tasksusing Python, Ansible, or Terraform.
Company: AVANGRID MANAGEMENT COMPANY, LLC. Mobility Information Please note that any applicant who is not a of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country. At Avangrid we provide fair and equal employment and advancement opportunities for all employees and candidates regardless of , , , , , , , marital status, , protected veteran status or any other status protected by federal, state, or local law. If you are an individual with a or a disabled veteran who is unable to use our online tool to search for or to apply for jobs, you may request a reasonable accommodation by contacting our People and Organization department at careers@avangrid.com. Avangrid employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut, Maine, Massachusetts, and New York within Avangrid Network and Corporate functions. This does not include those that will work for Avangrid Power. Job Posting End Date: September-22-2025 #J-18808-Ljbffr