SoFi
Network Security Engineer, Zero Trust – SoFi
Join our Network Operations team to design, implement, and maintain SoFi’s hybrid and multi‑cloud network infrastructure, focusing exclusively on security engineering excellence and enforcing Zero Trust principles.
Base pay range
$92,800.00/yr - $174,000.00/yr
What you’ll do:
Zero Trust & SASE Architecture: Design, implement, and operate our global Zero Trust Architecture (ZTA) and Secure Access Service Edge (SASE) solution, focusing on advanced configuration of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for both corporate and production environments.
Cloud Network Security: Serve as the Subject Matter Expert (SME) for securing multi‑cloud networking environments (AWS and Azure). Implement robust controls for VPC/VNet peering, Transit Gateway configurations, and leverage native cloud security services (e.g., Security Hub, Firewall Manager).
Infrastructure‑as‑Code (IaC) & Automation: Develop, test, and maintain automated security deployments and configurations using Terraform and version control systems (Git) to ensure security policies are deployed consistently and scalably across all platforms.
Next‑Gen Firewalls: Implement and enhance security policy rules, NAT/VPN configurations, and advanced threat prevention profiles on Palo Alto Networks Next‑Generation Firewalls (NGFWs), ensuring adherence to the least‑privilege principle.
Security Integration: Partner with DevSecOps teams to integrate network security tooling into CI/CD pipelines, enabling automated vulnerability checks and compliance enforcement (shift‑left security).
Compliance & Risk: Ensure network infrastructure and controls meet stringent regulatory requirements relevant to FinTech (e.g., PCI DSS, SOC 2, SOX).
Incident Response: Support the Security Operations Center (SOC) by providing expert‑level analysis of network security incidents, packet captures, and flow data to rapidly contain and remediate threats.
What you’ll need:
4+ years of hands‑on experience in Network Security Engineering or a related role within a fast‑paced environment.
Expertise in Zero Trust concepts and demonstrable experience implementing SASE solutions (e.g., Zscaler, Palo Alto Prisma Access).
Deep practical experience with at least one major cloud platform (AWS or Azure) specifically focused on networking and security services (VPC/VNet, Security Groups, NACLs, Cloud Firewall).
Advanced troubleshooting skills across the network stack (TCP/IP, routing protocols, proxies, DNS).
Nice to have:
Relevant certifications such as PCNSE, Zscaler ZCCA/ZCCP, or AWS Certified Security – Specialty.
Experience with container networking and security in Kubernetes (e.g., Network Policies, Calico).
Familiarity with Network Access Control (NAC) technologies and protocols (802.1x, RADIUS, Microsoft NPS).
Prior experience in a heavily regulated industry, particularly FinTech, and familiarity with compliance standards (PCI, SOX).
Hands‑on experience with advanced monitoring and SIEM tools (e.g., Splunk, Elastic, Datadog).
Compensation and Benefits The base pay range for this role is listed above. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our
Benefits at SoFi
page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law. The Company hires the best qualified candidate for the job, without regard to protected characteristics. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. New York applicants: Notice of Employee Rights. SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com. Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
#J-18808-Ljbffr
Base pay range
$92,800.00/yr - $174,000.00/yr
What you’ll do:
Zero Trust & SASE Architecture: Design, implement, and operate our global Zero Trust Architecture (ZTA) and Secure Access Service Edge (SASE) solution, focusing on advanced configuration of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for both corporate and production environments.
Cloud Network Security: Serve as the Subject Matter Expert (SME) for securing multi‑cloud networking environments (AWS and Azure). Implement robust controls for VPC/VNet peering, Transit Gateway configurations, and leverage native cloud security services (e.g., Security Hub, Firewall Manager).
Infrastructure‑as‑Code (IaC) & Automation: Develop, test, and maintain automated security deployments and configurations using Terraform and version control systems (Git) to ensure security policies are deployed consistently and scalably across all platforms.
Next‑Gen Firewalls: Implement and enhance security policy rules, NAT/VPN configurations, and advanced threat prevention profiles on Palo Alto Networks Next‑Generation Firewalls (NGFWs), ensuring adherence to the least‑privilege principle.
Security Integration: Partner with DevSecOps teams to integrate network security tooling into CI/CD pipelines, enabling automated vulnerability checks and compliance enforcement (shift‑left security).
Compliance & Risk: Ensure network infrastructure and controls meet stringent regulatory requirements relevant to FinTech (e.g., PCI DSS, SOC 2, SOX).
Incident Response: Support the Security Operations Center (SOC) by providing expert‑level analysis of network security incidents, packet captures, and flow data to rapidly contain and remediate threats.
What you’ll need:
4+ years of hands‑on experience in Network Security Engineering or a related role within a fast‑paced environment.
Expertise in Zero Trust concepts and demonstrable experience implementing SASE solutions (e.g., Zscaler, Palo Alto Prisma Access).
Deep practical experience with at least one major cloud platform (AWS or Azure) specifically focused on networking and security services (VPC/VNet, Security Groups, NACLs, Cloud Firewall).
Advanced troubleshooting skills across the network stack (TCP/IP, routing protocols, proxies, DNS).
Nice to have:
Relevant certifications such as PCNSE, Zscaler ZCCA/ZCCP, or AWS Certified Security – Specialty.
Experience with container networking and security in Kubernetes (e.g., Network Policies, Calico).
Familiarity with Network Access Control (NAC) technologies and protocols (802.1x, RADIUS, Microsoft NPS).
Prior experience in a heavily regulated industry, particularly FinTech, and familiarity with compliance standards (PCI, SOX).
Hands‑on experience with advanced monitoring and SIEM tools (e.g., Splunk, Elastic, Datadog).
Compensation and Benefits The base pay range for this role is listed above. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our
Benefits at SoFi
page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law. The Company hires the best qualified candidate for the job, without regard to protected characteristics. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. New York applicants: Notice of Employee Rights. SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com. Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
#J-18808-Ljbffr