Lead engineering for firewall and edge services; own architecture, design reviews, and operational excellence across the platform.
Own perimeter defense strategy end to end — continuous tuning, audit readiness, change governance, and periodic attestation of control effectiveness.
Architect and govern firewall and WAF policy frameworks; define the standards other engineers build against.
Lead the design and rollout of network and edge platforms that scale across the organization; partner with infrastructure, platform, and product engineering teams to ship secure-by-default solutions.
Own vulnerability prioritization across the network and edge attack surface; drive remediation through engineering partners and third parties; report progress to leadership.
Influence the security control roadmap. Bring forward proposals grounded in threat intelligence, incident learnings, audit findings, and regulatory drivers.
Lead the network security response to active threats; serve as escalation point for SOC and incident response partners; own post-incident control hardening and lessons-learned follow-through.
Operate with high autonomy. Identify and drive multi-quarter initiatives from concept through production without needing day-to-day direction.
Define and evolve engineering standards, runbooks, and best practices for the network security program. Mentor mid-level and junior engineers; raise the technical bar of the team.
Act as a force multiplier across teams. Routinely unblock peers, review designs from adjacent functions, and represent network security in architecture review boards.
Identify and articulate strategic gaps in network and cloud security tooling. Build business cases, lead vendor evaluations, and drive investment decisions with leadership.
Own ambiguous problems end to end — scoping, design, build, rollout, measurement, and handoff to operations.
Partner with GRC, audit, and (where required) regulator-facing teams to evidence network security controls and respond to examination requests.
Requirements
7+ years of progressive experience in network security and firewall engineering, with at least 2 years operating at a senior IC level.
Demonstrated experience leading or serving as primary technical responder during network security incidents, including coordinating across SOC, IR, and engineering teams.
Hands-on experience designing, deploying, and operating WAF and bot management at enterprise scale (Cloudflare, Akamai, AWS WAF, F5, Imperva, or equivalent).
Demonstrated ability to translate security best practices into enterprise-grade implementations across hybrid, cloud, and edge environments — not just understand them in theory.
Working proficiency in Terraform and Python; comfortable owning IaC modules, policy-as-code (OPA, Sentinel, or similar), and automation pipelines end to end.
Strong, broad knowledge across information security domains (network, cloud, identity, application, detection) with demonstrated ability to operate effectively across multiple.
Hands-on experience across vulnerability management, encryption and PKI, IDS/IPS and NDR, and incident response, including the ability to lead investigations.
Excellent written and oral communication, including the ability to communicate with senior leaders, auditors, and (where applicable) regulators.
Track record of leading multi-quarter initiatives from concept to production, mentoring engineers, and influencing peers and partners without authority.
Strong organizational and interpersonal skills; effective in cross-functional and globally distributed teams.
Desired Experience Or Skills
Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field. Equivalent demonstrated experience considered.
Production experience with Cloudflare across WAF, Bot Management, API Shield, DNS, and Zero Trust (Access, Gateway).
Production experience with Palo Alto firewalls; PCNSE preferred.
Production experience with at least one SASE/SSE platform (Zscaler ZIA/ZPA, Cato, Netskope, Prisma Access, Cloudflare One).
Hands-on experience with cloud-native firewall and edge controls in AWS or Azure (security groups, NACLs, NSGs, native WAFs, Front Door, CloudFront).
Solid infrastructure, SRE, or platform engineering background.
Relevant certifications: CISSP, CCSP, PCNSE, AWS Security Specialty, Azure SC-100, GCP Professional Cloud Security Engineer, SANS GIAC family (GCIA, GCIH, GPEN), CompTIA Security+.
