Lead Security Engineering

Role Summary

The Lead – Network Security is responsible for leading the design, implementation, and operation of enterprise network security controls with a primary focus on Fortinet Next-Generation Firewalls and the Zscaler cloud security platform. This role provides technical leadership and hands-on expertise to ensure secure, resilient, and compliant network connectivity across on-premises, cloud, and remote access environments.

The role acts as a platform owner and technical authority for network security services, partnering closely with Network Engineering, Cloud, IAM, SOC, and GRC teams to embed security-by-design while enabling business agility.

Key Responsibilities

Network Security Platform Ownership

- Own and lead enterprise network security platforms including Fortinet NGFW (FortiGate) and Zscaler (ZIA / ZPA)

- Define architecture standards, design patterns, and security guardrails for perimeter, internal, and cloud connectivity

- Lead firewall and SASE design for data centers, cloud workloads, and remote users

- Ensure high availability, scalability, and resilience of network security services

Firewall Engineering & Operations (Fortinet)

- Lead design, deployment, and lifecycle management of Fortinet firewalls, policies, NAT rules, IPS, URL filtering, and SSL inspection

- Review, approve, and optimize firewall rules to enforce least privilege and segmentation

- Drive firewall hygiene initiatives including rule recertification, cleanup, and risk reduction

- Support upgrades, patching, and vulnerability remediation for firewall platforms

Cloud Security & Secure Access (Zscaler)

- Lead implementation and operations of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA)

- Define secure internet access, zero-trust access, and remote connectivity models

- Integrate Zscaler with identity platforms (e.g., Entra ID / SSO) and endpoint controls

- Monitor and tune policies to protect against web-based threats, data exfiltration, and misuse

Threat Protection, Incident Support & Compliance

- Integrate firewall and Zscaler telemetry with SOC and SIEM platforms for monitoring and incident response

- Support investigation and containment of network-based security incidents

- Ensure network security controls align with regulatory and compliance requirements (HIPAA, NIST, ISO)

- Provide technical inputs for audits, risk assessments, and security architecture reviews

Leadership, Governance & Continuous Improvement

- Provide technical leadership and mentorship to network security engineers

- Define operational runbooks, standards, and documentation for network security services

- Drive automation, process optimization, and platform maturity improvements

- Act as an escalation point for complex network security issues and design decisions

Required Skills & Experience

- 5–8+ years of experience in network security or security engineering roles

- Strong hands-on expertise with Fortinet firewalls (FortiGate, FortiManager, FortiAnalyzer)

- Strong hands-on experience with Zscaler ZIA and ZPA platforms

- Solid understanding of NGFW, IPS/IDS, VPNs, segmentation, zero trust, and SASE concepts

- Experience securing hybrid environments (on-premises, cloud, remote workforce)

- Strong troubleshooting, documentation, and stakeholder communication skills

Preferred Qualifications

- Experience in healthcare or other highly regulated environments

- Fortinet certifications (NSE 4 / NSE 7 or equivalent)

- Zscaler certifications (ZIA / ZPA)

- Experience integrating network security platforms with SIEM/SOC and IAM systems

Key Success Metrics

- Stable and secure operation of Fortinet and Zscaler platforms

- Reduction in network-related security incidents and policy violations

- Improved firewall rule hygiene and access control effectiveness

- High availability and performance of secure access services

- Strong partner satisfaction from IT, Cloud, and Security stakeholders