Senior Network Security Engineer

APi Group is a global, market-leading business services provider of safety and specialty services in over 500 locations worldwide. APi provides statutorily mandated and other contracted services to a strong base of long-standing customers across industries. We are driven by entrepreneurial business leaders to deliver innovative solutions for our customers. As our presence across the globe increases, we are striving to become the #1 people-first company in the world.

At APi Group, our purpose is clear: We Build Great Leaders. We believe that everyone at APi is a Leader, and we provide leadership development programs across our businesses to facilitate growth. Our distinct leadership development culture creates an empowered, entrepreneurial atmosphere where our leaders can grow, thrive, and belong.

We are currently seeking a Senior Network Security Engineer who will provide technical support for APi Group s Network and Global Security Teams. In addition to ensuring that our network infrastructure is secure and available for On-Premise and Cloud architectures, this role will have influence into the Organization s global network and security strategies and roadmap. This role is responsible for reviewing Network Security controls, changes, and firewall policy deployment while engineering and developing solutions to drive risk reduction within APi Group Operating Companies, Corporate and Subsidiary spaces.

Essential Duties & Responsibilities:

To include, but not limited to the following:

• Troubleshoot and remediate network security issues in APi Group global landscape.
• Identifying current and emerging technology issues, including security trends, vulnerabilities, and threats.
• Conduct security engineering activities such as configuring and maintaining security tools, testing new capabilities, supporting IT engineer counterparts, and identifying security gaps.
• Document and map security control infrastructure and capabilities.
• Detect and report any weaknesses in the existing protocols, recommending or implementing modifications and improvements.
• Assist in the establishment of security baselines and standardization, including CIS-CAT asset benchmarking, baseline documentation, and secure configurations.
• Providing input and insight in the planning and coordination of updates, enhancements, and expansion of product security environments.
• Leading the development of enterprise-wide solutions and systems to solve network security challenges with a variety of partners and customers.
• Collaborate with Network Engineers and other IT Departments to design and implement functional company networks.
• Assist in defining IT security strategy and engineering of Network-focused Zero Trust architectures and methodologies.
• Mentoring, coaching, and developing less experienced security engineers and partner team engineers.
• Performing as a network security engineering Subject Matter Expert (SME) focused on the design, build, and oversight into network security controls.

Qualifications:

• Thorough understanding of rules, policies, ports, blocks, and VPN technologies
• Proficient in MS Office; Outlook, Word, Excel, Teams, and Visio
• 3 years of experience with Azure network and security services
• Working understanding of optical and traditional encrypted tunnel systems and protocols (i.e., IPSEC, SSL VPN, Layer 4 SSL)
• Strong interpersonal skills for multi-functional and cross-organizational team engagement
• Bachelor's degree in a related field or equivalent combination of education and experience
• Working knowledge of PCI, and GDPR
• Experience with Cisco ASA, Zoned based firewalls and Cisco Umbrella gateway
• Excellent organizational skills and analytic, problem-solving skills
• Experience working with Network Incident Security response methods, techniques, and legal requirements for the collection and preservation of artifacts
• 10 years of large, scalable, and resilient Network Security Engineering and Infrastructure support
• 5 years of engineering experience with Cisco Firepower, Palo Alto, SonicWall, and Fortinet

Preferred Qualifications:

• Cisco Networking experience
• Network Access Control (NAC) and 802.1X PEAP experience
• Development experience in Python or other scripting languages
• SolarWinds, Rapid7, and other Network Security Monitoring platform experience
• Industry certifications preferred include CISSP, CCSP, CompTIA Security+, and/or SSCP
• Cisco CyberOps Professional, CCNP Security
• Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as Logs and events processing, Incident Management, and Detection and/or Response tool development
• NIST 800.207 / Zero Trust Network Architecture (ZTNA) design and architecture development experience
• Secure Access Service Edge (SASE) platforms experience
• Background in intrusion detection, security investigations, and incident response
• A thorough understanding of routing protocol: BGP, OSPF, EIGRP

Benefits and Compensation:

This role can be performed remotely from any office in the United States. The pay range is $112,000 - $178,000, depending on job-related knowledge, skills, and experience. This position is eligible for annual bonus and profit sharing based on individual and company performance in addition to other benefits that support the total well-being of you and your family. Some benefits include:

• Profit Sharing
• Comprehensive Insurance coverage, Medical, Dental, Vision, and more
• Discounted company stock (Employee Stock Purchase Plan)
• Leadership Flex - hybrid work environment
• Access to corporate fitness center
• Growth opportunities through company sponsored leadership development courses and trainings
• 401K with employer match
• Wellness Program
• Generous paid time off

This position is not eligible for sponsorship.

All offers of employment are expressly contingent upon the satisfactory completion, in accordance with Company policy, of a pre-employment drug screening and background check.