Network & Cloud Security Engineer POST NUMBER: 444729
Job Title: Senior Network & Cloud Security Engineer
Job Type: Contract-to-Hire
Worksite Schedule: 4-days onsite (Monday through Thursday) Fridays remote
Worksite Location: Addison, Texas
W2 Hourly Rate On Contract: $55.00 - $65.00 (W2) based on experience and credentials
Salary Conversion Target: Based on experience up to $115,000 - $135,000 excellent full benefits
Added insight :
This resource will be joining a newly established team formed within what they refer to as their “Security Towers” that will be handling firewall and network security. This group is made up of experienced Network Security Engineers (A-players), that work in a low-touch environment, with forward thinking team members, that are looking to bring recommendations and provide feedback for creating a healthy security posture for the organization.
The organizations overall goal for 2025 is optimization, standardization, and modernization. The addition of this team, is no exception. What they really need out of this person, is someone who is senior enough to hit the ground running from day one, from technology selection and optimization to eventually helping to build out the team.
They currently have several projects spun up under this new team. They are currently managing and supporting the Firewalls (primarily Palo Alto) but are also in the middle of a VMware NSX migration and are in the middle of a Microsegmentation project (Zero Trust). They are a Palo Alto Shop, utilizing Prisma Cloud, Cortex XDR, firewalls, and GlobalProtect VPN Client. They have interest in adding additional Palo Alto Products, including WildFire and AI functionality down the road. While they utilize functions within Cortex XDR, they are not using it as a complete MDR platform but the end-goal is to get there. Currently, they also utilize Carbon Black where everything gets pushed to Splunk ES, which is then pushed to the SOC team for firewall support and Splunk monitoring. They utilize both AWS and Azure, where AWS is more heavily utilized, and Azure is more-so utilized to manage M365 tasks. Additionally, they have not moved heavily into IaC (Terraform) as of yet but that is the end-goal.
Overview:
We’re seeking an experienced and proactive Network & Cloud Security Engineer to help drive the evolution of our enterprise security posture across both on-premises and cloud environments. In this role, you’ll take the lead on designing, deploying, and maintaining advanced network security solutions that support critical business systems and regulatory standards. You’ll collaborate with teams across infrastructure, application, and cloud domains to ensure secure connectivity, resilience, and scalability throughout the organization's IT landscape.
Job Scope:
- Partner with internal DevOps, infrastructure, and application teams to implement and manage robust network defenses across both private data centers and cloud platforms.
- Architect secure connectivity strategies using virtual and physical firewalls, routing protocols, segmentation, and peering techniques to maintain network integrity and performance.
- Stay informed of emerging cyber threats, vulnerabilities, and exploit methods; lead the response by applying patches and updates across environments.
- Provide mentorship to junior engineers and contribute to a knowledge-sharing culture within the InfoSec team.
- Design and automate cloud security architecture—leveraging Terraform and GitLab CI/CD pipelines—for scalable and secure cloud adoption, particularly in AWS and Azure environments.
- Establish deployment templates and best practices for network and firewall configurations used across the enterprise.
- Ensure monitoring, alerting, and event correlation are effectively configured to detect anomalies and system disruptions across network security tools.
- Maintain up-to-date documentation, architecture diagrams, and process workflows that align with operational and compliance requirements.
- Evaluate and implement innovative security tools to enhance threat detection and system hardening.
- Act as a senior-level responder during high-priority security incidents or outages.
- Stay on the forefront of cybersecurity developments, contributing to the organization’s evolving defense strategy.
- Bachelor’s degree in a technology-related field (or equivalent professional experience).
- Minimum 5 years of hands-on experience in network and systems security engineering in hybrid cloud environments.
- Expertise in network fundamentals and security protocols (e.g., TCP/IP, BGP, VPN, NAT, VLANs, microsegmentation, subnetting).
- Proficiency in security management across AWS, Azure, and VMware environments.
- Demonstrated experience with infrastructure-as-code, especially Terraform and GitLab for provisioning secure environments.
- Advanced knowledge of firewall and application delivery technologies from vendors such as Palo Alto, Citrix, VMware, and cloud-native services.
- Familiarity with compliance and control frameworks such as SOX, NIST, and HIPAA.
- Proven ability to implement zero trust principles, reduce attack surfaces, and secure perimeter designs in large-scale infrastructures.
- Excellent communication, documentation, and troubleshooting abilities in fast-paced environments.
- Certifications in AWS or Azure Cloud specializations, preferred.
- Palo Alto Networks certifications (PCNSE or equivalent), preferred.
- Experience with managed detection and response (MDR) platforms like Cortex XDR, CrowdStrike Falcon, or Rapid7, preferred
- Background in healthcare IT environments, with an understanding of HIPAA compliance requirements, preferred.
Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan.
Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.
EEO Notice
Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.
Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .
Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal.
By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.
Privacy Notice
Vaco by Highspring and its parents, affiliates, and subsidiaries (“we,” “our,” or “Vaco by Highspring”) respects your privacy and are committed to providing transparent notice of our policies.
- California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
- Virginia residents may access our state specific policies here.
- Residents of all other states may access our policies here.
- Canadian residents may access our policies in English here and in French here.
- Residents of countries governed by GDPR may access our policies here.
Pay Transparency Notice
Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:
- the individual’s skill sets, experience and training;
- licensure and certification requirements;
- office location and other geographic considerations;
- other business and organizational needs.
With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.