Senior Network Security Engineer

Senior Network Security Engineer

MSP4, LLC  |  Full-Time  |  Remote  |  Up to 25% Travel

About the Role

MSP4 operates as the embedded IT department for a portfolio of clients spanning professional services, legal, distribution, manufacturing, and government sectors. Environments range from 50 to 1,500 users and carry real compliance weight: CMMC L2, NIST 800-171, and SOC 2 are active requirements across this client base.

This role owns network and security engineering across that portfolio. You design, deploy, and maintain firewall, switching, routing, and SD-WAN infrastructure for clients with serious uptime and regulatory requirements. Platform depth across Palo Alto, Fortinet, and Cisco is the baseline. Security posture work, including segmentation, policy review, compliance evidence, and hardening, is core to the role. Design authority sits with our Principal Solutions Architect. The expectation is precise execution, thorough documentation, and sound judgment applied within established architecture.

Remote. Travel up to 25% for major client project deployments. Day-to-day work is executed remotely.

What You Will Do

• Design and implement network and security infrastructure across multi-site client environments: campus, branch, datacenter, and cloud-connected architectures
• Manage firewall platforms at scale: Palo Alto with Panorama, Fortinet with FortiManager, Cisco ASA/FTD, Juniper SRX, and Sophos XG/XGS
• Configure and maintain enterprise switching and routing (BGP, OSPF, HSRP/VRRP, VLANs, spanning tree, QoS) across Cisco Catalyst/Nexus, Juniper EX, Aruba, and Meraki environments
• Implement and manage SD-WAN solutions where applicable, including failover design, policy routing, and carrier diversity
• Apply network segmentation, micro-segmentation, and zero-trust access controls in support of CMMC L2, NIST 800-171, and SOC 2 compliance requirements
• Conduct firewall policy audits, rule cleanup, and hardening reviews; produce documentation that satisfies compliance evidence requirements
• Support VPN and remote access infrastructure (IPsec, SSL/TLS, GlobalProtect, FortiClient) across client environments
• Respond to network security incidents, assist with forensic review, and implement corrective controls
• Produce network diagrams, runbooks, and change documentation that meet audit standards and enable other engineers to maintain what you build
• Travel to client sites up to 25% for major project-based deployments

What You Bring

• 6 or more years of network and security engineering experience across complex, multi-site production environments in professional services, manufacturing, distribution, legal, or government sectors
• US person status and US-based work location. You must be based in the United States and qualify as a US person (US citizen, US national, lawful permanent resident, or protected individual under US law). This role's access to Controlled Unclassified Information (CUI) and export-controlled systems is restricted under CMMC L2 and US export control regulations.
• Hands-on depth with at least two major firewall platforms (Palo Alto with Panorama, Fortinet with FortiManager, Cisco FTD/ASA, Juniper SRX, or Sophos XGS), including policy management at scale
• Routing and switching fluency: BGP, OSPF, EIGRP, HSRP/VRRP, spanning tree variants, 802.1Q, and QoS. Operational depth, not conceptual familiarity.
• Experience supporting compliance audits. SOC 2 Type II is the most common baseline in this client base. You should know what it means to produce audit-ready network diagrams, collect evidence for access controls, and document firewall policy in a way that satisfies an auditor.
• Familiarity with NIST 800-171 or CMMC L2 network controls is a plus. Several clients are actively pursuing CMMC Level 2 certification and we will bring you up to speed on the specifics. What matters is the ability to translate a compliance requirement into a network policy.
• Familiarity with datacenter networking (top-of-rack switching, spine/leaf topologies, VXLAN) is a plus
• Network security tooling experience: IDS/IPS, NAC (Cisco ISE, Aruba ClearPass), SIEM integration, and log forwarding
• Ability to read and apply architecture standards established by others without requiring constant design input
• Relevant certifications are a plus, not a requirement. Useful credentials include PCNSE, Fortinet NSE 4 or higher, CCNP Enterprise or Security, and JNCIS.
• Ability to produce clear technical documentation: network diagrams, firewall policy documentation, change records, and audit-ready evidence packages that another engineer can follow and an auditor can rely on
• Prior experience in a multi-client service delivery environment is an advantage. Comfort maintaining consistent security posture across varied client environments matters here.

How We Work

MSP4 does not operate like a traditional IT department or a ticket-centric help desk. We function as embedded IT leadership for our clients, accountable to their outcomes.

Our Principal Solutions Architect owns the design framework. Engineers at every level, including senior, execute within that framework. The tier structure keeps a multi-client portfolio consistent, auditable, and defensible. Candidates who need design authority over every platform and policy decision should pass on this role. Candidates who find satisfaction in high-quality execution, in holding a client's security posture to a standard, and in earning client trust through reliability will do well here.

We are building the operating model in real time. Some processes are documented; others are being written as we go. Senior engineers help shape what does not yet exist while executing reliably within what does.

Senior engineers at MSP4 operate with a forward-deployed posture. You own the outcome at the client in front of you. You carry their context into every change. You exercise judgment inside the framework the Principal owns. Push back when something is wrong; do not redesign based on personal preference. The tier structure is what keeps judgment consistent across a multi-client portfolio and defensible under audit.

About MSP4

MSP4, LLC provides infrastructure, security, and IT advisory services to mid-market professional services, manufacturing, distribution, legal, and government clients across the United States. Our commercial practice and regulated practice serve organizations with serious compliance requirements including SOC 2 Type II and CMMC Level 2.

We are a small team. Every person on it has direct impact on client outcomes. The ladder is tiered for scope and audit; access is not. Everyone here has direct access to everyone else, up to and including the CEO.

How to Apply

Alongside your resume, submit a one-page cover page in PDF. Name the file CoverPage_LastName_FirstName_SeniorNetworkSecurityEngineer.pdf. Include a header line with your name, the date, and the JD version string shown at the bottom of this posting.

On the cover page, answer the following in order:

1. Reference two specific bullets from "What You Will Do" in this JD. For each, describe the closest example from your own production experience: what you owned, the platform mix, the scale, and the outcome.
2. Describe one architecture or operational decision you disagreed with at a prior role. What was your position, what did you do about it, and how did it resolve?
3. Name one platform or technology listed in this JD where your depth is shallow. Describe how you would come up to speed in your first 90 days.

Close with the following statement exactly: "I understand that design authority for this role sits with the Principal Solutions Architect, and that my role is to execute within that framework."

One page. PDF only.

JD v2.0. Retain this version string on your cover page.