Senior Network Security Engineer

Senior Network Security Engineer

MSP4, LLC  |  Full-Time  |  Remote  |  Up to 25% Travel

About the Role

MSP4 operates as the embedded IT department for a portfolio of clients spanning professional services, legal, distribution, manufacturing, and government sectors. Environments range from 50 to 1,500 users and carry real compliance obligations: CMMC L2, NIST 800-171, and SOC 2 are active requirements across multiple clients, not aspirational targets.

This role owns network and security engineering across that portfolio. You will design, deploy, and maintain firewall, switching, routing, and SD-WAN infrastructure for clients with serious uptime and regulatory requirements. Platform depth across Palo Alto, Fortinet, and Cisco is the baseline. Security posture work (segmentation, policy review, compliance evidence, hardening) is part of the job, not an afterthought. You will work under the direction of our Principal Solutions Architect, who owns design authority. The expectation is precise execution, thorough documentation, and sound judgment applied within established architecture, not the impulse to re-platform what is already working.

This is a remote role. Travel is required up to 25% for major client project deployments. Day-to-day work is executed remotely.

What You Will Do

• Design and implement network and security infrastructure across multi-site client environments: campus, branch, datacenter, and cloud-connected architectures
• Manage firewall platforms at scale: Palo Alto with Panorama, Fortinet with FortiManager, Cisco ASA/FTD, Juniper SRX, and Sophos XG/XGS
• Configure and maintain enterprise switching and routing (BGP, OSPF, HSRP/VRRP, VLANs, spanning tree, QoS) across Cisco Catalyst/Nexus, Juniper EX, Aruba, and Meraki environments
• Implement and manage SD-WAN solutions where applicable, including failover design, policy routing, and carrier diversity
• Apply network segmentation, micro-segmentation, and zero-trust access controls in support of CMMC L2, NIST 800-171, and SOC 2 compliance requirements
• Conduct firewall policy audits, rule cleanup, and hardening reviews; produce documentation that satisfies compliance evidence requirements
• Support VPN and remote access infrastructure (IPsec, SSL/TLS, GlobalProtect, FortiClient) across client environments
• Respond to network security incidents, assist with forensic review, and implement corrective controls
• Produce network diagrams, runbooks, and change documentation that meet audit standards and enable other engineers to maintain what you build
• Travel to client sites up to 25% for major project-based deployments

What You Bring

• 6 or more years of network and security engineering experience across complex, multi-site production environments in professional services, manufacturing, distribution, legal, or government sectors
• Hands-on depth with at least two major firewall platforms (Palo Alto with Panorama, Fortinet with FortiManager, Cisco FTD/ASA, Juniper SRX, or Sophos XGS), including policy management at scale
• Routing and switching fluency: BGP, OSPF, EIGRP, HSRP/VRRP, spanning tree variants, 802.1Q, and QoS. Not conceptual familiarity. Operational depth.
• Experience supporting compliance audits. SOC 2 Type II is the most common baseline in this client base; you should know what it means to produce audit-ready network diagrams, collect evidence for access controls, and document firewall policy in a way that satisfies an auditor
• Familiarity with NIST 800-171 or CMMC L2 network controls is a plus, not a requirement. Several clients are actively pursuing CMMC Level 2 certification and we will bring you up to speed on the specifics. What matters is the ability to translate a compliance requirement into a network policy.
• Familiarity with datacenter networking (top-of-rack switching, spine/leaf topologies, VXLAN) is a plus
• Network security tooling experience: IDS/IPS, NAC (Cisco ISE, Aruba ClearPass), SIEM integration, and log forwarding
• Ability to read and apply architecture standards established by others without requiring constant design input
• Relevant certifications (PCNSE, NSE 4+, CCNP Enterprise or Security, JNCIS) are a plus, not a requirement
• Ability to produce clear technical documentation: network diagrams, firewall policy documentation, change records, and audit-ready evidence packages that another engineer can follow and an auditor can rely on
• Prior experience in a multi-client service delivery environment is an advantage; comfort maintaining consistent security posture across varied client environments matters here

How We Work

MSP4 does not operate like a traditional IT department or a ticket-centric help desk. We function as embedded IT leadership for our clients, accountable to their outcomes, not to our own preferences about how networks should be designed.

Our Principal Solutions Architect owns the design framework. Engineers at every level, including senior, operate within that framework. This is not a limitation. It is what allows us to maintain consistent, auditable, defensible environments across a complex multi-client portfolio. If you need to own every platform and policy decision to feel effective, this role is not the right fit. If you find satisfaction in executing at a high level, holding a client's security posture to a standard, and building trust through reliability, it is.

We are building the operating model in real time. Some processes are documented; others are being written as we go. Senior engineers are expected to help shape what does not yet exist while executing reliably within what does.

We expect senior engineers to push back when something is wrong. We do not expect them to redesign based on personal preference.

About MSP4

MSP4, LLC provides infrastructure, security, and IT advisory services to mid-market professional services, manufacturing, distribution, legal, and government clients across the United States. Our commercial practice and regulated practice serve organizations with serious compliance requirements including SOC 2 Type II and CMMC Level 2.

We are a small team. Every person on it has direct impact on client outcomes. The ladder is tiered for scope and audit; access is not. Everyone here has direct access to everyone else, up to and including the CEO.