Network Security Principal Engineer

You want more out of a career. A place to share your ideas freely - even if they're daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love - driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together - lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife.

The Global Network & Technology team seeks a highly motivated Network Security Engineer to secure and harden Verizon's critical network. You will step into a high-impact role where your deep expertise in network security will directly shape our defense posture, from mapping network defenses to the MITRE ATT&CK matrix to leading the hardening of Edge routing and Leaf-Spine data center fabrics with "Gold Standard" CIS Benchmarks.

Your background should include in-depth knowledge of Cisco/Nokia products, driving PSIRT closures, and overseeing the crucial segmentation strategy. You will leverage your subject matter expertise in a wide array of networking gear across VZ Edge network.

If you are passionate about identifying vulnerabilities, performing comprehensive security assessments, and driving critical automation, this is your chance to lead and secure a vast, carrier-grade network.

• Act as the security subject matter expert in network design reviews, ensuring that all network assets meet stringent carrier-grade security standards.

• Drive security architecture, lead policy implementation, manage incident response, and integrate security principles early into the development lifecycle.

• Analyze network logs and configurations to identify vulnerabilities, recommend & build proactive mitigations.

• Leverage tools or custom automation, eg, Python, Ansible playbooks to run automated audits against security benchmarks, ensuring security compliance. Develop comprehensive assessment reports and provide recommendations for remediation.

• Conduct proactive threat hunting across the identity, endpoint, and network telemetry to uncover adversary behavior and reduce dwell time.

• Build and refine incident playbooks and response runbooks, ensuring repeatable workflows for high-impact scenarios (ransomware, phishing, insider threat, DDoS, etc).

• Lead network security incident response activities, including triage, containment, eradication, and recovery for disruptive threats.

• Execute root cause analysis for incidents, perform regular security control assessments, and lead strategic security solution implementation in a highly scalable environment.

• Drive continuous improvement of network visibility and telemetry collection to strengthen detection and response capabilities.

• Communicate clearly and effectively, articulating complex technical concepts to diverse internal and external audiences.

You'll need to have:

• Requires a Bachelor's degree in Computer Science, Cybersecurity, or a related field, or 6 -10+ years of equivalent relevant work or military experience.

• Deep expertise working in Carrier/Service Provider Network Engineering and Security, specifically securing Leaf-Spine/CLOS topologies (VXLAN, EVPN, MP-BGP) using technologies like Cisco IOS-XR/NX-OS and Nokia SR OS (TiMOS). Expert-level understanding of routing security, including BGP and IGP security, is mandatory eg: BGP hijacking, Route injection.

• Hands-on experience working with internet-scale data sets such as Netflow, BGP, DNS, and IDS logs.

• Fluency in security frameworks, particularly the application of CIS Benchmarks (Level 1 & 2 hardening) and mitigating MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) on network devices, along with a solid understanding of network security fundamentals.

• Expertise in using Python, API, Ansible, or Terraform-type tools to automate and develop custom security "health checks" on network devices.

• Demonstrated leadership skills are required, along with the ability to lead and manage cross-functional projects, build consensus, resolve conflict, negotiate, and possess strong analytical and communication skills.

Even better if you have one or more of the following:

• Prefer CCIE (Service Provider or Security) or Nokia NRS II/SRA. Additional certifications such as Juniper JNCIE, F5 BIG-IP Specialist or Expert, CISSP, CCSP, OSCP, GCIH, and Cysa are beneficial.

• Practical experience with Splunk, Elasticsearch, or well-recognized SIEM tools for data analysis, dashboard creation, alerting, automation, risk-based alerting, managing notable events, and defining/tuning correlation searches.

• Ability to run & interpret network scans using tools such as Tenable Nessus, Qualys, Rapid7 InsightVM, or OpenVAS. Ability to interpret CVSS scores and prioritize risk.

• Knowledge of modern routing security techniques such as RPKI, MacSec, BGPSec, TCP-AO, GTSM, gNMI/gRPC.

• Knowledge of encryption technologies (IPsec, TLS), UNIX or Linux systems engineering expertise with a variety of variants, and security tools, including Firewalls, VPNs, IDS/IPS, DDoS mitigation, and encryption for data in transit (e.g., IPsec, or TLS) and at rest.

• Familiarity with Identity and Access Management (IAM) solutions, the system development lifecycle, and mitigating network/system/application layer attacks.

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don't meet every "even better" qualification listed above.

Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to veteran status, disability or other legally protected characteristics.

Our benefits are designed to help you move forward in your career, and in areas of your life outside of Verizon. From health and wellness benefit options including: medical, dental, vision, short and long term disability, basic life insurance, supplemental life insurance, AD&D insurance, identity theft protection, pet insurance and group home & auto insurance. We also offer a matched 401(k) savings plan, up to 8 company paid holidays per year and up to 6 personal days per year, paid parental leave, adoption assistance and tuition assistance, plus other incentives, we've got you covered with our award-winning total rewards package. Depending on the role, employees have the opportunity to receive compensation in the form of premium pay such as overtime, shift differential, holiday pay, allowances, etc. Newly hired employees receive up to 15 days of vacation per year, which grows with additional service. For part-timers, your coverage will vary as you may be eligible for some of these benefits depending on your individual circumstances.