Network Security Engineer
About the role
As a Network Security Engineer at Customers Bank, you will be a key member of our IT Network team, responsible for designing, implementing, administering, and supporting our enterprise network security infrastructure.
Responsibilities
- Design, deploy, and manage Palo Alto Networks next-generation firewalls (NGFWs), including security policies, NAT, App-ID, User-ID, Threat Prevention, URL Filtering, and WildFire across the enterprise and branch locations.
- Administer and maintain Cisco ASA and Firepower (FTD) firewalls, managing access control policies, intrusion prevention, and platform lifecycle including upgrades and patching.
- Manage and maintain VPN infrastructure, including Cisco AnyConnect/Secure Access remote access, as well as site-to-site IPSec tunnels, ensuring secure and reliable connectivity for remote users and branch offices.
- Support and secure the Cisco Catalyst SD-WAN environment, including applying security policies, traffic segmentation, and ensuring encrypted transport across WAN fabrics.
- Able to lead investigation and response to network-layer security incidents, anomalies, and policy violations.
- Participate in and lead change management activities in accordance with ITIL best practices, ensuring proper documentation, approvals, post-implementation reviews, and compliance with regulatory requirements.
- Collaborate with the Information Security, Cloud, and Infrastructure teams to design and implement network segmentation, zero-trust controls, and security architecture improvements aligned to PCI-DSS, SOX, and NIST frameworks.
- Maintain thorough documentation of firewall policies, network security architecture, runbooks, and standard operating procedures.
Requirements
- 5+ years of hands-on experience in network security engineering, with demonstrated expertise in enterprise firewall administration and network perimeter security (CCNP Security-level or equivalent experience).
- 3+ years of hands-on experience with Palo Alto Networks NGFWs, including Panorama management, security policy design, and advanced threat prevention features (App-ID, User-ID, WildFire).
- Solid hands-on experience with Cisco ASA and/or Firepower (FTD/FMC) – access control policies, IPS tuning, platform upgrades, and migration planning.
- Strong working knowledge of Cisco ISE for NAC, 802.1X, RADIUS/TACACS+, device profiling, and guest access management.
- Experience with VPN technologies including Cisco AnyConnect/Secure Access and IPSec site-to-site tunnels; understanding of certificate-based authentication and split tunneling design.
- Solid understanding of core network security protocols and concepts including TCP/IP, BGP, EIGRP, ACLs, NAT, SSL/TLS inspection, and network segmentation/micro-segmentation.
- Familiarity with Cisco Catalyst SD-WAN security capabilities, including application-aware policy enforcement, encrypted transport, and security service chain integration.
- Experience with Cisco Umbrella/Secure Access or similar DNS-layer security and cloud-delivered security platforms; working knowledge of URL filtering, threat intelligence, and SaaS policy management.
- Experience working within an ITIL-based change management process; comfortable authoring change requests, presenting to CAB, and performing post-implementation and after-action reviews.
- Ability to work with the Microsoft Suite and Customers Bank’s internal collaboration and ticketing applications; familiarity with scripting (e.g., Python, Ansible) for firewall automation and policy management is a plus.
Preferred Qualifications
- Familiarity with security and compliance frameworks relevant to a regulated financial institution (e.g., PCI-DSS, SOX, NIST CSF, FFIEC); ability to translate regulatory requirements into technical security controls.
- Palo Alto Networks certifications (PCNSE or equivalent) are preferred; Cisco security certifications (CCNP Security, CCIE Security) are also highly valued.
- A demonstrated track record carries equal weight to certifications.
- ITIL Foundation certification or equivalent experience with change and incident management practices.
- Experience with Microsoft Azure networking and cloud security, including Azure Firewall, NSGs, Virtual WAN, ExpressRoute, and integration with on-premises security infrastructure.
Qualifications
- Must be legally eligible to work in the United States without sponsorship, now or in the future, to be considered.
Benefits
Customers Bank offers competitive compensation and benefits packages, including health insurance, retirement savings plans, and paid time off.
Pay
Competitive salary commensurate with experience.
Schedule
Full-time position.
Diversity Statement
At Customers Bank, we believe in working smart, working together, and having fun while delivering innovative solutions and memorable experiences for our customers. We are committed to the continual advancement of a culture which reflects the value we place on diversity, equity, and inclusion. We honor the diverse experiences, perspectives, and identities of our team members, and we recognize that it is their passion, creativity, and integrity that drives our success.