Next Generation Security is a Level 3 Infrastructure team responsible for the implementation and operational management of network security solutions and capabilities of a large global enterprise network. This position will provide 3rd level support of the Aegon Global Information Security Services which includes implementation and administration of network security hardware and software, enforcing the network security policy, and working with other support teams to meet the enterprise business needs of our customers. This will include troubleshooting incidents, collaborating with the Security Operations Center, providing escalation support for Level 2 Operations, and providing problem resolution. Support of Firewalls in AWS/Azure cloud and in physical data centers, remote access, and the advancement of security capabilities and concepts are the main focus areas.

Responsibilities

  • Provide day-to-day operational support for enterprise network security services, including firewalls, remote access technologies, and cloud-based network security controls across on-premises and public cloud environments.
  • Perform routine administration, configuration, and maintenance of network security platforms to ensure availability, stability, and compliance with security standards.
  • Execute firewall policy requests and changes, including rule creation, modification, review, and cleanup, in accordance with established security and change management processes.
  • Monitor, troubleshoot, and resolve network security incidents and service issues, partnering with security operations and infrastructure teams as needed to restore service and mitigate risk.
  • Serve as an escalation resource for complex operational issues related to firewalls, VPNs, and network security controls.
  • Support and maintain secure remote connectivity solutions, including IPSec and SSL VPN technologies, ensuring reliable and secure access for users and systems.
  • Analyze logs, alerts, and network traffic to identify security events, performance issues, and configuration problems; perform packet captures and root-cause analysis as required.
  • Assist with the implementation and rollout of new network security tools, upgrades, and enhancements, following established designs and standards.
  • Develop, update, and follow operational procedures, runbooks, and technical documentation to support consistent and repeatable security operations.
  • Use scripting and automation tools (e.g., APIs, Python) to streamline recurring operational tasks and improve efficiency of firewall and security platform management.
  • Conduct periodic reviews and assessments of firewall rules, configurations, and controls to identify risks, inefficiencies, and opportunities for improvement.
  • Ensure ongoing adherence to information security policies, regulatory requirements, and internal standards in all operational activities.


Qualifications

  • Experience working with APIs to automate essential firewall tasks using languages such as Python to improve efficiency of day-to-day tasks
  • Experience with firewall assessment and compliance tools such as FireMon or Tufin
  • Proven ability to understand and decode network traces and capture files
  • Proven ability to communicate in the written/spoken language with audiences of diverse technical understanding
  • Proven ability to be a self-starter with self-motivation for learning new technologies
  • Proven ability to quickly understand customer problems and how they relate to network/security infrastructure
  • Strong knowledge of network security, Palo Alto firewalls, intrusion detection systems, authentication mechanisms, encryption technologies, and networking protocols including SMTP, HTTP, DNS, TCP/IP, and SNMP.
  • A four-year computer science or related technical degree or equivalent work experience.
  • A minimum of 5 years’ experience in directly related work experience in network security administration\ engineering.
  • Significant experience building, implementing, and administering Palo Alto firewalls both physical and virtual
  • Experience in network segmentation leveraging tools like Guardicore

Preferred Qualifications

  • Prior experience implementing complex network security concepts and technologies using (but not limited to):
  • Palo Alto Networks Security Certifications (PCNSA/PCNSE)
  • Remote Access VPN solutions (e.g. Prisma Access)
  • SDN technology – Cisco ACI, Silver Peak
  • Guardicore Security Certifications (GCSA/GCSE)
  • AWS / Azure Cloud Certifications
  • Splunk
  • FireMon
  • Be able to work closely with 2nd and 3rd level Network Engineers, the Aegon Security Operations Center, as well as other teams in GTS
  • Proven experience working with diverse cultures on an international level.
  • Project and time management skills including the ability to handle multiple priorities simultaneously.
  • Experience supporting various Palo Alto solutions such as Global Protect, Wildfire, Expedition, etc.
  • Experience and deep knowledge of Palo Alto NextGen features and concepts such as UserID, AppID, ContentID, and HIPs.


Working Conditions

  • This is a hybrid position requiring three days in office per week in one of our core locations (Cedar Rapids, IA/ Denver, CO/ Philadelphia, PA)
  • Non-traditional work hours as needed
  • Participate in scheduled on-call rotations and provide after-hours support as required to maintain the security and availability of critical network services. ​


This job description is not a contract of employment nor for any specific job responsibilities. The Company may change, add to, remove, or revoke the terms of this job description at its discretion. Managers may assign other duties and responsibilities as needed. In the event an employee or applicant requests or requires an accommodation to perform job functions, the applicable HR Business Partner should be contacted to evaluate the accommodation request.

Compensation

The Salary for this position generally ranges between $105K - $130K annuallyPlease note that the salary range is a good faith estimate for this position and actual starting pay is determined by several factors including qualifications, experience, geography, work location designation (in-office, hybrid, remote) and operational needs. Salary may vary above and below the stated amounts, as permitted by applicable law.

Additionally, this position is typically eligible for an Annual Bonus based on the Company Bonus Plan/Individual Performance and is at the Company’s discretion. 

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

  

This is a hybrid position requiring three days in office per week in one of our hub locations (Philadelphia, PA; Cedar Rapids, IA; Denver, CO).  Relocation assistance will not be provided for this position.