Senior Network Security Software Engineer building automated, identity-aware network security controls and pipelines across cloud, SD-WAN, and ZTNA environments in a fintech setting.
145k – 175k/yr
Remote5+ YOESecurity Engineering
About the role
Essential Functions and Responsibilities
Own the architecture, implementation, and continuous improvement of network security program across cloud, SD-WAN, and ZTNA layers—designing identity-aware, policy-driven controls that secure both human and machine (agent) identities.
Design and deliver fully automated, end-to-end network security change management pipelines that eliminate manual toil, accelerate change velocity, and maintain audit-ready evidence at every step.
Build and operate real-time network telemetry, monitoring, and alerting systems that provide deep visibility into network activity—integrating threat intelligence feeds, cloud connectivity data, and asset inventories into a unified, automated network defense posture.
Engineer production-grade tooling and services—including firewall rule lifecycle management, policy drift detection, configuration compliance validation, and telemetry enrichment—using modern backend languages (Python strongly preferred) and infrastructure-as-code.
Manage and tune network-layer detection capabilities—including IDS/IPS signatures, firewall rules, and WAF configuration—to ensure high-fidelity signals for SOC consumption.
Operate at the leading edge of AI-assisted development: write precise engineering specifications, direct AI coding agents (e.g., Claude Code, Cursor), and review/validate generated output to build secure, lights-off agentic pipelines.
Build and maintain API integrations across the network security technology stack (e.g., Cloudflare, Zscaler, cloud-native controls) with reliability, observability, and audit-readiness designed in from day one.
Support compliance audit and assessment activities—including evidence collection, control testing, and auditor walkthroughs for network security domains; maintain an accurate network diagram inventory documenting topology, segmentation boundaries, and data flows.
Partner with the Security Operations Center, SRE, and IT to ensure network security controls integrate cleanly with existing infrastructure pipelines, CI/CD workflows, and incident response processes; participate in security architecture reviews and contribute to runbook development and operational documentation.
Requirements
Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related technical field, or equivalent combination of education and experience.
5+ years of progressive experience in network security engineering, with demonstrated track record of designing, automating, and operating network security controls in cloud-native or hybrid environments.
Substantive hands-on engineering experience: write production code, build integrations, and ship tooling.
Direct experience with network security platforms such as Cloudflare (WAF, Workers, Rulesets, Terraform provider), Zscaler (ZIA, ZPA), Palo Alto, or equivalent tier-one solutions.
Deep expertise in network security fundamentals: firewall policy design, micro-segmentation, ZTNA, SD-WAN, DDoS mitigation, traffic analysis, DNS security, and certificate/PKI management.
Hands-on experience with agentic coding tools and workflows (Claude Code, Cursor, or equivalent)—or demonstrated eagerness and aptitude to adopt them as a primary development methodology.
Strong proficiency in at least one backend language (Python strongly preferred; Go or similar considered) with the ability to design and build production-grade APIs, automation frameworks, and integration platforms.
Thorough understanding of identity-aware network security—designing controls that authenticate and authorize not just users but services, workloads, and autonomous agents.
Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD-driven infrastructure provisioning.
Experience in fintech, banking, payments, or other regulated financial services environments (PCI-DSS, SOC 2, ISO 27001) strongly preferred.
Oversee SCIF construction, accreditation, and operations while ensuring compliance with ICD 705, NISPOM, and national security protocols. Requires active TS clearance and 3+ years managing classified facilities.
148k – 222k/yr
Hybrid3+ YOESecurity Engineering
Security Engineer
FigmaSan Francisco, CA +1
Security Engineer drives security improvements across Figma's AI, platform, product, and anti-abuse teams through assessments, tooling development, threat detection, and incident response. Requires 5+ years engineering experience, strong security judgment, and proficiency in a general-purpose language.
149k – 350k/yr
Remote5+ YOESecurity Engineering
Cloud Security Engineer
Virta HealthDenver, CO +1
Builds and matures cloud security program for GCP/Kubernetes platform, integrating security into development lifecycle, automating vulnerability management, and refining IAM/network controls. Requires hands-on experience with app sec, IaC (Terraform), and coding in Go/Python.
149k – 188k/yr
RemoteSecurity Engineering
Software Engineer, Identity
MercorSan Francisco, CA
Build and scale Mercor's novel identity and access management infrastructure across thousands of Slack workspaces and HR systems for a 100k+ expert network. Requires strong product engineering, large-scale distributed systems experience, and security-minded design instincts.
150k – 325k/yr
On-site5+ YOESecurity Engineering
IT Security Operations Engineer
AKASASan Francisco, CA
IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.