SUMMARY: The Cloud Network Security Engineer is a focused cloud-native security engineering role which will work across the Bank's multi-cloud technology environment. Domain experience with virtual firewalls, general cloud networking concepts, CASB, IDS/IPS in the cloud, cloud provider native WAF and 3rd party rule sets, DNS Security ( Akamai), etc. will be required to be successful in this role. This position will work closely with Cloud Architecture, network, and other architecture and engineering teams in helping to baseline and continually improve the Bank's overall cloud security posture. ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned. Perform network security maintenance including updates to firewall rules, WAF rule configuration, IDS/IPS signature updates, etc. Management of 3rd party network security service provider to ensure optimization of delivery and partnership engagement Creation, updating and ensuring adherence to the Cloud Network & Network Security architecture roadmaps Conduct research on network and network security products, services, protocols, and standards to remain abreast of developments in the networking industry Participate and feed into both network and network security architecture, engineering, and operations teams Coordinate with cross functional groups to ensure project timeline and customer service deliverables are met Look for opportunities to improve the network security performance and management including coordination with SRE engineers to increase application and supporting network resiliency Maintain accurate and current documentation of the cloud network security environment Interact with application and other infrastructure personnel to develop and support secure, network aware applications Contribute towards the continued development of the Bank's overall business continuity plan Help define the Network and Network Security Architecture that will enable our business to thrive Leverage IaC best practices to deploy, operate, and scale critical infrastructure Develop IaC, build pipelines, and deploy infrastructure following best practices and defined standards Collaborate with other teams in the development of a seamless Network and Network Security automation framework Work closely with the management team and Agile coaches to transform requirements into tangible deliverables Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering ( Bank Secrecy Act, US PATRIOT Act, etc.). Adheres to Bank policies and procedures and completes required training. Identifies and reports suspicious activity. EDUCATION Bachelor's Degree in Business Administration or related fields or comparable experience in, Computer Information Systems, and/or Engineering with the appropriate emphasis in Cloud and Enterprise networking and security design/administration required. EXPERIENCE Experience with AWS network services such as CloudFront, VPCs and subnets, Direct Connect, Transit Gateway, NACLS & Security Groups, WAF, etc required Experience with AWS native network security controls eg AWS Firewall Manager, WAF, GuardDuty, etc required Experience in AWS network and application load balancing required Experience with Terraform for IaC (infrastructure as code) and automated deployment of cloud infrastructure assets required Experience with New Relic, AppDynamics, or similar Application Performance Monitoring required Experience with SIEM technology (both facilitating the ingestion of network/network security logs and the correlation thereof) required Experience with securing Meraki Wireless Technologies preferred Experience with multi-cloud networking design preferred Experience with AWS multi-region network resiliency design preferred Experience with AWS Organizations (or Azure Management Groups/Policy) for global cloud account policy enforcement preferred Experience with AWS Route 53 and Azure DNS preferred Experience as a network security engineer working in environments, preferably with Palo Alto, Checkpoint, Zscaler, etc preferred Experience with VPN and secure remote work enablement tools preferred Experience with AWS Certificate Manager or other certificate management solution preferred Experience with global WAF and load balancing services such as CloudFlare and Akamai a plus Experience with KMS is a plus Experience with Okta, Microsoft Entra, and/or IAM policies is a plus Experience creating Network and Security Diagrams using Visio and/or Lucid Charts preferred KNOWLEDGE, SKILLS AND ABILITIES Knowledge of security architectures including CASB and SASE Knowledge of Checkpoint, Palo Alto, Zscaler, or equivalent firewall and IPS/IDS technologies and the ability to administer required Knowledge of Palo Alto virtual firewall technologies and Panorama management required Prior knowledge of Cisco core routing and switch equipment (eg Cisco Nexus and Cisco Catalyst Switches) and security best practices preferred Familiarity with Routing Protocols with BGP, EIGRP, OSPF, & Route Redistribution