Company Overview With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And were only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on. At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all. Here, we know that youre more than your work. Thats why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If youre passionate about our purpose people then we cant wait to support whatever gives you purpose. Were united by purpose, inspired by you. Sr. Network Security Engineer At UKG, security is at the core of everything we do. We are looking for a Sr. Network Security Engineer who has experience in security-related technologies such as Next Generation Firewalls, intrusion detection, Email Security, IPSEC VPN, and Zero Trust Network Architecture technologies to join our team. The Sr. Network Security Engineer will be responsible for designing, implementing, maintaining, and documenting security solutions and related security controls throughout the Enterprise. This includes managing security tools and tasks that will include installing, configuring, and updating hardware and software; establishing and managing user accounts; overseeing or conducting backup and recovery tasks; implementing operational and technical security controls; and adhering to organizational security policies and procedures. Primary / Essential Duties and Key Responsibilities : Review, test, and implement security solutions related to : o DLP (e.g., MS Purview, Conditional Access, CASB solutions) o Public Cloud (e.g., AWS, Azure, or GCP) o ZTNA solutions (e.g., Zscaler, Axis, Prisma Access) o DDOS / WAF (e.g., Cloudflare, Silverline, Cloud Armor) o Firewalls / IDS / Network Detection and Response tools Assess network security architectures, document findings and recommendations based on industry best practices. Solid understanding of network protocols, including TCP / IP, DNS, DHCP, and routing protocols Define and review security policies to control access to systems Experience with firewall administration, VPN configuration, and network intrusion detection / prevention systems Strong knowledge of security best practices and standards (e.g., ISO 27001, NIST) Relevant certifications such as CISSP, CISA, CISM, or CCNP Security are a plus Perform implementations and configuration of network security technologies Apply Zero Trust principles to control network access to resources Recommend, create, and maintain security configuration baselines to harden systems Ensure all systems security operations and maintenance activities are properly documented and updated Automate manual tasks for improved efficiencies (e.g., infrastructure as code) Support Enterprise Risk with audits and compliance initiatives Assist in developing requirements and driving deliverables Conduct rule review and evaluation for risk exposure and protection effectiveness within the environment. Support and maintain security architecture and controls that meet or exceed FedRAMP requirements, including boundary protections, encryption, and access control Collaborate with internal teams and external vendors to ensure that FedRAMP network security controls (NIST 800-53) are designed, implemented, and continuously monitored Support FedRAMP audit readiness activities including technical evidence collection, system documentation, and implementation of continuous monitoring activities Develop and maintain network diagrams, security control mappings, and related documentation required for FedRAMP authorization and compliance. Knowledge, Skills and Abilities : Strong knowledge and understanding of both network and application layer firewall concepts. Hands-on experience with Enterprise Class firewalls Knowledge of security frameworks including NIST, ISO, CIS, OWASP 10, etc Understanding of SSL / TLS certificates and implementation (Private and Public Key Infrastructure) Working knowledge with PowerShell, Ansible, Terraform, RegEx, Chef or Puppet are preferred Experience with Public Cloud provider infrastructure, system deployments and product release operations Excellent written and verbal communication skills Excellent teamwork and collaboration skills Results oriented, high energy, self-motivated Required Qualifications : Minimum five (5) years of experience in a Network Security Engineering role working with Firewalls, DDOS / WAF, IPS and ZTNA Bachelors or Masters in Information Systems, Information Security, or related fields; preferred but not required Industry-recognized Security certification such as CSSP, CISSP, or Security+, etc., preferred experience with FedRamp Where were going UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet its our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow! Equal Opportunity Employer UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories. View The EEO Know Your Rights poster (https : www.eeoc.gov / sites / default / files / 2022-10 / EEOC_KnowYourRights_screen_reader_10_20.pdf) UKG participates in E-Verify. View the E-Verify posters here (https : www.e-verify.gov / sites / default / files / everify / posters / EVerifyParticipationPoster.pdf) . It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Disability Accommodation in the Application and Interview Process For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com . The pay range for this position is $99,800.00 to $143,450.00 USD, however, base pay offered may vary depending on skills, experience, job-related knowledge and location. This position is also eligible for a short-term incentive and a long-term incentive as part of total compensation. Information about UKGs comprehensive benefits can be reviewed on our careers site at https : www.ukg.com / careers (https : www.ukg.com / careers) It is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities. #J-18808-Ljbffr