Network Security Engineer

Summary We are seeking a highly skilled Network Security Engineer to design, implement, and operate enterprise security solutions across Zero Trust access, cloud security/SSE, and next-generation firewall platforms. This role will lead engineering, deployments and operations for Akamai Enterprise Application Access (EAA), Zscaler (ZIA/ZPA/ZDX as applicable), and Palo Alto Networks firewalls (PAN-OS), ensuring secure connectivity, consistent policy enforcement, and high availability across global environments. Job Description Applied's IT organization has a long reputation of being a great place to work. The IT team has been recognized as one of Computerworld's 100 Best Places to Work in IT. In addition, numerous Applied IT leaders have been honored as a CIO Magazine's Ones to Watch or Computerworld Premier 100 IT leaders. The Senior Network Security Engineer / Solutions Architect is responsible for end‑to‑end ownership of enterprise network and web security platforms, spanning Zero Trust access, Secure Service Edge (SSE), Web Application & DDoS protection, Network Detection & Response (NDR), and Next‑Generation Firewalls. This role combines hands‑on technical execution with architectural leadership and financial accountability. The individual will act as a platform owner—driving design decisions, ensuring operational stability, leading threat response, and managing vendor and cost governance for critical security services including Akamai (EAA, WAF, DDoS), Zscaler, Palo Alto Networks, and NDR platforms. The position requires close collaboration with SOC, Network, Cloud, IAM, Application, and Finance teams to ensure security controls are effective, scalable, and aligned with business priorities. The role also serves as a Tier‑3 escalation point during major incidents and provides strategic input into roadmap planning, tool rationalization, and security investment decisions. This is a high‑impact, senior‑level role ideal for a security professional who can operate at both technical depth and enterprise scale, balancing risk reduction, operational excellence, and cost efficiency. Core Competencies: * Zero Trust Architecture & Secure Access Strong understanding of Zero Trust principles, identity‑aware access, least privilege, and secure private application connectivity across hybrid environments. * Web Application & DDoS Security Expertise in protecting internet‑facing applications against OWASP Top 10 risks, bot attacks, and volumetric/application‑layer DDoS threats while maintaining performance and availability. * Network Defense & Threat Detection (NDR) Deep knowledge of network telemetry, behavioral analytics, east‑west traffic visibility, and threat hunting using Network Detection & Response platforms. * Enterprise Firewall & Segmentation Design Proven ability to design, implement, and govern segmentation and policy controls using next‑generation firewalls (PaloAlto & FortiGate) aligned to NIST and Zero Trust standards. * Incident Response & Security Operations Strong troubleshooting and incident‑handling skills across web attacks, DDoS events, access outages, firewall issues, and advanced network‑based threats. * Platform Ownership & Operational Excellence Ability to operate security platforms at scale with defined KPIs, runbooks, escalation models, and hypercare support during major changes. * Financial & Vendor Management Demonstrated experience managing security platform costs, license consumption, renewals, and vendor evaluations to maximize ROI and control spend. * Cross‑Functional Leadership & Communication Comfortable partnering with SOC, Network, Cloud, IAM, Application, and Finance teams, and communicating technical and financial trade‑offs to leadership. Job Responsibilities Akamai – Zero Trust, Web & Edge Security * Design, deploy, and operate Akamai EAA for secure private application access across on‑prem, cloud, and hybrid environments. * Implement and manage Akamai WAF protections including custom rules, rate limiting, bot management, and OWASP Top 10 mitigation. * Architect and support Akamai DDoS protection (L3–L7) for internet‑facing applications, including event response and post‑incident analysis. * Tune security policies to balance protection with application performance and user experience. * Partner with application and platform teams to onboard new apps, domains, certificates, and security profiles. Zscaler – SSE / Secure Web & Private Access * Implement and operate Zscaler ZIA/ZPA (and related modules as in scope). * Define and maintain security policies for secure web access, private application access, and traffic forwarding. * Manage GRE/IPsec tunnels, agent deployments, PAC files, and identity-based policy enforcement. * Support incident investigations related to web threats, access failures, or performance degradation. Palo Alto Networks – Next‑Generation Firewalls * Engineer, operate, and maintain Palo Alto NGFWs (PAN‑OS), including HA architectures. * Maintain orchestration platforms such as Strata Manager and Panorama * Implement zone‑based segmentation, NAT, routing, and threat prevention profiles. * Lead firewall policy lifecycle management: design, review, recertification, and cleanup aligned with NIST/Zero Trust principles. * Support perimeter, data center, and internal segmentation firewall use cases. Network Detection & Response (NDR) * Serve as technical owner for Network Detection & Response (NDR) capabilities (on‑prem, cloud, and hybrid visibility). * Tune detections, reduce false positives, and improve signal quality in partnership with SOC teams. * Lead investigations for lateral movement, command‑and‑control, anomalous traffic, and advanced threats. * Provide architectural guidance on encrypted traffic visibility, east‑west monitoring, and cloud traffic inspection. Threat Response, Operations & Governance * Serve as escalation point for web attacks, DDoS events, access outages, and firewall incidents. * Integrate platforms with SIEM/SOC, IAM (Entra ID/Ping Identity), PKI, and ITSM workflows. * Develop operational runbooks, dashboards, and alerting for Tier‑2/Tier‑3 readiness. * Drive POCs, production rollouts, and hypercare monitoring for new security capabilities. Financial Ownership & Vendor Governance * Own platform financials for Akamai, Zscaler, Palo Alto, and NDR tools, including: * License modeling and consumption tracking * Cost optimization and right‑sizing * Renewal planning and budget forecasting * Partner with Finance and Procurement on renewals, true‑ups, and vendor negotiations. * Evaluate ROI and efficiency of security investments; provide data‑driven recommendations for consolidation or expansion. * Support POCs and vendor evaluations, including technical and financial comparison inputs. Education and Experience 7–10+ years in network and security engineering / architecture roles. Hands‑on experience with: * Zscaler ZIA/ZPA * Akamai EAA , WAF & DDoS * Palo Alto Networks NGFW (PAN‑OS) & Fortinet * Network Detection & Response (NDR) platforms Strong understanding of: * Web security, DDoS attack vectors, OWASP Top 10 * Network telemetry, threat detection, traffic analysis * Zero Trust, segmentation, identity‑aware access Proven troubleshooting skills across multi‑vendor, multi‑layer security stacks Preferred Qualifications * Certifications: PCNSE, Akamai, Zscaler, CISSP or equivalent. * Experience with SIEM/SOAR integrations and SOC operations. * Automation or scripting experience (Python, APIs, Terraform/Ansible). * Cloud security and hybrid connectivity experience (Azure/AWS/GCP). * Experience presenting financial and risk trade‑offs to leadership. ## Qualifications ### Education: Bachelor's Degree ### Skills ### Certifications: ### Languages: ### Years of Experience: 2 - 4 Years ### Work Experience: ## Additional Information ### ### Shift: Day (India) ### ### Travel: ### ### Relocation Eligible: No ### Referral Payment Plan: Employee Referral (Standard) Applied Materials is an Equal Opportunity Employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.