Zero Trust Network Operations Engineer

Description:

This is a hands-on enterprise network security operations role focused on Zero Trust access control, NAC (Forescout), DNS/DHCP/IPAM (Infoblox), device visibility, and operational support for a massive global network environment.

100% remote, will work EST time zone but can sit in any US timezone

Forescout is a must have

12 months ; may extend

Contract role

US Citizen or Permanent Resident only

As part of global Network Security Operations function, the Zero Trust Network Operations Engineer is responsible for the day to day operation, monitoring, support, and lifecycle management of the enterprise network security infrastructure. This role focuses on maintaining availability, enforcing security policies, executing approved changes, and responding to incidents across a large, globally distributed environment.

The environment supports 1,000+ sites and 100,000+ users, including datacenters, manufacturing plants, sales offices, and customer contact centers. Technologies include Cisco, Fortinet, Zscaler, Silver Peak SD WAN, Akamai Guardicore, Tufin, Forescout NAC, Microsoft Azure, Google GCP, and related security platforms.

This is a hands-on operational role working closely with global IT operations teams, security partners, and managed service providers to ensure secure, stable, and compliant network services.

How you will do it:

• Operational Support & Maintenance

• Operate and support enterprise Zero Trust platforms, primarily Forescout NAC and Infoblox DDI.

• Perform daily monitoring, health checks, and troubleshooting of network access control services, DNS, and DHCP.

• Manage network access exceptions, MAC address repository (MAR) whitelisting, and device compliance checks for corporate and BYOD/Guest networks.

• Data Analytics & Asset Management

• Leverage data analytics skills to analyze, correlate, and reconcile asset data across Forescout, Infoblox, Axonius, and ServiceNow CMDB.

• Assist in identifying, classifying, and managing the lifecycle of over 30,000 unmanaged, IoT, and OT devices across the global network.

• Incident & Problem Management

• Respond to network access control incidents, including 802.1X/RADIUS authentication failures and Guest Captive Portal (JCI-Internet) loading issues.

• Work collaboratively with the Network TOC, Service Desk, and field IT teams during security events or network service degradations.

• Change & Configuration Management

• Implement approved access control rules, semi-trust policies, and network segmentation changes (VLAN assignments/ACLs) in production environments.

• Execute DNS/DHCP configuration changes and IPAM updates following formal change management processes.

• Automation & Continuous Improvement

• Identify opportunities to automate repetitive operational tasks (e.g., utilizing PowerApps/Power Automate to streamline MAC address approvals).

• Assist with operational runbooks, standard operating procedures, and knowledge documentation for L1/L2 support teams.

What we look for:

• Required

• Hands-on operational experience supporting enterprise network security, network access control, or DDI environments.

• Working knowledge of network authentication protocols (802.1X, RADIUS, MAB) and core networking concepts (TCP/IP, VLANs, routing/switching).

• Experience troubleshooting DNS, DHCP, and IP address management (IPAM) issues.

• Experience working within ITIL-based operational processes (incident, change, problem).

• Desirable

• Direct experience operating Forescout, Infoblox, or Axonius platforms.

• Experience with ServiceNow CMDB and building automated workflows (e.g., PowerApps).

• Exposure to Zero Trust Network Architecture and IoT/OT device classification from an operational perspective.

• Basic scripting or automation experience (Python preferred).

Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Data Analytics, or other applicable disciplines.

• Security or networking certifications (e.g., Forescout FSCA/FSCP, CCNA, Security+) are a plus.