Ad Hoc LLCRemote
Evergreen: Senior Network/Security Engineer
United States of America
Full Time
4 hours ago
$153,000 - $187,000 USD
No H1B
Key skills
AnalyticsSAMLSplunkCommunicationZero TrustFirewall
About this role
Ad Hoc LLC is a technology company that empowers organizations to deliver scalable, impactful digital services. The Senior Network/Security Engineer will work on the design and implementation of secure network infrastructures and ensure compliance with federal standards while collaborating with various agencies to enhance public service delivery.
Responsibilities:
- Experience with Palo Alto, panorama OS (PAN-OS), Firewalls, SIEM, Security Configuration Management (SCM), migration, security and compliance, RBAC and access models, Data Loss Prevention (DLP), Strata Cloud Manager
- Operate and engineer enterprise web proxy, deliver reliable policy changes, and diagnose issues down to packet level
- Configuring Network ACLs, firewalls, and security groups to enforce policy and isolate sensitive workloads
- Design secure network infrastructure enforcing Zero Trust principles for the DXP
- Ensure 100% compliance with IRS/NIST boundary protection standards
- Proxy Engineering
- Forward/reverse proxy modes; explicit vs transparent; PAC/WPAD design and distribution
- SSL/TLS inspection: cert chains, pinning impacts, ALPN, HTTP/2 behavior, auth flows (Kerberos/NTLM, SAML/OIDC)
- Safe bypass strategies (domain/SNI/IP/risk-based) without degrading coverage
- Layer 3 & Internet Fundamentals
- Routing & addressing (CIDR, MTU/fragmentation/PMTUD, NAT44/66, VRFs), basic BGP/OSPF, DNS recursion/forwarding and failure modes
- Ports & Protocols
- TCP/UDP behavior, ephemeral ranges, TLS handshake/SNI, and middlebox interactions (no QUIC/HTTP-3 requirement)
- PCRE
- Writes and reviews complex PCRE (lookarounds, backreferences, atomic groups) with an eye for performance (avoid catastrophic backtracking)
- Troubleshooting: Packets + Analytics
- Tcpdump/Wireshark proficiency (TLS/HTTP analysis, TCP dynamics)
- Log correlation at scale (e.g., Splunk/ELK) to isolate issues off-box (client, network, IdP, upstream)
- Can distinguish origin responses vs proxy-generated errors and document root cause
- Communication & Prioritization
- Clear stakeholder comms; triage correctly under load—doesn’t treat every noisy issue as P1
- Normalize firewall / Panorama versions
- Get Panorama 12.x integrated with Strata Cloud Manager as the “real” central manager
- Upgrade the DLP plug-in so it works cleanly in SCM
Requirements:
- Experience with Palo Alto, panorama OS (PAN-OS), Firewalls, SIEM, Security Configuration Management (SCM), migration, security and compliance, RBAC and access models, Data Loss Prevention (DLP), Strata Cloud Manager
- Operate and engineer enterprise web proxy, deliver reliable policy changes, and diagnose issues down to packet level
- Configuring Network ACLs, firewalls, and security groups to enforce policy and isolate sensitive workloads
- Design secure network infrastructure enforcing Zero Trust principles for the DXP
- Ensure 100% compliance with IRS/NIST boundary protection standards
- Proxy Engineering: Forward/reverse proxy modes; explicit vs transparent; PAC/WPAD design and distribution
- SSL/TLS inspection: cert chains, pinning impacts, ALPN, HTTP/2 behavior, auth flows (Kerberos/NTLM, SAML/OIDC)
- Safe bypass strategies (domain/SNI/IP/risk-based) without degrading coverage
- Layer 3 & Internet Fundamentals: Routing & addressing (CIDR, MTU/fragmentation/PMTUD, NAT44/66, VRFs), basic BGP/OSPF, DNS recursion/forwarding and failure modes
- Ports & Protocols: TCP/UDP behavior, ephemeral ranges, TLS handshake/SNI, and middlebox interactions (no QUIC/HTTP-3 requirement)
- PCRE: Writes and reviews complex PCRE (lookarounds, backreferences, atomic groups) with an eye for performance (avoid catastrophic backtracking)
- Troubleshooting: Packets + Analytics: tcpdump/Wireshark proficiency (TLS/HTTP analysis, TCP dynamics)
- Log correlation at scale (e.g., Splunk/ELK) to isolate issues off-box (client, network, IdP, upstream)
- Can distinguish origin responses vs proxy-generated errors and document root cause
- Communication & Prioritization: Clear stakeholder comms; triage correctly under load—doesn't treat every noisy issue as P1
- Current or previous Federal Government Clearance