Sr. Network Security Engineer

Axos Bank

Target Range: $ /Yr.

- $ /Yr. Actual starting pay will vary based on factors including, but not limited to, geographic location, experience, skills, specialty, and education.

Eligible for an Annual Discretionary Cash Bonus Target: 10%

Eligible for an Annual Discretionary Restricted Stock Units Bonus Target: 10%

Note: These discretionary target bonuses may be awarded semi‑annually based upon your achievement of performance goals and targets.

This position is not eligible for employment visa sponsorship now or in the future. This role will be onsite and available at any of the posted locations below.

• San Diego, CA
• Irvine, CA
• Los Angeles, CA
• Centennial, CO
• Las Vegas, NV

Remote is not available.

We are seeking a Senior Network Security Engineer to join our Zero Trust team and serve as a hands‑on technical owner of our Zero Trust Network Access (ZTNA) and microsegmentation platforms. This is not a traditional network security role. While deep expertise in network security architecture is foundational, this position carries an equal mandate to design, build, and operate AI agents and automation workflows that will handle the majority of routine network security tasks, driving toward 70%+ workflow automation and 10x productivity across the function.

The ideal candidate is a network security practitioner who is excited about leveraging large language models, agentic AI frameworks, and automation platforms to fundamentally change how security work gets done.

At Axos, our CISO organization is pioneering an AI‑native security operations model. You will be expected to think like a builder, not just an operator. You will create AI agents that do repetitive work so you can focus on architecture, strategy, and complex problem‑solving.

• Own the day‑to‑day engineering, configuration, and optimization of ZTNA and microsegmentation across environments.
• Design and implement microsegmentation policies that enforce least‑privilege network access across data center, cloud, and hybrid workloads.
• Drive enterprise‑wide ZTNA adoption, partnering with infrastructure, application, and Dev Ops teams to onboard users and services.
• Build and maintain segmentation maps, traffic flow baselines, and policy rule sets aligned to business‑critical applications and regulatory boundaries.
• Support and troubleshoot network access issues related to ZTNA policy enforcement, split tunneling, and identity‑aware access controls.

• Learn to design, build, and manage AI agents (using platforms such as Kindo.ai, n8n, and Claude/Anthropic APIs) that automate routine network security operations including policy reviews, firewall rule audits, segmentation gap analysis, and anomaly triage.
• Build AI‑assisted runbooks that enable autonomous or semi‑autonomous handling of common network security events, escalating only when human judgment is required.
• Instrument and monitor AI agent performance, accuracy, and safety using human feedback loops and governance frameworks established by the CISO organization.
• Contribute to the team’s AI Governance practices, including prompt version control, agent testing, and compliance with the Axos AI Governance Management Directive.

• Participate in incident response for network‑layer events, providing technical expertise during investigation and containment.
• Document architectures, standard operating procedures, and AI agent configurations to a standard that enables knowledge transfer and auditability.
• Stay current on emerging Zero Trust frameworks, AI/ML developments, and network security threats relevant to a federally regulated financial institution.

• 7+ years of progressive experience in network security engineering, with hands‑on work in firewall management, network segmentation, VPN/ZTNA, and intrusion detection/prevention.
• Demonstrated experience with micro segmentation platforms and ZTNA.
• Strong working knowledge of TCP/IP, DNS, routing/switching, proxy architectures, and cloud networking.
• Familiarity or strong willingness to learn AI/ML concepts, prompt…