Network Security Engineer

Overview

• Must be authorized to work in USA
  :
  No sponsorship
• Pay Rate: $70-$75/ hour W2 | $150K $170K Conv
• Must Have: Forescout Platform Experience

We are seeking an experienced Network Security Engineer for a contract-to-hire engagement with one of New York City's leading healthcare organizations. This is a hands-on, senior-level role responsible for the design, deployment, and ongoing operational excellence of our network access control and security infrastructure. The contract is expected to convert to a permanent full-time position for the right candidate. The ideal candidate brings deep technical expertise in Forescout and thrives in a complex, compliance-driven healthcare environment where uptime and patient data protection are paramount.

• Design, deploy, and manage Forescout-based Network Access Control (NAC) infrastructure across enterprise and clinical environments
• Develop and enforce device visibility, classification, and policy enforcement for managed, unmanaged, and IoT/medical devices
• Author and maintain comprehensive technical documentation, standard operating procedures (SOPs), runbooks, and network security policies
• Conduct architecture reviews and lead network security improvement initiatives in alignment with HIPAA, HITECH, and NIST frameworks
• Collaborate with infrastructure, clinical engineering, and IT teams to ensure secure network segmentation and least-privilege access
• Monitor network security events, investigate anomalies, and drive remediation efforts in coordination with the SOC team
• Manage and maintain next-generation firewall infrastructure (Palo Alto Networks preferred), including rule lifecycle management and threat prevention policy tuning
• Support and administer F5 application delivery and security services including LTM/GTM, APM, and ASM/AWAF
• Lead vendor engagements, coordinate with managed service partners, and serve as internal SME for network security technologies
• Participate in on-call rotation and provide escalation support for critical network security incidents

• 5+ years of hands-on experience in network security engineering in enterprise environments
• Deep expertise in Forescout Platform (formerly Counter
  
  ACT), including:
  • eye Sight, eye Control, and eye Segment modules
  • Policy authoring, device classification, and enforcement actions
  • Integration with Active Directory, SIEM, and ticketing platforms
• Active Forescout certification (FCSS – Forescout Certified Security Specialist, or equivalent) required
• Demonstrated ability to independently design and deliver full lifecycle NAC deployments — from architecture through implementation and documentation
• Strong documentation skills: ability to produce clear, detailed SOPs, network diagrams, and policy documentation for both technical and non-technical audiences
• Solid understanding of network fundamentals: VLANs, 802.1X, RADIUS, DHCP, DNS, routing, and switching
• Experience working in regulated industries with exposure to HIPAA, HITECH, or similar compliance requirements
• Bachelor's degree in Computer Science, Information Security, or equivalent practical experience

• Hands-on experience with PAN-OS, Panorama, and NGFW policy management
• Familiarity with Prisma Access, Global Protect, and Cortex XSOAR a plus
• Palo Alto Networks Certified Network Security Engineer (PCNSE) preferred
• F5 expertise:
  • Administration of BIG-IP LTM, GTM, APM, and ASM/Advanced WAF
  • Experience with iRules, SSL offload, and application security policies
  • F5 Certified BIG-IP Administrator (F5-CA) or Solution Expert (F5-CSE) preferred
• Experience with healthcare IoT and medical device security
• Familiarity with Zero Trust architecture principles and microsegmentation strategies
• Exposure to SIEM platforms (Splunk, Microsoft Sentinel) and SOAR integrations
• Additional industry certifications: CISSP, CCNP Security, CEH, or equivalent