Network & Cloud Security Engineer

Vaco Dallas is seeking a seasoned Network & Cloud Security Engineer for a contract-to-hire employment opportunity for a local client based in Addison, TX in the healthcare industry. This resource will take charge of securing hybrid infrastructure across on-prem and cloud platforms (AWS & Azure). This is a hands-on role focused on designing and automating secure network environments, deploying next-gen firewall solutions, and helping lead a shift to a Zero Trust architecture. You'll collaborate across IT, DevOps, and Security teams to secure critical systems, guide infrastructure-as-code practices (Terraform, GitLab), and stay ahead of evolving cyber threats. This position will be required to work onsite 4-days per week and candidates must be local to the Dallas/Fort Worth market, as our client is unable to cover relocation expenses at this time. Candidates must also be able to pass a criminal background check and drug screen and must be legally eligible to work in the United States, as our client is unable to sponsor at this time.

Vaco is NOT seeking third party candidate support on this engagement.

Job Title: Senior Network & Cloud Security Engineer

Job Type: Contract-to-Hire

Worksite Schedule: 4-days onsite (Monday through Thursday) Fridays remote

Worksite Location: Addison, Texas

W2 Hourly Rate On Contract: $55.00 - $65.00 (W2) based on experience and credentials

Salary Conversion Target: Based on experience up to $115,000 - $135,000 excellent full benefits

Added insight :

This resource will be joining a newly established team formed within what they refer to as their "Security Towers" that will be handling firewall and network security. This group is made up of experienced Network Security Engineers (A-players), that work in a low-touch environment, with forward thinking team members, that are looking to bring recommendations and provide feedback for creating a healthy security posture for the organization.

The organizations overall goal for 2025 is optimization, standardization, and modernization. The addition of this team, is no exception. What they really need out of this person, is someone who is senior enough to hit the ground running from day one, from technology selection and optimization to eventually helping to build out the team.

They currently have several projects spun up under this new team. They are currently managing and supporting the Firewalls (primarily Palo Alto) but are also in the middle of a VMware NSX migration and are in the middle of a Microsegmentation project (Zero Trust). They are a Palo Alto Shop, utilizing Prisma Cloud, Cortex XDR, firewalls, and GlobalProtect VPN Client. They have interest in adding additional Palo Alto Products, including WildFire and AI functionality down the road. While they utilize functions within Cortex XDR, they are not using it as a complete MDR platform but the end-goal is to get there. Currently, they also utilize Carbon Black where everything gets pushed to Splunk ES, which is then pushed to the SOC team for firewall support and Splunk monitoring. They utilize both AWS and Azure, where AWS is more heavily utilized, and Azure is more-so utilized to manage M365 tasks. Additionally, they have not moved heavily into IaC (Terraform) as of yet but that is the end-goal.

Overview:
We're seeking an experienced and proactive Network & Cloud Security Engineer to help drive the evolution of our enterprise security posture across both on-premises and cloud environments. In this role, you'll take the lead on designing, deploying, and maintaining advanced network security solutions that support critical business systems and regulatory standards. You'll collaborate with teams across infrastructure, application, and cloud domains to ensure secure connectivity, resilience, and scalability throughout the organization's IT landscape.

Job Scope:

• Partner with internal DevOps, infrastructure, and application teams to implement and manage robust network defenses across both private data centers and cloud platforms.


• Architect secure connectivity strategies using virtual and physical firewalls, routing protocols, segmentation, and peering techniques to maintain network integrity and performance.


• Stay informed of emerging cyber threats, vulnerabilities, and exploit methods; lead the response by applying patches and updates across environments.


• Provide mentorship to junior engineers and contribute to a knowledge-sharing culture within the InfoSec team.


• Design and automate cloud security architecture-leveraging Terraform and GitLab CI/CD pipelines-for scalable and secure cloud adoption, particularly in AWS and Azure environments.


• Establish deployment templates and best practices for network and firewall configurations used across the enterprise.


• Ensure monitoring, alerting, and event correlation are effectively configured to detect anomalies and system disruptions across network security tools.


• Maintain up-to-date documentation, architecture diagrams, and process workflows that align with operational and compliance requirements.


• Evaluate and implement innovative security tools to enhance threat detection and system hardening.


• Act as a senior-level responder during high-priority security incidents or outages.


• Stay on the forefront of cybersecurity developments, contributing to the organization's evolving defense strategy.

Requirements:

• Bachelor's degree in a technology-related field (or equivalent professional experience).


• Minimum 5 years of hands-on experience in network and systems security engineering in hybrid cloud environments.


• Expertise in network fundamentals and security protocols (e.g., TCP/IP, BGP, VPN, NAT, VLANs, microsegmentation, subnetting).


• Proficiency in security management across AWS, Azure, and VMware environments.


• Demonstrated experience with infrastructure-as-code, especially Terraform and GitLab for provisioning secure environments.


• Advanced knowledge of firewall and application delivery technologies from vendors such as Palo Alto, Citrix, VMware, and cloud-native services.


• Familiarity with compliance and control frameworks such as SOX, NIST, and HIPAA.


• Proven ability to implement zero trust principles, reduce attack surfaces, and secure perimeter designs in large-scale infrastructures.


• Excellent communication, documentation, and troubleshooting abilities in fast-paced environments.

Preferred Skills & Certifications:

• Certifications in AWS or Azure Cloud specializations, preferred.


• Palo Alto Networks certifications (PCNSE or equivalent), preferred.


• Experience with managed detection and response (MDR) platforms like Cortex XDR, CrowdStrike Falcon, or Rapid7, preferred


• Background in healthcare IT environments, with an understanding of HIPAA compliance requirements, preferred.

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual's skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company's 401(k) retirement plan.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.