Job Title- Network Security Engineer
Location- New York City, NY (Onsite – Local Candidates Only)
Contract: 6+ Months Contract-to-hire
MOI: Skype
VISA: USC and GC Only
Need candidate who have expertise in Forescout
Position Overview:
We are seeking an experienced Network Security Engineer for a contract-to-hire engagement with one of New York City's leading healthcare organizations. This is a hands-on, senior-level role responsible for the design, deployment, and ongoing operational excellence of our network access control and security infrastructure. The contract is expected to convert to a permanent full-time position for the right candidate. The ideal candidate brings deep technical expertise in Forescout and thrives in a complex, compliance-driven healthcare environment where uptime and patient data protection are paramount.
Top Must Have’s:
• Primary expertise in Forescout
• Palo Alto and tertiary F5 – preferred
• Forescout (control plane), Palo Alto (enforcement), F5 (application layer), Identity protocols (access) and SIEM (visibility)
Key Responsibilities:
- Design, deploy, and manage Forescout-based Network Access Control (NAC) infrastructure across enterprise and clinical environments
- Develop and enforce device visibility, classification, and policy enforcement for managed, unmanaged, and IoT/medical devices
- Author and maintain comprehensive technical documentation, standard operating procedures (SOPs), runbooks, and network security policies
- Conduct architecture reviews and lead network security improvement initiatives in alignment with HIPAA, HITECH, and NIST frameworks
- Collaborate with infrastructure, clinical engineering, and IT teams to ensure secure network segmentation and least-privilege access
- Monitor network security events, investigate anomalies, and drive remediation efforts in coordination with the SOC team
- Manage and maintain next-generation firewall infrastructure (Palo Alto Networks preferred), including rule lifecycle management and threat prevention policy tuning
- Support and administer F5 application delivery and security services including LTM/GTM, APM, and ASM/AWAF
- Lead vendor engagements, coordinate with managed service partners, and serve as internal SME for network security technologies
- Participate in on-call rotation and provide escalation support for critical network security incidents
Required Qualifications:
- 5+ years of hands-on experience in network security engineering in enterprise environments
- Deep expertise in Forescout Platform (formerly CounterACT), including:
- eyeSight, eyeControl, and eyeSegment modules
- Policy authoring, device classification, and enforcement actions
- Integration with Active Directory, SIEM, and ticketing platforms
- Deployment in large-scale, multi-site environments
- Active Forescout certification (FCSS – Forescout Certified Security Specialist, or equivalent) required
- Demonstrated ability to independently design and deliver full lifecycle NAC deployments — from architecture through implementation and documentation
- Strong documentation skills: ability to produce clear, detailed SOPs, network diagrams, and policy documentation for both technical and non-technical audiences
- Solid understanding of network fundamentals: VLANs, 802.1X, RADIUS, DHCP, DNS, routing, and switching
- Experience working in regulated industries with exposure to HIPAA, HITECH, or similar compliance requirements
- Bachelor's degree in Computer Science, Information Security, or equivalent practical experience