Network Security Engineer, Zero Trust

The Role

We are seeking a highly motivated and experienced Network Security Engineer to join our Network Operations team. This team is central to the design, implementation, and maintenance of SoFi’s hybrid and multi-cloud network infrastructure, focusing exclusively on security engineering excellence and enforcing Zero Trust principles. As SoFi continues its rapid evolution and growth, the demands for scalable, secure, and highly available networking solutions are paramount. If you thrive in an environment where automation, cloud-native tooling, and critical, high-impact security work are daily occurrences, this role offers a significant opportunity to define the future of FinTech security.

What you’ll do:

• Zero Trust & SASE Architecture: Design, implement, and operate our global Zero Trust Architecture (ZTA) and Secure Access Service Edge (SASE) solution, focusing on advanced configuration of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for both corporate and production environments.
• Cloud Network Security: Serve as the Subject Matter Expert (SME) for securing multi-cloud networking environments (AWS and Azure). This includes implementing robust controls for VPC/VNet peering, Transit Gateway configurations, and leveraging native cloud security services (e.g., Security Hub, Firewall Manager).
• Infrastructure-as-Code (IaC) & Automation: Develop, test, and maintain automated security deployments and configurations using Terraform and version control systems (Git) to ensure security policies are deployed consistently and scalably across all platforms.
• Next-Gen Firewalls: Implement and enhance security policy rules, NAT/VPN configurations, and advanced threat prevention profiles on Palo Alto Networks Next-Generation Firewalls (NGFWs), ensuring adherence to the least-privilege principle.
• Security Integration: Partner with DevSecOps teams to integrate network security tooling into CI/CD pipelines, enabling automated vulnerability checks and compliance enforcement (shift-left security).
• Compliance & Risk: Ensure network infrastructure and controls meet stringent regulatory requirements relevant to FinTech (e.g., PCI DSS, SOC 2, SOX).
• Incident Response: Support the Security Operations Center (SOC) by providing expert-level analysis of network security incidents, packet captures, and flow data to rapidly contain and remediate threats.

What you’ll need:

• 4+ years of hands-on experience in Network Security Engineering or a related role within a fast-paced environment.
• Expertise in Zero Trust concepts and demonstrable experience implementing SASE solutions (e.g., Zscaler, Palo Alto Prisma Access).
• Deep practical experience with at least one major cloud platform (AWS or Azure) specifically focused on networking and security services (VPC/VNet, Security Groups, NACLs, Cloud Firewall).
• Advanced troubleshooting skills across the network stack (TCP/IP, routing protocols, proxies, DNS).

Nice to have:

• Relevant certifications such as PCNSE, Zscaler ZCCA/ZCCP, or AWS Certified Security - Specialty.
• Experience with container networking and security in Kubernetes (e.g., Network Policies, Calico).
• Familiarity with Network Access Control (NAC) technologies and protocols (802.1x, RADIUS, Microsoft NPS).
• Prior experience in a heavily regulated industry, particularly FinTech, and familiarity with compliance standards (PCI, SOX).
• Hands-on experience with advanced monitoring and SIEM tools (e.g., Splunk, Elastic, Datadog).