Network Security Engineer

Who We Are

Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips – the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world – like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world. 

What We Offer

Location:

You’ll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible—while learning every day in a supportive leading global company. Visit our Careers website to learn more. 

At Applied Materials, we care about the health and wellbeing of our employees. We’re committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our benefits. 

Summary 

We are seeking a highly skilled Network Security Engineer to design, implement, and operate enterprise security solutions across Zero Trust access, cloud security/SSE, and next-generation firewall platforms. This role will lead engineering, deployments and operations for Akamai Enterprise Application Access (EAA), Zscaler (ZIA/ZPA/ZDX as applicable), and Palo Alto Networks firewalls (PAN-OS), ensuring secure connectivity, consistent policy enforcement, and high availability across global environments.

Job Description

Applied's IT organization has a long reputation of being a great place to work. The IT team has been recognized as one of Computerworld's 100 Best Places to Work in IT. In addition, numerous Applied IT leaders have been honored as a CIO Magazine's Ones to Watch or Computerworld Premier 100 IT leaders. 

The Senior Network Security Engineer / Solutions Architect is responsible for end‑to‑end ownership of enterprise network and web security platforms, spanning Zero Trust access, Secure Service Edge (SSE), Web Application & DDoS protection, Network Detection & Response (NDR), and Next‑Generation Firewalls.

This role combines hands‑on technical execution with architectural leadership and financial accountability. The individual will act as a platform owner—driving design decisions, ensuring operational stability, leading threat response, and managing vendor and cost governance for critical security services including Akamai (EAA, WAF, DDoS), Zscaler, Palo Alto Networks, and NDR platforms.

The position requires close collaboration with SOC, Network, Cloud, IAM, Application, and Finance teams to ensure security controls are effective, scalable, and aligned with business priorities. The role also serves as a Tier‑3 escalation point during major incidents and provides strategic input into roadmap planning, tool rationalization, and security investment decisions.

This is a high‑impact, senior‑level role ideal for a security professional who can operate at both technical depth and enterprise scale, balancing risk reduction, operational excellence, and cost efficiency.

Core Competencies:

• Zero Trust Architecture & Secure Access
  Strong understanding of Zero Trust principles, identity‑aware access, least privilege, and secure private application connectivity across hybrid environments.
• Web Application & DDoS Security
  Expertise in protecting internet‑facing applications against OWASP Top 10 risks, bot attacks, and volumetric/application‑layer DDoS threats while maintaining performance and availability.
• Network Defense & Threat Detection (NDR)
  Deep knowledge of network telemetry, behavioral analytics, east‑west traffic visibility, and threat hunting using Network Detection & Response platforms.
• Enterprise Firewall & Segmentation Design
  Proven ability to design, implement, and govern segmentation and policy controls using next‑generation firewalls (PaloAlto & FortiGate) aligned to NIST and Zero Trust standards.
•  Incident Response & Security Operations
  Strong troubleshooting and incident‑handling skills across web attacks, DDoS events, access outages, firewall issues, and advanced network‑based threats.
• Platform Ownership & Operational Excellence
  Ability to operate security platforms at scale with defined KPIs, runbooks, escalation models, and hypercare support during major changes.
• Financial & Vendor Management
  Demonstrated experience managing security platform costs, license consumption, renewals, and vendor evaluations to maximize ROI and control spend.
• Cross‑Functional Leadership & Communication
  Comfortable partnering with SOC, Network, Cloud, IAM, Application, and Finance teams, and communicating technical and financial trade‑offs to leadership.

Job Responsibilities  

     Akamai – Zero Trust, Web & Edge Security

• Design, deploy, and operate Akamai EAA for secure private application access across on‑prem, cloud, and hybrid environments.
• Implement and manage Akamai WAF protections including custom rules, rate limiting, bot management, and OWASP Top 10 mitigation.
• Architect and support Akamai DDoS protection (L3–L7) for internet‑facing applications, including event response and post‑incident analysis.
• Tune security policies to balance protection with application performance and user experience.
• Partner with application and platform teams to onboard new apps, domains, certificates, and security profiles.

Zscaler – SSE / Secure Web & Private Access

• Implement and operate Zscaler ZIA/ZPA (and related modules as in scope).
• Define and maintain security policies for secure web access, private application access, and traffic forwarding.
• Manage GRE/IPsec tunnels, agent deployments, PAC files, and identity-based policy enforcement.
• Support incident investigations related to web threats, access failures, or performance degradation.

Palo Alto Networks – Next‑Generation Firewalls

• Engineer, operate, and maintain Palo Alto NGFWs (PAN‑OS), including HA architectures.
• Maintain orchestration platforms such as Strata Manager and Panorama
• Implement zone‑based segmentation, NAT, routing, and threat prevention profiles.
• Lead firewall policy lifecycle management: design, review, recertification, and cleanup aligned with NIST/Zero Trust principles.
• Support perimeter, data center, and internal segmentation firewall use cases.

Network Detection & Response (NDR)

• Serve as technical owner for Network Detection & Response (NDR) capabilities (on‑prem, cloud, and hybrid visibility).
• Tune detections, reduce false positives, and improve signal quality in partnership with SOC teams.
• Lead investigations for lateral movement, command‑and‑control, anomalous traffic, and advanced threats.
• Provide architectural guidance on encrypted traffic visibility, east‑west monitoring, and cloud traffic inspection.

Threat Response, Operations & Governance

• Serve as escalation point for web attacks, DDoS events, access outages, and firewall incidents.
• Integrate platforms with SIEM/SOC, IAM (Entra ID/Ping Identity), PKI, and ITSM workflows.
• Develop operational runbooks, dashboards, and alerting for Tier‑2/Tier‑3 readiness.
• Drive POCs, production rollouts, and hypercare monitoring for new security capabilities.

Financial Ownership & Vendor Governance

• Own platform financials for Akamai, Zscaler, Palo Alto, and NDR tools, including:
  • License modeling and consumption tracking
  • Cost optimization and right‑sizing
  • Renewal planning and budget forecasting
• Partner with Finance and Procurement on renewals, true‑ups, and vendor negotiations.
• Evaluate ROI and efficiency of security investments; provide data‑driven recommendations for consolidation or expansion.
• Support POCs and vendor evaluations, including technical and financial comparison inputs.

Education and Experience 

7–10+ years in network and security engineering / architecture roles.

Hands‑on experience with:

• Zscaler ZIA/ZPA
• Akamai EAA , WAF & DDoS
• Palo Alto Networks NGFW (PAN‑OS) & Fortinet
• Network Detection & Response (NDR) platforms

Strong understanding of:

• Web security, DDoS attack vectors, OWASP Top 10
• Network telemetry, threat detection, traffic analysis
• Zero Trust, segmentation, identity‑aware access

Proven troubleshooting skills across multi‑vendor, multi‑layer security stacks

Preferred Qualifications

• Certifications: PCNSE, Akamai, Zscaler, CISSP or equivalent.
• Experience with SIEM/SOAR integrations and SOC operations.
• Automation or scripting experience (Python, APIs, Terraform/Ansible).
• Cloud security and hybrid connectivity experience (Azure/AWS/GCP).
• Experience presenting financial and risk trade‑offs to leadership.

Additional Information

Time Type:

Employee Type:

Travel:

Relocation Eligible:

Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.