Lead Network Security Engineer, Firewalls

It Starts Here:

Santander is a global leader and innovator in the financial services industry and is evolving from a high-impact brand into a technology-driven organization. Our people are at the heart of this journey and together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible.  This is more than a strategic shift.  It’s a chance for driven professionals to grow, learn, and make a real difference.

If you are interested in exploring the possibilities We Want to Talk to You!

The Difference You Make:
The Lead Network Security Engineer, Firewalls is a senior technical leader within Santander US Network Security, accountable for the engineering, governance, and operational hygiene of the firewall environment across all five US legal entities (Banco Santander International, Santander Holdings USA, Santander Bank N.A., Santander Consumer USA, and Santander US Capital Markets / USA Inc.). The role is a hands-on senior engineer with formal supervisory responsibilities, partnering with applications, infrastructure, and project teams design and deliver secure connectivity for new and changing applications while continuously driving cleanup of legacy rules, objects, and policies. The role supervises the firewall engineering team and is expected to grow it as the function expands. 

• Set technical direction and standards for firewall engineering across the US firewall fleet, including platform selection, version baselines, naming conventions, object models, and rule-design patterns.
• Lead the engineering of complex firewall changes, including zone re-architectures, datacenter and branch migrations, vendor refreshes, and new-site builds.
• Partner with application development, infrastructure, cloud, and architecture teams from project intake through delivery to design secure connectivity for new applications and services.
• Translate business requirements into reusable connectivity patterns, consult on segmentation and encryption decisions, and represent the firewall function in Architecture Review Boards and Change Advisory Boards.
• Own firewall-related controls within the Network Security RCSA portfolio, including rule review, change management, configuration baseline, and rule lifecycle controls.
• Drive remediation of audit findings, action drivers, penetration-test findings, and second-line observations tied to firewalls; close items on committed dates with auditable evidence.
• Lead the firewall hygiene program: recurring rule, object, route, NAT, and policy reviews; identification and removal of stale, redundant, overly permissive, or shadowed rules.
• Drive decommissioning of retired hosts, services, and legacy connectivity that no longer have a business owner.
• Manage firewall lifecycle activities, including software upgrades, hardware refresh, license management, and vulnerability remediation.
• Partner with Cyber Operations and Incident Response on firewall-related incidents, including tactical containment and post-incident hardening.
• Supervise the firewall engineering team (currently one Senior Firewall Engineer with planned growth), set objectives, conduct performance and development conversations, and provide structured coaching.
• Recruit, onboard, and develop additional firewall engineers; build backup coverage, cross-training, and runbooks so that critical firewall responsibilities are not single-person dependent.

What You Bring:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education:

• Bachelor’s Degree: in related field or equivalent demonstrated through a combination of work experience, training, military service, or education - Required

Qualifications:

• 9+ Years Experience in IT Security. - Required.
• 9+ Years Working as a security Architect. - Required.
• 5+ Years Experience with Checkpoint, Palo Alto, FireEye, Imperva, Security Center, Splunk. - Required.
• 5+ Years Strong knowledge of PCI, SOX, ISO and NIST security standards.  Required.
• 5+ Years Experience with managing enterprise security projects. - Required.
• 5+ Years Experience with penetration testing. - Required.
• Knowledge of risk assessment tools, technologies, and methods.
• 8+ years of progressive experience in network engineering or network security, with at least 4 years focused on enterprise firewall engineering and operations.
• Minimum 2 years of formal or informal technical leadership experience: leading projects, mentoring engineers, owning multi-quarter engineering programs, or supervising direct reports.
• Hands-on engineering experience with at least two enterprise firewall platforms (Palo Alto Networks, Cisco ASA / FTD, Check Point).
• Experience with firewall analysis and policy-management tooling such as AlgoSec, Tufin, FireMon, or equivalent.
• Working knowledge of cloud firewall and network security constructs (Azure Firewall / NSGs, AWS Security Groups / NACLs).
• Strong networking foundations: TCP/IP, routing (OSPF, BGP), switching, VLAN design, NAT, and load-balancing concepts.
• Site-to-site and remote-access VPN experience: IPsec / IKEv2, SSL VPN, modern crypto suites, certificate-based authentication.
• Track record of delivering firewall engineering outcomes in a regulated environment (financial services preferred).
• Experience operating within ITIL change management, problem management, and incident management processes; experience producing audit-grade evidence for internal audit, external audit, and regulatory examiners.

Certifications:

• PMP: Project Management Professional - Preferred.

It Would Be Nice For You To Have:

• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.

Work Authorization & Sponsorship:
Applicants must be legally authorized to work in the United States on a full-time basis without requiring employer sponsorship to commence employment.

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range:

Minimum:

Maximum:

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

Review the internal eligibility guidelines here. If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at TAOps@santander.us to discuss your needs.