Principal Network Security Engineer

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

Role: Principal Network Security Engineer

Description of role and key responsibilities:

The Principal Network Security Engineer is responsible for designing, implementing, and managing the network security platforms within the organization. The candidate will have the opportunity to join a new team focusing on high-impact projects supporting mission critical environments, where service matters and exceeding expectations is the norm. We are looking for a though-leader, self-driven Engineer that can help transform and evolve the network security platforms that support our business and security strategy.

Key responsibilities:

The Principal Network Security Engineer's primary areas of responsibility include managing the Network Access Control and Identity Services platforms. As the product owner of these technologies you'll define architectural patterns, lead deployments, create standards/documentation, and perform operations handovers.

• Solution Architecture & Design: Collaborating with stakeholders to design and implement comprehensive solutions tailored to specific business needs.
• Deployment & Configuration: Installing, configuring, and maintaining Network Access Control (NAC) appliances/software and Identity Platforms across data centers globally
• Device Discovery & Profiling: Identify all devices on the network, including their operating systems, MAC addresses, and other relevant attributes to ensure only sanctioned devices are provided access
• Policy Creation and Enforcement: Developing and implementing access control policies based on device profiles to manage network segmentation and security posture.
• Threat Detection and Response: Monitoring for suspicious device activity and automatically responding to potential security threats.
• Compliance Management: Ensuring adherence to security standards and regulations by leveraging reporting and auditing features.
• Integration with other Security Tools: Integrating with existing security solutions like next-gen firewalls, SIEMs, and endpoint protection systems to build a seamless security tool ecosystem
• Customer Support and Training: Providing technical support to internal teams, manage escalations from operations, and conduct training sessions on platform functionality.
• Automation & Orchestration: Leverage development tools and GitOps practices to deploy and operate security platforms
• Standards & Documentation: Create solution patterns, define standards, and document SOPs using Confluence and draw.io

Core Skills & Experience:

• Expert-level in NAC platform administration and configuration (Forescout preferred)
• Strong understanding of network security principles. CISSP certification is desired but not required
• Working experience deploying and operating Identity platforms (Cisco ISE preferred)
• Exposure to Microsoft Active Directory, Microsoft Entra ID, and LDAP
• Knowledge of network fundamentals (TCP/IP, VLANs, VRFs, VPN, Dynamic Routing). CCNP certification preferred
• Strong understanding of how Network and Security infrastructure operate at Layer 2, Layer 3 & Layer 4-7
• Knowledge of network authentication protocols including EAP/802.1x, TACACS, RADIUS, OAuth
• Experience working with Public Key Infrastructure and tools (Venafi)
• Expert-level experience working with Linux, Windows, and MacOS operating systems
• Experience with scripting languages (Bash, Python, Perl, Powershell) and IaC tools like Ansible or Terraform
• Proficient with packet data tools like Wireshark to perform deep-level forensic analysis
• Ability to perform security analysis using SIEM and Analytics tools (Azure Sentinel, Log Analytics)
• Expert-level writing skills to create playbooks and standard operating procedures
• Experience with web APIs and data serialization languages (JSON, YAML)
• Excellent problem-solving and troubleshooting abilities with an emphasis on security
• Strong communication skills to collaborate with technical and non-technical stakeholders
• Exposure to cloud service providers such as Azure or AWS
• Working experience with Next Generation Firewalls (Checkpoint, Palo Alto) or host-based firewalls (Illumio)
• Good understanding of DNS, DHCP, and IPAM systems
• Previous experience at a financial organization is a plus

Salary Range:
$114,700 - 194,900 USD

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We'd love to learn more about how your interests and experience could be a fit with one of the world's most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at

We hope you're excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.