Microsegmentation Engineer

Title: Microsegmentation Engineer Location: 401 W Las Colinas Blvd Irving, TX Alternate Locations: Charlotte, NC or Chandler, AZ Duration: 18 months Work Engagement: W2 Work Schedule: 3 days in office/2 days remote Benefits on offer for this contract position: Health Insurance, Life insurance, 401K and Voluntary Benefits Summary: We are seeking a Zero Trust / Micro-Segmentation Engineer to advance our enterprise segmentation strategy across hybrid environments. This role is responsible for delivering secure, scalable, and auditable traffic visibility and enforcement, ensuring strong protection against lateral movement while maintaining operational stability. You will play a key role in driving Zero Trust adoption, managing segmentation platforms (e.g., Illumio or similar), and partnering across engineering, security, and operations teams to enable safe policy enforcement at enterprise scale.

Responsibilities: Platform Operations & Engineering * Operate and mature a micro-segmentation platform (Illumio or equivalent SaaS-based solution) * Manage agent lifecycle (e.g., VEN or equivalent) across: * Windows * Linux * Future platforms (e.g., AIX) * Support onboarding, migrations, and large-scale deployment efforts Segmentation Design & Enforcement * Design and implement least-privilege segmentation policies * Transition safely from visibility mode to enforcement * Prevent east-west (lateral) movement within environments while complementing north-south controls (firewalls/WAF) * Apply workload labeling and policy modeling best practices Traffic & Telemetry Analysis * Analyze traffic flow telemetry to validate policy accuracy and system health * Use SIEM tools (e.g., Splunk preferred) for: * Baseline analysis * Time-based investigations * Distribution and anomaly detection * Troubleshoot telemetry ingestion pipelines and identify gaps or delays Incident Response & Vendor Management * Lead incident response and escalation with segmentation platform vendors * Partner with vendor engineering teams during: * Platform outages * Capacity/scaling events * Data integrity concerns Cross-Functional Collaboration * Work with Network Engineering, NOC/NMC, Security, and Application teams * Coordinate change management and production deployments * Communicate risks, impacts, and recommendations clearly across technical and business stakeholders Governance & Standards * Develop and maintain segmentation standards, baselines, and governance controls * Ensure policies align with audit, compliance, and risk requirements * Support certification of controls for critical systems (e.g., payment or regulated applications) Qualifications: * Applicants must be authorized to work for ANY employer in the U.S. This position is not eligible for visa sponsorship. Micro-Segmentation & Zero Trust * Hands-on experience with workload-level segmentation and lateral movement prevention * Proven ability to deploy and enforce policies safely in production environments Platform Experience * Experience with Illumio or equivalent segmentation platforms * Understanding of: * Agents (e.g., VEN) * SaaS policy engines * Enforcement modes and migration strategies * Comfortable engaging directly with vendor support/engineering teams Traffic Analysis & SIEM * Strong experience using SIEM tools (Splunk preferred) * Deep understanding of telemetry pipelines and event ingestion * Ability to distinguish between policy issues vs. platform constraints Infrastructure & Systems * Strong fundamentals in: * Linux and Windows server environments * Network flows and application dependencies * Understanding of: * East/West vs.

North/South traffic patterns Operational Maturity * Experience with incident response and change management * Ability to pause or delay enforcement when validation data is insufficient Communication Skills * Ability to translate technical concepts into business and executive-level insights * Strong collaboration and influencing skills across teams and vendors Technical Foundations * ~3+ years of experience in: * Network engineering / firewall engineering / security engineering * Exposure to: * Python and/or Ansible for automation * ServiceNow (preferred for ticketing/change management) * Experience with Splunk logging and analytics * Familiarity with cloud environments (Azure preferred) and IAM concepts (RBAC, SaaS auth) * Experience integrating telemetry into: * SIEM platforms * Data lakes or automation pipelines * Exposure to: * WAF (Web Application Firewalls) * Policy certification and audit traceability * Background in regulated industries (banking, healthcare, government)