Information Security Engineer (Zero Trust)
**Location ** Irving, TX (PREFERRED) or Charlotte, NC
Duration: 12 Month Contract **Pay: ** $60/hr W2
W2 ONLY, NO C2C
Must-Haves / Core Skillset
-
Micro-Segmentation & Zero Trust
-
Hands-on experience with workload-level segmentation and lateral-movement prevention.
-
Demonstrated ability to move from visibility to enforcement safely in production environments.
-
Illumio or Equivalent Platform Experience
-
Strong understanding of VEN agents, SaaS policy engines, enforcement modes, and migration considerations.
-
Comfort working directly with vendor engineering teams during live operational issues.
-
Traffic & Telemetry Analysis
-
Strong proficiency with SIEM tools (especially time-based analysis, distributions, and baselining).
-
Ability to reason about event ingestion pipelines and end-to-end telemetry delivery.
-
Operating Systems & Infrastructure
-
Solid Linux and Windows server fundamentals.
-
Understanding of application communication patterns, service dependencies, and network flows.
-
Operational Maturity: Experience with production change management and incident response.
-
Ability to halt or delay enforcement when telemetry or validation is insufficient.
-
Communication & Influence: Ability to clearly communicate technical risk, impact, and recommendations to engineers, leadership, and vendors.
-
Comfortable translating telemetry and failures into executive-level summaries.
Mission (Overarching Goal)
Advance the enterprise Zero Trust micro-segmentation program, delivering safe, auditable, and scalable traffic visibility and policy enforcement across hybrid environments (on-prem and cloud). This role ensures operational reliability, policy confidence, and vendor accountability for Illumio SaaS based segmentation at enterprise scale.
Day-to-Day Responsibilities
-
Operate and mature the Illumio micro-segmentation platform (SaaS with limited on-prem presence), including VEN agent lifecycle management across Windows, Linux, and future AIX workloads.
-
Design, validate, and deploy least-privilege segmentation policies, ensuring policy changes can be safely verified via traffic telemetry before and after enforcement.
-
Analyze traffic flow telemetry and delay metrics across ingestion pipelines and SIEM tooling to validate platform health, identify regressions, and distinguish policy issues from platform or vendor constraints.
-
Lead incident response and vendor escalation with Illumio engineering, including capacity constraints, SaaS scaling events, maintenance windows, and potential data integrity risks.
-
Partner with Network Engineering, NOC/NMC, application teams, and platform owners to coordinate production changes, policy deployments, and change-management activities.
-
Maintain and evolve security standards, baselines, and deployment guidance for enterprise micro-segmentation, aligning to internal governance, audit, and risk requirements.
-
Support large-scale onboarding and migration efforts, including SaaS cutovers, phased policy enforcement, and certification of segmentation controls for high-risk and payment applications.
Nice-to-Haves (Certifications / Extras)
-
Security & Architecture
-
CISSP, CCSP, or comparable security architecture certification
-
Zero Trust focused training or vendor micro-segmentation certifications
-
Cloud & Identity
-
Familiarity with Azure and enterprise IAM concepts (SaaS authentication, RBAC, API access)
-
Advanced Platform Integration
-
Experience integrating segmentation telemetry into SIEM, data lakes, or automation pipelines
-
Exposure to policy certification, audit traceability, or regulatory reporting
-
Micro‑segmentation & Zero Trust
-
Deep understanding of workload‑level segmentation, policy modeling, and lateral‑movement prevention.
-
Practical experience enforcing policy safely in production, not just designing it.