Candescent is a forward-thinking technology company transforming how financial institutions deliver Intelligent Banking experiences. We unite digital banking, account opening, and branch solutions that power and connect digital banking, account opening, and branch solutions—creating seamless engagement across digital, remote, and in-person channels.

Our Experience-Led, Intelligence-Driven approach combines human-centered design with data, automation, and cloud-based innovation. Built on an API-first architecture, our extensible ecosystem enables institutions to adapt quickly, integrate easily, and unlock new opportunities for growth—turning every customer interaction into a moment of clarity, confidence, and connection.

The Lead Network Security Specialist will serve as Candescent’s principal technical authority for securing our networked and cloud-connected environments. This role oversees the design, implementation, and ongoing evolution of modern network security controls—including identity-centric Zero Trust enforcement, firewall and segmentation strategy, secure remote access, and encrypted traffic visibility.

The ideal candidate brings deep technical expertise, strong leadership experience, and a passion for continuous improvement in a highly dynamic environment.

Key Responsibilities and Deliverables

Strategic Leadership

· Define and execute Candescent’s network security strategy aligned to business objectives, risk posture, and Zero Trust principles.

· Serve as the subject-matter expert for network security architecture, providing guidance to leadership, engineering, infrastructure, and product teams.

· Evaluate emerging technologies and regulatory requirements, ensuring Candescent’s network defenses remain current and aligned with leading practices.

Architecture, Engineering & Operations

· Architect, implement, and maintain network security technologies across cloud, data center, and branch environments—including NGFW, segmentation, VPN/ZTNA, DNS security, WAF, and DDoS protection.

· Oversee firewall policy lifecycle management, ensuring consistent, scalable, and auditable deployment of rules and objects.

· Lead secure connectivity initiatives supporting cloud adoption, SD-WAN evolution, Zero Trust access patterns, and encrypted traffic inspection capabilities.

· Partner with DevOps/Platform teams to integrate network security into CI/CD pipelines, automation frameworks, and infrastructure provisioning.

· Ensure resiliency through documented recovery procedures, redundancy planning, and continuous performance tuning.

Governance, Compliance & Assurance

· Maintain alignment with PCI, SOC 2, GLBA, and internal security standards.

· Develop and maintain documentation including network security standards, runbooks, diagrams, and technical reference architectures.

· Support internal/external audits and risk assessments, providing evidence and remediation plans as required.

Team Leadership & Cross-Functional Collaboration

· Lead, mentor, and develop a high-performing team of network security engineers.

· Oversee workload planning, technical decision-making, and escalations for incidents and complex engineering challenges.

· Foster strong partnerships with Infrastructure, Cloud Engineering, Security Operations, Application Security, and Product teams.

· Champion a culture of secure-by-design engineering and continuous improvement.

Qualifications and Experience

· 8+ years of experience in network security engineering, with at least 3 years in a lead or senior technical role.

· Hands-on expertise with enterprise-grade firewall platforms, secure network architecture, segmentation, and threat prevention services.

· Strong experience securing hybrid architectures (cloud, data center, branch) and implementing ZTNA or Zero Trust-aligned controls.

· Advanced understanding of TCP/IP, routing, VPN technologies, DNS security, and encrypted traffic inspection.

· Experience with infrastructure-as-code practices (Terraform, CloudFormation), network automation, and CI/CD integration.

· Strong analytical, communication, and incident leadership skills.

Preferred Distinctions

· Experience in financial services or other regulated industries.

· Certifications such as CISSP, CCSP, PCNSE, NSE7, AWS/Azure/GCP architectures, or equivalent.

· Familiarity with container networking, service mesh architectures, and secure API connectivity.

Statement to Third Party Agencies
To ALL recruitment agencies: Candescent only accepts resumes from agencies on the preferred supplier list. Please do not forward resumes to our applicant tracking system, Candescent employees, or any Candescent facility. Candescent is not responsible for any fees or charges associated with unsolicited resumes.