Senior Network Engineer

About the role

We are hiring a Senior Network Engineer to help design, implement, and operate the company's next-generation secure network architecture. The Senior Network Engineer will own critical workstreams across SASE/ZTNA, NAC, IPSec connectivity, network segmentation, cloud network integration, egress controls, firewall policy, and telemetry forwarding. The ideal candidate has strong hands-on experience securing hybrid environments that span corporate networks, cloud platforms, remote users, physical sites, and sensitive workloads. This role is well suited for an engineer who can operate at both the design and implementation levels: designing secure patterns, building them, validating them, documenting them, and supporting their transition into steady-state operations.

Responsibilities

• Secure Network Architecture and Zero Trust Access:
• Design and implement secure network patterns that enforce identity, device posture, segmentation, logging, and policy-based access across users, sites, workloads, and administrative paths.
• Implement and support SASE/ZTNA capabilities, including Cloudflare Government or comparable platforms, WARP/client access, private application access, gateway policies, DNS controls, and secure administrative access paths.
• Help eliminate direct public administrative access to workloads by routing privileged access through approved identity-aware and policy-enforced access layers.
• Develop network designs that support the principle that no workload, management interface, or privileged access path bypasses identity, policy, segmentation, and telemetry controls.
• NAC and Physical Site Segmentation:
• Lead the design and rollout of Network Access Control for office, edge, and remote site environments.
• Implement or support 802.1X, RADIUS policy, device certificates, VLAN segmentation, and port-level admission control.
• Segment remote site networks into appropriate zones, such as telemetry, management, vendor/service, and out-of-band management networks.
• Assess switch, firewall, router, and edge-device readiness for NAC, IPSec, logging, and configuration baseline enforcement.
• Remote Site and Edge Connectivity:
• Design secure remote site connectivity using IPSec/private tunnels, certificate-based authentication, route controls, firewall policies, and deterministic telemetry paths.
• Ensure edge and radar-site environments have no unnecessary public management exposure.
• Implement firewall forwarding, tunnel telemetry, configuration backup, drift detection, and site-level logging into centralized monitoring and SIEM platforms.
• Partner with Security, Cloud Engineering, SRE, and other Engineering teams to build detection and response use cases for tunnel anomalies, exposed management paths, unexpected peers, route changes, failed rekeys, and suspicious traffic patterns.
• Cloud Network Integration:
• Design and support cloud network connectivity patterns across multiple cloud hosts and restricted workload zones.
• Implement or support hub-and-spoke architectures, transit gateways, vWAN, private endpoints, DNS resolver patterns, egress inspection, firewall policy, and workload security-group guardrails.
• Partner with Cloud Engineering to define baseline network guardrails for landing zones, including deny-public-admin policies, centralized egress, private admin paths, flow logging, routing standards, and tagging requirements.
• Support cloud network segmentation for Corporate IT, restricted workloads, and other uses.
• Telemetry, Logging, and SOC Enablement:
• Ensure network logs are consistently forwarded into centralized telemetry and SOC platforms.
• Support data-source onboarding for firewall logs, VPN/IPSec logs, SASE logs, NAC events, DNS logs, VPC/NSG flow logs, and remote site device logs.
• Collaborate with the Head of IT and Security team to create network-focused detection content, response workflows, evidence artifacts, and runbooks.
• Help validate detection coverage through test events, tabletop exercises, port scans, tunnel checks, and configuratio

Benefits

Additional Information

Why LeoLabs? At LeoLabs, we're building the living map of activity in space. Through our proprietary global radar network and AI-enabled analytics platform, we collect millions of measurements daily on more than 25,000 objects in low Earth orbit (LEO). Our radar-powered intelligence protects billions in assets, monitors adversarial behavior, and ensures safe operations for commercial and government missions. We're not just building technology, we are redefining global security, safety, and transparency in space. As orbital activity accelerates and threats grow more complex, LeoLabs is a trusted partner for Space Domain Awareness, Space Traffic Management, and Satellite Operations for top-tier space operators and allied defense organizations. If you're looking to work on mission-critical challenges at the forefront of aerospace, national security, and AI, your impact starts here. *This position is remote in the United States.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at leolabsinc? Share your experience