Network Engineer (Mortgage Industry)

Information Technology United States

Apply

Description

POSITION OVERVIEW: CMG Financial is looking for an experienced Network Engineer to design, implement, and manage enterprise network infrastructure across on-premises, hybrid, and Azure cloud environments. You will work with cutting-edge technologies including Palo Alto next-generation firewalls, Azure networking services, and modern SASE architectures to ensure secure, high-availability connectivity for our organization.

 

 

ESSENTIAL DUTIES and RESPONSIBILITIES, includes the following responsibilities, but not limited to:

Firewall & Security Operations

  • Review and update Palo Alto security policies, NAT rules, and App-ID/User-ID configurations
  • Monitor threat prevention alerts, URL filtering hits, and WildFire submissions
  • Manage VPN tunnels (site-to-site and remote access) — check tunnel status, address drops or mismatches

Azure Networking

  • Monitor NSG flow logs, Azure Network Watcher, and Connection Monitor for anomalies
  • Review hub-and-spoke topology health — VNet peering, private endpoints, DNS resolution
  • Check Azure Firewall policy hits and deny logs

Change & Configuration Management

  • Implement and document approved network changes (firewall rules, VLAN changes, routing updates)
  • Use Panorama/Strata Cloud Manager to push policy updates across managed firewalls
  • Maintain and update network documentation (topology diagrams, runbooks, IP addressing)

Ticket & Problem Resolution

  • Respond to and triage network incidents — Layer 1–7 troubleshooting, root cause analysis
  • Triage and prioritize incoming tickets from the service desk queue; assign severity and ownership
  • Investigate and resolve network-related incidents (connectivity failures, latency, application access issues)
  • Perform root cause analysis on recurring issues and document findings for problem records
  • Update ticket status, add work notes, and communicate resolution steps to stakeholders
  • Escalate complex issues to senior engineers or vendors with full diagnostic context (logs, captures, configs)
  • Close resolved tickets with detailed resolution notes for knowledge base reuse

Automation & IaC

  • Write or maintain PowerShell/Python/Bash scripts for operational tasks
  • Update Terraform configs for infrastructure changes; validate and plan before apply

Collaboration

  • Communicate with application, security, and helpdesk teams on connectivity issues
  • Participate in on-call rotation; hand off or escalate as needed
  • Attend change advisory or ops standup meetings

 

 

 

QUALIFICATIONS AND EXPERIENCE:

 

Education and Experience

  • Bachelor's degree in Computer Science, Information Technology, or a related field — or equivalent hands-on experience
  • 3–7+ years of network engineering experience in enterprise, multi-site, or hybrid cloud environments

Core Networking Skills

  • Deep understanding of TCP/IP, subnetting, routing, switching, VLANs, DNS, and DHCP
  • Experience Cisco Catalyst, Nexus and Meraki switches
  • Experience with BGP in enterprise or hybrid cloud environments
  • Hands-on experience with firewalls, including rule creation, NAT, and VPNs
  • Experience with load balancing technologies (NetScaler ADC Preferred) and network segmentation, including Zero Trust design principles
  • Strong troubleshooting capability across Layer 1–7, including incident response, root cause analysis, and performance optimization
  • Strong understanding of network security concepts: Zero Trust architecture, IDS/IPS, and DDoS mitigation
  • Experience implementing secure segmentation across on-premises and cloud environments

Palo Alto Networks

  • Hands-on experience with Palo Alto NGFW: security policy management, NAT, App-ID, User-ID, and Content-ID
  • Experience configuring site-to-site and remote access VPNs using Palo Alto firewalls
  • Experience with threat prevention, URL filtering, and WildFire services
  • Experience using Panorama / Strata Cloud Manager for centralized firewall management
  • Experience with Prisma Access (SASE), including remote user access, service connections, and identity integration (SAML, Azure AD)
  • Experience with Strata Cloud Manager for policy management, visibility, logging, and analytics
  • Understanding of Zero Trust Network Access (ZTNA) and modern SASE architectures

Monitoring & Tooling

  • Experience with network monitoring and troubleshooting tools: SolarWinds, and Wireshark
  • Familiarity with SD-WAN and enterprise wireless networking (802.11 standards, controllers, access points)

Collaboration & Communication

  • Strong communication skills with the ability to work across technical and non-technical teams
  • Ability to document network architecture, standards, and operational procedures
  • Strong analytical and problem-solving skills with attention to detail
  • Ability to participate in on-call rotation as needed

Preferred Certifications

  • Azure Network Engineer Associate
  • Palo Alto PCNSE
  • Cisco CCNA / CCNP

 

Nice to Have

  • Strong experience with Azure networking: VNets, subnet design, and IP addressing strategies
  • Experience configuring and managing NSGs, ASGs, and Azure Firewall policies
  • Experience with Azure Load Balancer (Layer 4), Application Gateway (Layer 7), and Azure Front Door
  • Experience designing hybrid connectivity: Site-to-Site VPN, Point-to-Site VPN, and ExpressRoute with BGP routing
  • Experience with Private Endpoints, Private Link, VNet peering, hub-and-spoke architectures, and Azure Private DNS Zones
  • Experience integrating PaaS resources with virtual networks (VNet integration, service endpoints)
  • Experience using Azure Network Watcher, Connection Monitor, NSG flow logs, and packet capture
  • Scripting experience in Python, PowerShell, or Bash for automation and operational efficiency
  • Experience with IaC tools: Terraform, ARM templates, and Bicep
  • Familiarity with YAML for configuration, pipelines, and automation workflows
  • Experience with Azure landing zones and large-scale hub-and-spoke architectures
  • Experience with enterprise SASE deployments
  • Experience in DevOps / NetDevOps environments
  • Familiarity with compliance frameworks such as NIST or ISO 27001

 

 

 

SUPERVISORY RESPONSIBILITIES: Direct Reports: NA

 

PHYSICAL and ENVIRONMENTAL CONDITIONS: This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required.

 

Base Compensation Information – For residents of the states of CA & CO, and for NY + other areas requiring disclosure: CMG pays a salary of $110,000.00 to $130,000.00 total compensation annually. Factors that affect salary may include: Education, years of experience in Network Engineering, prior work history for a first mortgage lender and software knowledge.

CMG Financial is an equal opportunity employer and does not unlawfully discriminate in employment decisions. CMG will consider all qualified applicants without regard to race, religion, national origin, sex, age, veteran status, disability, familial status, marital status, actual or perceived sexual orientation, or actual or perceived gender identity. Applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of CMG Financial or reach out to [email protected].

CMG MORTGAGE, INC. NMLS #1820 If you are a recruiter or placement agency, please do not submit resumes to any person or email address at CMG Financial prior to having a signed agreement . CMG Financial is not liable for and will not pay placement fees for candidates submitted by any agency other than its approved recruitment partners. Furthermore, any resumes sent to us without an agreement in place will be considered your company’s gift to CMG Financial and may be forwarded to our recruiters for their attention.

Apply Apply Later
← Back to Current Openings

Share