Job Summary
We are seeking an experienced Network Segmentation Analyst to support a large-scale network segmentation and Zero Trust transformation initiative. This role is responsible for analyzing enterprise network traffic, developing segmentation strategies, and supporting application onboarding across data centers, global offices, and multi-cloud environments. The ideal candidate will collaborate with engineering, cybersecurity, and application teams to implement scalable segmentation policies that align with business and security objectives.
Key Responsibilities
• Analyze complex enterprise network traffic to define segmentation and micro-segmentation strategies.
• Support the development and refinement of Zero Trust-aligned segmentation models, including application-centric, environment-based, and hybrid approaches.
• Translate business, application, and regulatory requirements into actionable segmentation design recommendations.
• Provide guidance on segmentation best practices, policy structures, and application onboarding strategies.
• Partner with engineering teams to ensure segmentation designs are accurately implemented.
• Perform application dependency mapping and traffic flow analysis across enterprise environments.
• Assist in developing segmentation policy frameworks, including allow/deny models and least-privilege strategies.
• Support the segmentation policy lifecycle, including discovery, simulation, validation, and enforcement readiness.
• Identify systemic risks such as over-permissive access, undocumented traffic flows, and shadow dependencies.
• Establish standards for policy quality, scalability, and reusability.
• Support application onboarding into segmentation platforms across on-premises and cloud environments.
• Validate alignment between segmentation platforms, firewalls, ACLs, and cloud-native security controls.
• Ensure consistency between segmentation design, implementation, and operational enforcement.
• Define and monitor segmentation effectiveness metrics, including policy accuracy, enforcement success, and exception rates.
• Identify opportunities to improve visibility, automation, tooling, and operational processes.
Required Qualifications
• 7-10+ years of experience in network analysis, network engineering, or network security.
• Experience working within enterprise and data center networking environments.
• Advanced experience with application dependency mapping and large-scale traffic flow analysis.
• Experience designing segmentation policies for east-west traffic.
• Strong familiarity with network segmentation platforms such as Illumio, Guardicore (Akamai), or Cisco Secure Workload (Tetration).
• Experience working with enterprise networking platforms such as Cisco, Arista, Palo Alto, Check Point, or Juniper.
• Strong understanding of TCP/IP, routing, switching, and enterprise networking concepts.
• Knowledge of network security principles, firewalls, access control models, and Zero Trust architectures.
• Experience with cloud networking in AWS, Azure, or Google Cloud Platform (GCP).
• Experience using CMDB and asset inventory platforms such as ServiceNow.
• Working knowledge of automation and scripting using Python, PowerShell, or APIs.
• Strong analytical, troubleshooting, and problem-solving skills.
• Excellent communication and collaboration skills.
Preferred Qualifications
• Experience with Kubernetes and container networking.
• Experience supporting enterprise Zero Trust transformation initiatives.
• Experience optimizing segmentation policy lifecycle management.
• Knowledge of automation strategies for network security and segmentation operations.