Network Security Engineer

At Everus, employees come first. We provide great pay, benefits and growth opportunities to more than 8,000 highly skilled team members across the country who are united by the common goal of safely Building America's Future. We take great pride in the work our employees do each day, which drives our success as one of the Top 10 largest specialty contractors in the nation, and we will ensure you have the tools, training and opportunities for a successful career. We look forward to having you on the team!

Responsible for managing the daily operations, security, and continuous enhancement of Everus Construction Group's enterprise network security and SASE environment. Ensuring secure, scalable, and reliable access for users, applications, and data across subsidiaries, remote locations, cloud platforms, and operational technology environments.

Responsible for understanding, upholding, and promoting the Everus 4EVER Strategy.
Employees | Value | Execution | Relationships

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field, or equivalent practical experience.
• Four years experience in enterprise network security, network engineering, or secure access roles.

• Administer and operate enterprise SASE capabilities, including cloud-delivered firewall, secure web access, identity-based access, and data protection controls.
• Design and enforce Zero Trust, policy-based access controls using identity, device posture, network context, and risk signals.
• Architect and support secure access for users, applications, third parties, and cloud workloads regardless of location.
• Design, deploy, and manage firewall policies and traffic inspection for inbound, outbound, and east-west network traffic.
• Maintain network segmentation strategies to reduce attack surface and prevent lateral movement across enterprise, cloud, and OT environments.
• Support secure connectivity models (user-to-app, site-to-site, application-level access) and transition from VPN to cloud-delivered access.
• Manage DNS security, web filtering, TLS inspection, and outbound traffic controls to protect enterprise network activity.
• Monitor, integrate, and tune SASE and network telemetry with centralized security operations to improve detection and reduce false positives.
• Troubleshoot complex network and security issues (routing, DNS, TLS, IPsec, identity) and analyze logs/packet captures for resolution.
• Support governance activities including M&A integration, risk assessments, incident response, documentation, audits, and vendor security reviews.
• Support mergers and acquisitions by assessing, integrating, and standardizing network security and secure access architectures.
• Performs other tasks and special projects as assigned.

• Strong understanding of Secure Access Service Edge (SASE) and cloud-delivered network security architectures.
• Advanced experience administering firewall, access control, traffic inspection, and segmentation policies in a production enterprise environment.
• Strong understanding of enterprise networking fundamentals, including TCP/IP, routing, DNS, TLS, IPsec, and traffic flow analysis.
• Solid grasp of Zero Trust principles, least-privilege access models, and identity-aware networking.
• Experience designing, implementing, or supporting network segmentation strategies to reduce risk and prevent lateral movement.
• Ability to assess network-related risk and translate business and operational requirements into secure access and network designs.
• Experience integrating network security controls with enterprise identity, authentication, and directory services.
• Proven ability to analyze logs and packet captures to diagnose complex access or connectivity issues.
• Strong written communication skills with experience producing security documentation, standards, and change records.
• Ability to work calmly and methodically during outages or security incidents.
• Ability to collaborate effectively across infrastructure, identity, operations, and business teams.
• Ability to maintain confidentiality and handle sensitive information appropriately.

• Industry certifications such as Security+, CCNP Security, CISSP, or relevant GIAC certifications.
• Experience supporting operational technology (OT/ICS), construction, utilities, or manufacturing environments.
• Experience integrating networks and secure access technologies during mergers and acquisitions.
• Familiarity with cloud platforms, identity services, endpoint management, and modern remote access models.
• Experience working in a publicly traded or SOX-regulated environment.

• Salary Range: $97,300 - $121,620
• Annual short-term incentive bonus of up to 14% of eligible wages based on eligibility and company goal achievement
• Medical insurance (health savings account), including free programs Hinge Health and Omada
• Enhanced mental health and work-life services through Lyra Health
• Virtual care through Doctor On Demand
• Prescription delivery service
• Dental insurance
• Vision insurance
• Life insurance for employees, spouses, and dependents
• Accidental death and dismemberment (AD&D) insurance
• Flexible spending accounts
• 401(k) plan with matching contribution and retirement contribution
• Hospital Insurance
• Accident Insurance
• Critical Illness Insurance
• Disability insurance
• Sick leave
• Vacation
• 11 paid holidays
• Flexible work hours, where feasible
• Employee discount programs

• Background Check, MVR and drug screen may be required
• May be required to maintain a valid driver's license.
• Everus Construction Group, Inc. and our subsidiaries do not work with any third-party recruiters or agencies without a valid signed agreement and partnership with the Corporate Human Resources Team.
• Employment Authorization: Candidates must be legally authorized to work in the United States on a full-time basis. Everus Construction Group, Inc. and its subsidiaries do not provide sponsorship for employment visas now or in the future.

(This posting may close early if a sufficient number of applications are received.)