Network Security & Cloud Engineer

CrossCountry Mortgage (CCM) is the nation's number one distributed retail mortgage lender with more than 7,000 employees operating over 700 branches and servicing loans across all 50 states, D.C. and Puerto Rico. Our company has been recognized ten times on the Inc. 5000 list of America's fastest-growing private businesses and has received many awards for our standout culture.

A culture where you can grow! CCM has created an exceptional culture driving employee engagement, exceeding employee expectations, and directly impacting company success. At our core, our entrepreneurial spirit empowers every employee to be who they are to help us move forward together. You’ll get unwavering support from all departments and total transparency from the top down.

CCM offers eligible employees a competitive compensation plan and a robust benefits package, including medical, dental, vision, as well as a 401K. We also offer company-provided short-term disability, an employee assistance program, and a wellness program.

Position Overview:

The Network Security & Cloud Engineer is responsible for designing, implementing, and maintaining security controls across enterprise networks and multi‑cloud environments (AWS and Azure). This role oversees IAM architecture, cloud security services, hybrid connectivity, and network access control. It includes managing Cisco and Meraki infrastructure, administering SASE/SD‑WAN solutions, conducting vulnerability assessments, monitoring logs through SIEM platforms, and participating in incident response. The Network Security & Cloud Engineer position also develops security standards, documentation, and runbooks while contributing to cloud security architecture reviews and compliance initiatives.

Job Responsibilities:

• Design, implement, and maintain security controls across enterprise network and multi-cloud (AWS, Azure) environments.
• Architect and enforce Identity and Access Management (IAM) policies in AWS and Azure following least-privilege and zero-trust principles.
• Implement and manage AWS security services (GuardDuty, Security Hub, CloudTrail, Config, IAM, KMS, VPC security groups, NACLs).
• Implement and manage Azure security services (Defender for Cloud, Sentinel, Azure AD/Entra ID, NSGs, RBAC, Conditional Access).
• Secure hybrid connectivity between on-premises networks and cloud environments (VPN, SD-WAN, Direct Connect/ExpressRoute).
• Administer and maintain Cisco ISE for network access control and policy enforcement.
• Secure and monitor Meraki networks across branch and corporate locations.
• Operate and harden Cisco Catalyst infrastructure with segmentation and secure configuration standards.
• Configure and manage Cato SASE / SD-WAN infrastructure for secure branch-to-cloud connectivity.
• Conduct vulnerability assessments across network and cloud assets; coordinate remediation.
  Monitor network and cloud logs via SIEM platforms (Splunk, Sentinel, or equivalent).
• Participate in incident response related to network or cloud security events.
• Develop security standards, documentation, diagrams, and operational runbooks for both network and cloud environments.
• Contribute to cloud security architecture reviews and support compliance requirements (SOC, regulatory audits, etc.).

Qualifications and Skills:

• Bachelor’s degree in Information Technology, Computer Science, or related field; or equivalent experience.
• 3+ years of experience in enterprise network security and/or cloud security engineering roles.
• Hands-on experience securing production AWS and/or Azure environments.
• Experience with AWS security services (IAM, GuardDuty, Security Hub, CloudTrail, Config, KMS, VPC security design)
• Experience with Azure security services (Defender for Cloud, Entra ID/Azure AD, RBAC, NSGs, Conditional Access, Sentinel), Cisco ISE (administration, policy design, troubleshooting), Cisco Catalyst secure switching and segmentation, Meraki MX/MR security configuration, and Cato SASE or comparable SD-WAN/cloud security platform.
• Security+ and CCNA certification (current or actively pursuing), preferred.
• AWS Certified Security – Specialty or Solutions Architect, preferred.
• Azure Security Engineer Associate (AZ-500), preferred.
• Solid understanding of Zero-trust architecture principles, cloud network architecture VPC/VNet design (subnetting, peering, routing)
• Solid understanding of hybrid connectivity (IPSec, BGP, Direct Connect, ExpressRoute), Firewall technologies (Palo Alto, Cisco, Meraki, etc.) and SIEM platforms and log correlation.

This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position.