Network Security Engineer II
$38.00 - $50.00 hourly
- Bank of Stockton
- Stockton, CA, United States
- Jan 30, 2026
Job Description
*Job Summary*
The Network Security Engineer supports the Network Security Administrator (NSA) in protecting the Bank of Stockton’s network infrastructure, systems, and data from cybersecurity threats. This role focuses on the engineering, implementation, tuning, and operational support of network security technologies within a regulated banking environment.
Working closely with the NSA, the Network Security Engineer assists with day-to-day security operations, incident response, firewall and network device security, SIEM monitoring, endpoint protection, and compliance-driven security initiatives. The position requires strong technical depth, disciplined change management practices, and the ability to respond effectively to security events.
*ESSENTIAL DUTIES*
*Cybersecurity Operations & Incident Response*
* Assist the NSA in monitoring, investigating, and responding to cybersecurity incidents to minimize operational and regulatory risk.
* Analyze and triage network and security alerts from multiple sources, including:
* _24x7 monitoring platforms_
* _Next-Generation Firewalls (NGFW) and cloud security services_
* _Firewall traffic logs_
* _SIEM alerts and dashboards_
* _Security policy rules (ACLs)_
* _VPN connection and authentication logs_
* _Router and switch configuration changes_
* _Endpoint anti-malware and EDR alerts_
* _Vulnerability assessment results_
* Support proactive threat detection, root cause analysis, and remediation activities.
* Assist with documenting incidents, investigations, corrective actions, and lessons learned.
*Firewall & Perimeter Security Support*
* Support administration and maintenance of enterprise firewall platforms, including IDS/IPS and integrated cloud security services.
* Implement approved firewall rule changes in accordance with strict change management procedures.
* Assist with quarterly firewall rule reviews to improve security posture, performance, and reliability.
* Support firewall software updates, patching, and vendor coordination activities.
*Network Device Security Engineering*
* Assist in securing routers, switches, and network security appliances.
* Implement approved configuration changes while adhering to documented change control processes.
* Support standardized and secure configurations for:
* DHCP, DNS, and NTP services
* Network monitoring and centralized logging
* 802.1X authentication using ClearPass
* Monitor configuration changes and assist in investigating unauthorized or anomalous activity.
* Help maintain accurate network diagrams and security architecture documentation.
*SIEM Administration & Security Monitoring*
* Assist with configuring and maintaining the SIEM platform to collect logs, events, and NetFlow data in support of PCI and other regulatory requirements.
* Help develop, tune, and test alerts, correlation rules, and dashboards.
* Track remediation activities and validate resolution of identified security issues.
* Assist with generating recurring and ad hoc security reports for management and compliance needs.
* Support the establishment and maintenance of network security and performance baselines.
*Endpoint & Systems Security*
* Assist with implementing and enforcing endpoint security standards for servers and workstations, including:
* Anti-malware and EDR solutions
* Patch management
* Host-based firewalls
* Coordinate with Network Administration and IT teams to support system hardening initiatives.
* Validate endpoint compliance with security standards and assist in remediation of deficiencies.
*Governance, Risk & Compliance Support*
* Assist the NSA in developing and maintaining cybersecurity standards, procedures, and technical controls.
* Support internal and external security audits by gathering evidence and validating configurations.
* Help prepare security metrics, trends, and risk summaries for Information Security meetings.
* Serve as a technical resource to internal teams on network security best practices.
*AI Security Support*
* Assist with securing and governing artificial intelligence (AI) technologies used by the Bank.
* Support implementation of technical controls, acceptable-use guidelines, and risk mitigation measures for AI systems.
* Stay informed on emerging AI security risks and assist in evaluating new AI-related technologies.
*Operational Expectations*
* Ensure assigned security tasks and remediation activities are completed accurately and within defined timelines.
* Methodically investigate suspicious network activity and escalate findings to the NSA as appropriate.
* Participate in after-hours incident response and on-call rotations as required.
* Continuously develop technical skills and remain current with evolving cybersecurity threats and technologies relevant to financial institutions.
*SECONDARY DUTIES *
* Stay current with emerging network security threats, technologies, and best practices
* Develop and maintain network automation and security tooling using Python, Ansible, or similar technologies
* Assist with security assessments, audits, and penetration testing remediation
* Support disaster recovery and business continuity planning related to network security
*SUPERVISORY RESPONSIBILITY*
* No direct supervisory responsibility
* Provides technical mentorship and guidance to junior engineers and support staff
*MINIMUM REQUIREMENTS*
These specifications are general guidelines based on the minimum experience normally considered essential to the satisfactory performance of this position. The requirements listed below are representative of the knowledge, skill and /or ability required to perform the position in a satisfactory manner. Individual’s abilities may result in some deviation from these guidelines.
*Education / Experience:*
Bachelor’s degree in computer science, Information Security, or a related field OR a minimum of three (3) years of progressive Information Security experience.
*Certifications:*
* Required: Current, bank-approved security-related certifications such as CCNA or PCNSA.
* Preferred: Advanced certifications such as CCNP, PCNSE, or other industry-recognized designations.
* Required to keep up to date as they expire or certifications change.
*Technical Skills:*
* 3 years or more with Cisco and Palo Alto Networks firewalls, and routing/switching devices from major vendors.
* 3 years or more with network administration and security management tools.
* 3 years or more knowledge of SIEM and security monitoring tools, preferably ManageEngine EventLog Analyzer, Log360, AD-Audit Plus, AD-Manager Plus, and File-Audit.
* 3 years or more of TCP/IP, DNS, DHCP, VPN, LAN/WAN, encryption protocols (SSL/TLS, IPSec, SSH), and vulnerability assessment tools (e.g., Nessus, OpenVAS).
* Experience with Windows Server and Linux operating systems, including hardening servers and endpoints.
*Soft Skills / Work Style:*
* Ability to work independently with minimal supervision, prioritize tasks, and execute responsibilities effectively.
* Ability to follow and implement technical instructions related to security and networking.
* Strong analytical and problem-solving skills with attention to detail.
* Ability to focus on mission-critical functions and organize work efficiently in a high-availability environment.
*WORK HOURS*
Work hours may vary and are scheduled to meet departmental and organizational needs. Occasional after-hours, weekend, or on-call support may be required to support system maintenance, upgrades, or business operations.
*ENVIROMENTAL AND PHYSICAL ACTIVITY*
This position is in a non-confined office-type setting in which he or she is free to move about at will. It may include some minor annoyances such as noise, odors, drafts, etc.
This employee for this position may operate any or all of the following: telephone, cellular telephone, copy and fax machines, adding machine (calculator), check protector, encoder, money counter, typewriter, computer terminal, personal computer, related printers, and new devices as they are introduced to the environment
Ability to lift, carry, and move equipment weighing up to 50 pounds; climb ladders and work above ceilings or under desks; crawl or kneel in confined spaces; stand, walk, or sit for extended periods; perform repetitive motions; reach overhead and at ground level; and safely handle tools and networking hardware while installing, configuring, and maintaining network infrastructure.
Demonstrate respect and professionalism in all interactions with colleagues, clients, and partners, irrespective of background, experience, or position. Offer feedback constructively and accept feedback with an open mindset, emphasizing collaboration, growth, and professional development.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.
Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
*MENTAL DEMANDS*
This employee in this position must be able to accommodate reading documents or instruments, detailed work, problem-solving, customer contact, reasoning, language, presentations, verbal and written communications, analytical reasoning, multiple concurrent tasks, and frequent interruptions.
*COMPLIANCE RESPONSIBILITIES*
Must be familiar with all deposit-related regulations and receive training on a regular basis as appropriate. This includes but is not limited to BSA, Reg E, Reg CC, Reg DD, BPA,
RFPA/Reg P, Reg D, and Branch Closing Procedures. The employee must follow all policies and procedures as set forth by the bank as well as any regulations. The employee must also have knowledge of with all lending related regulations including but not limited to: Reg Z, FEMA, HMDA, Fair Lending, FCRA, RESPA, and Predatory Lending.
The employee must be able to take and pass all the required regulatory training as outlined by the Bank on a quarterly basis.
This employee must adhere to all security related procedures of the Bank including Branch security, protection of customer information and security as it relates to the Bank’s internet and technology systems.
This employee must keep certifications up to date for technologies used by the Bank.
Bank of Stockton and its subsidiaries are equal opportunity/affirmative action employers. It is our policy to recruit, advertise, employ, promote, transfer, discipline and discharge without regard to race, religion, color, national origin, age, physical or mental disability, veteran status, sex, and any other basis protected by federal, state, or local law.
Job Type: Full-time
Pay: $38.00 - $50.00 per hour
Expected hours: 40 per week
Benefits:
* 401(k)
* Dental insurance
* Health insurance
* Paid time off
* Vision insurance
Education:
* Bachelor's (Preferred)
Experience:
* Networking: 3 years (Required)
* Network Topologies: 3 years (Preferred)
License/Certification:
* PCNSA/Next-Generation Firewall Engineer certification (Preferred)
* CCNA (Preferred)
Shift availability:
* Day Shift (Required)
Ability to Commute:
* Stockton, CA 95202 (Required)
Willingness to travel:
* 25% (Required)
Work Location: In person
The Network Security Engineer supports the Network Security Administrator (NSA) in protecting the Bank of Stockton’s network infrastructure, systems, and data from cybersecurity threats. This role focuses on the engineering, implementation, tuning, and operational support of network security technologies within a regulated banking environment.
Working closely with the NSA, the Network Security Engineer assists with day-to-day security operations, incident response, firewall and network device security, SIEM monitoring, endpoint protection, and compliance-driven security initiatives. The position requires strong technical depth, disciplined change management practices, and the ability to respond effectively to security events.
*ESSENTIAL DUTIES*
*Cybersecurity Operations & Incident Response*
* Assist the NSA in monitoring, investigating, and responding to cybersecurity incidents to minimize operational and regulatory risk.
* Analyze and triage network and security alerts from multiple sources, including:
* _24x7 monitoring platforms_
* _Next-Generation Firewalls (NGFW) and cloud security services_
* _Firewall traffic logs_
* _SIEM alerts and dashboards_
* _Security policy rules (ACLs)_
* _VPN connection and authentication logs_
* _Router and switch configuration changes_
* _Endpoint anti-malware and EDR alerts_
* _Vulnerability assessment results_
* Support proactive threat detection, root cause analysis, and remediation activities.
* Assist with documenting incidents, investigations, corrective actions, and lessons learned.
*Firewall & Perimeter Security Support*
* Support administration and maintenance of enterprise firewall platforms, including IDS/IPS and integrated cloud security services.
* Implement approved firewall rule changes in accordance with strict change management procedures.
* Assist with quarterly firewall rule reviews to improve security posture, performance, and reliability.
* Support firewall software updates, patching, and vendor coordination activities.
*Network Device Security Engineering*
* Assist in securing routers, switches, and network security appliances.
* Implement approved configuration changes while adhering to documented change control processes.
* Support standardized and secure configurations for:
* DHCP, DNS, and NTP services
* Network monitoring and centralized logging
* 802.1X authentication using ClearPass
* Monitor configuration changes and assist in investigating unauthorized or anomalous activity.
* Help maintain accurate network diagrams and security architecture documentation.
*SIEM Administration & Security Monitoring*
* Assist with configuring and maintaining the SIEM platform to collect logs, events, and NetFlow data in support of PCI and other regulatory requirements.
* Help develop, tune, and test alerts, correlation rules, and dashboards.
* Track remediation activities and validate resolution of identified security issues.
* Assist with generating recurring and ad hoc security reports for management and compliance needs.
* Support the establishment and maintenance of network security and performance baselines.
*Endpoint & Systems Security*
* Assist with implementing and enforcing endpoint security standards for servers and workstations, including:
* Anti-malware and EDR solutions
* Patch management
* Host-based firewalls
* Coordinate with Network Administration and IT teams to support system hardening initiatives.
* Validate endpoint compliance with security standards and assist in remediation of deficiencies.
*Governance, Risk & Compliance Support*
* Assist the NSA in developing and maintaining cybersecurity standards, procedures, and technical controls.
* Support internal and external security audits by gathering evidence and validating configurations.
* Help prepare security metrics, trends, and risk summaries for Information Security meetings.
* Serve as a technical resource to internal teams on network security best practices.
*AI Security Support*
* Assist with securing and governing artificial intelligence (AI) technologies used by the Bank.
* Support implementation of technical controls, acceptable-use guidelines, and risk mitigation measures for AI systems.
* Stay informed on emerging AI security risks and assist in evaluating new AI-related technologies.
*Operational Expectations*
* Ensure assigned security tasks and remediation activities are completed accurately and within defined timelines.
* Methodically investigate suspicious network activity and escalate findings to the NSA as appropriate.
* Participate in after-hours incident response and on-call rotations as required.
* Continuously develop technical skills and remain current with evolving cybersecurity threats and technologies relevant to financial institutions.
*SECONDARY DUTIES *
* Stay current with emerging network security threats, technologies, and best practices
* Develop and maintain network automation and security tooling using Python, Ansible, or similar technologies
* Assist with security assessments, audits, and penetration testing remediation
* Support disaster recovery and business continuity planning related to network security
*SUPERVISORY RESPONSIBILITY*
* No direct supervisory responsibility
* Provides technical mentorship and guidance to junior engineers and support staff
*MINIMUM REQUIREMENTS*
These specifications are general guidelines based on the minimum experience normally considered essential to the satisfactory performance of this position. The requirements listed below are representative of the knowledge, skill and /or ability required to perform the position in a satisfactory manner. Individual’s abilities may result in some deviation from these guidelines.
*Education / Experience:*
Bachelor’s degree in computer science, Information Security, or a related field OR a minimum of three (3) years of progressive Information Security experience.
*Certifications:*
* Required: Current, bank-approved security-related certifications such as CCNA or PCNSA.
* Preferred: Advanced certifications such as CCNP, PCNSE, or other industry-recognized designations.
* Required to keep up to date as they expire or certifications change.
*Technical Skills:*
* 3 years or more with Cisco and Palo Alto Networks firewalls, and routing/switching devices from major vendors.
* 3 years or more with network administration and security management tools.
* 3 years or more knowledge of SIEM and security monitoring tools, preferably ManageEngine EventLog Analyzer, Log360, AD-Audit Plus, AD-Manager Plus, and File-Audit.
* 3 years or more of TCP/IP, DNS, DHCP, VPN, LAN/WAN, encryption protocols (SSL/TLS, IPSec, SSH), and vulnerability assessment tools (e.g., Nessus, OpenVAS).
* Experience with Windows Server and Linux operating systems, including hardening servers and endpoints.
*Soft Skills / Work Style:*
* Ability to work independently with minimal supervision, prioritize tasks, and execute responsibilities effectively.
* Ability to follow and implement technical instructions related to security and networking.
* Strong analytical and problem-solving skills with attention to detail.
* Ability to focus on mission-critical functions and organize work efficiently in a high-availability environment.
*WORK HOURS*
Work hours may vary and are scheduled to meet departmental and organizational needs. Occasional after-hours, weekend, or on-call support may be required to support system maintenance, upgrades, or business operations.
*ENVIROMENTAL AND PHYSICAL ACTIVITY*
This position is in a non-confined office-type setting in which he or she is free to move about at will. It may include some minor annoyances such as noise, odors, drafts, etc.
This employee for this position may operate any or all of the following: telephone, cellular telephone, copy and fax machines, adding machine (calculator), check protector, encoder, money counter, typewriter, computer terminal, personal computer, related printers, and new devices as they are introduced to the environment
Ability to lift, carry, and move equipment weighing up to 50 pounds; climb ladders and work above ceilings or under desks; crawl or kneel in confined spaces; stand, walk, or sit for extended periods; perform repetitive motions; reach overhead and at ground level; and safely handle tools and networking hardware while installing, configuring, and maintaining network infrastructure.
Demonstrate respect and professionalism in all interactions with colleagues, clients, and partners, irrespective of background, experience, or position. Offer feedback constructively and accept feedback with an open mindset, emphasizing collaboration, growth, and professional development.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.
Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
*MENTAL DEMANDS*
This employee in this position must be able to accommodate reading documents or instruments, detailed work, problem-solving, customer contact, reasoning, language, presentations, verbal and written communications, analytical reasoning, multiple concurrent tasks, and frequent interruptions.
*COMPLIANCE RESPONSIBILITIES*
Must be familiar with all deposit-related regulations and receive training on a regular basis as appropriate. This includes but is not limited to BSA, Reg E, Reg CC, Reg DD, BPA,
RFPA/Reg P, Reg D, and Branch Closing Procedures. The employee must follow all policies and procedures as set forth by the bank as well as any regulations. The employee must also have knowledge of with all lending related regulations including but not limited to: Reg Z, FEMA, HMDA, Fair Lending, FCRA, RESPA, and Predatory Lending.
The employee must be able to take and pass all the required regulatory training as outlined by the Bank on a quarterly basis.
This employee must adhere to all security related procedures of the Bank including Branch security, protection of customer information and security as it relates to the Bank’s internet and technology systems.
This employee must keep certifications up to date for technologies used by the Bank.
Bank of Stockton and its subsidiaries are equal opportunity/affirmative action employers. It is our policy to recruit, advertise, employ, promote, transfer, discipline and discharge without regard to race, religion, color, national origin, age, physical or mental disability, veteran status, sex, and any other basis protected by federal, state, or local law.
Job Type: Full-time
Pay: $38.00 - $50.00 per hour
Expected hours: 40 per week
Benefits:
* 401(k)
* Dental insurance
* Health insurance
* Paid time off
* Vision insurance
Education:
* Bachelor's (Preferred)
Experience:
* Networking: 3 years (Required)
* Network Topologies: 3 years (Preferred)
License/Certification:
* PCNSA/Next-Generation Firewall Engineer certification (Preferred)
* CCNA (Preferred)
Shift availability:
* Day Shift (Required)
Ability to Commute:
* Stockton, CA 95202 (Required)
Willingness to travel:
* 25% (Required)
Work Location: In person
About Bank of Stockton