IT Engineer II Network Security

Where you will work

Clearwater Paper stands out as a premier independent supplier of paperboard packaging products to North American converters. Corporate Headquarters is in Spokane, Washington, our corporate team works to support our operations while creating a thriving environment for employees and customers alike.

The work model for the opportunity is hybrid; by definition it means 3 or 4 days in office per week; there is a strong preference for the person to live within a 45-minute commute of downtown Spokane. When you come in the Spokane office, you'll enjoy our collaborative office space that promotes teamwork. The local community is the host to multiple events and is known for its natural beauty and outdoor recreation.

What you will do

The Network Security Engineer is a hands-on L2 infrastructure and security role that operates between day-to-day network operations and deeper L3 engineering. The position is responsible for reliable execution, operational support, controlled changes, troubleshooting, and security administration across enterprise and site networks. This role helps maintain network stability, security posture, and service continuity across firewalls, switching, routing, remote access, wireless, and connected security platforms while escalating complex design and architecture matters appropriately.

The role is positioned to serve as a bridge between operational support teams and senior network/security engineering resources. Supporting both enterprise IT and site / mill operational environments with disciplined change control, documentation, and uptime focus. This role owns L2 execution for standard incidents, service requests, recurring maintenance, and approved changes. The ideal candidate would be able to perform structured troubleshooting and evidence gathering before escalating advanced issues involving architecture, code, or major redesign.

Operational Network and Security Support

• Monitor and support firewalls, switches, routers, VPN connectivity, NAC-related components, wireless infrastructure, and core network security services.
• Work assigned incidents, alarms, and service requests within defined SLAs and operating procedures.
• Restore service for common failures involving routing, switching, access policies, interfaces, tunnels, wireless connectivity, and device health.
• Perform log review and basic event correlation across network and security tools to support incident triage and operational visibility.

Change Execution and Service Reliability

• Implement standard and pre-approved changes for firewall rules, NAT objects, security zones, switch ports, VLAN updates, ACLs, routing changes, VPN updates, and device hardening activities.
• Validate change scope, prerequisites, rollback steps, and post-change testing before and after implementation.
• Participate in patching, code upgrades, certificate maintenance, and lifecycle activities under senior engineering guidance.
• Support high availability, resiliency, and uptime objectives across enterprise and site network environments.

Security Administration and Control Operations

• Administer day-to-day security configurations in line with approved standards and policy.
• Support management of perimeter controls, remote access, segmentation controls, and secure connectivity patterns.
• Review and remediate basic control gaps such as stale rules, unused objects, misconfigurations, weak administrative practices, and device hygiene issues.
• Partner with cybersecurity operations teams on investigations, containment support, and evidence collection involving network-based events.

Troubleshooting and Escalation Management

• Perform structured troubleshooting using CLI, dashboards, packet-level indicators, logs, routing tables, policy inspection, and vendor tools.
• Identify whether issues are related to transport, routing, switching, firewall policy, DNS, proxy, certificate, authentication, or endpoint behavior.
• Document findings, impact, suspected cause, and actions taken before escalating to L3 engineers, architects, vendors, or telecom providers.
• Provide quality handoff material that reduces rework and accelerates root-cause resolution.

Documentation, Standards, and Continuous Improvement

• Maintain accurate device records, diagrams, runbooks, standard operating procedures, and implementation notes.
• Update configuration standards, support documentation, and knowledge articles based on recurring operational patterns.
• Recommend operational improvements that reduce outages, improve monitoring, simplify support, and strengthen security posture.
• Participate in problem management and lessons learned for repeat incidents and failed changes.

Business Partnership and Site Support

• Work collaboratively with infrastructure, cybersecurity, service desk, server, cloud, application, and plant / site teams.
• Support site and mill environments where security, resiliency, and production continuity are critical.
• Communicate clearly with technical and non-technical stakeholders regarding outages, change windows, risk, and restoration progress.
• Support occasional after-hours work for maintenance, incidents, and major change execution.

Key Competencies & Attributes

• Executes cleanly, follows standards, and maintains strong change control hygiene.
• Can isolate faults methodically across network, security, and systems layers.
• Understands least privilege, segmentation, secure administration, and control validation.
• Provides clear status, impact, risk, and handoff details to stakeholders and escalation teams.
• Works well with site teams, cybersecurity, service operations, vendors, and senior engineers.
• Knows when to act independently, when to slow down, and when to escalate.

What you will need
To be successful in this position, we are looking for candidates with the following:

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field preferred.
• 4-7 years of experience in infrastructure, networking, or network security support and administration.
• Experience supporting enterprise firewalls, switching, routing, VPNs, wireless, and core security controls in a production environment is required.
• Experience in a manufacturing, multi-site, or operationally sensitive environment is strongly preferred.
• Industry certifications such as CCNA, PCNSA, Security+, Network+, Aruba, Fortinet, or equivalent are a plus.
• Strong operational understanding of TCP/IP, subnetting, VLANs, trunking, STP, EtherChannel, routing fundamentals, DHCP, DNS, and common enterprise LAN/WAN constructs.
• Able to administer standard firewall policies, address objects, NAT, zones, interfaces, remote access, and site-to-site VPNs under approved standards.
• Supports enterprise wireless troubleshooting, authentication issues, access policies, and switch port changes for user, server, and site connectivity.
• Uses monitoring and management tools effectively for health checks, alert review, configuration validation, and ticket evidence gathering.
• Comfortable with command-line diagnostics, log review, packet-path validation, and basic packet capture interpretation.
• Understands how network telemetry, firewall logs, and control changes support SOC investigations and incident response workflows.
• Produces clean incident notes, change records, implementation plans, rollback steps, and as-built updates.
• Exposure to scripting or automation using Python, PowerShell, or vendor APIs is helpful, though not required for deep engineering ownership.
• Cisco switching and routing, Palo Alto firewalls and Panorama, Aruba networking and wireless, VPN technologies, NAC platforms such as Cisco ISE or Aruba ClearPass, load balancer awareness, network monitoring platforms, SIEM-integrated network log sources, and common enterprise tools used for ticketing, change control, and documentation.
• Primarily office environment; personal protective equipment may be required in mill or plant areas.
• Ability to support occasional after-hours changes, incident response, maintenance windows, and on-call activities as required.
• Up to 10% travel may be required for site support, project work, or major incidents.
• Long periods of sitting, screen time, and technical troubleshooting are expected.
• Employees must be able to perform the essential functions of this position satisfactorily, with reasonable accommodation where applicable.

Total Rewards Details

We prioritize an exceptional workplace experience, offering a comprehensive total reward package. Compensation ranges are estimates based on market data. Actual offers account for internal equity and the candidate's job-related knowledge, skills, education, and experience. Benefits, including medical, dental, vision, and more, generally begin after 30 days. Our paid time off includes vacation days, personal days, and company holidays. For more on our compensation philosophy, please contact our Talent Acquisition Team at Talent.Acquisition@clearwaterpaper.com.

Clearwater Paper will not offer sponsorship for employment-based visa status (including, but not limited to, H-1B visa status and other employment-based nonimmigrant visas) for this position. Accordingly, all applicants must be currently authorized to work in the United States on a full-time basis and must not require Clearwater Paper's sponsorship to continue to work legally in the United States.

#ClearwaterPaper #Spokane #Hybrid