We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

The Role

We are seeking a highly motivated and experienced Network Security Engineer to join our Network Operations team. This team is central to the design, implementation, and maintenance of SoFi’s hybrid and multi-cloud network infrastructure, focusing exclusively on security engineering excellence and enforcing Zero Trust principles. As SoFi continues its rapid evolution and growth, the demands for scalable, secure, and highly available networking solutions are paramount. If you thrive in an environment where automation, cloud-native tooling, and critical, high-impact security work are daily occurrences, this role offers a significant opportunity to define the future of FinTech security.

What you’ll do:

Zero Trust & SASE Architecture: Design, implement, and operate our global Zero Trust Architecture (ZTA) and Secure Access Service Edge (SASE) solution, focusing on advanced configuration of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for both corporate and production environments.
Cloud Network Security: Serve as the Subject Matter Expert (SME) for securing multi-cloud networking environments (AWS and Azure). This includes implementing robust controls for VPC/VNet peering, Transit Gateway configurations, and leveraging native cloud security services (e.g., Security Hub, Firewall Manager).
Infrastructure-as-Code (IaC) & Automation: Develop, test, and maintain automated security deployments and configurations using Terraform and version control systems (Git) to ensure security policies are deployed consistently and scalably across all platforms.
Next-Gen Firewalls: Implement and enhance security policy rules, NAT/VPN configurations, and advanced threat prevention profiles on Palo Alto Networks Next-Generation Firewalls (NGFWs), ensuring adherence to the least-privilege principle.
Security Integration: Partner with DevSecOps teams to integrate network security tooling into CI/CD pipelines, enabling automated vulnerability checks and compliance enforcement (shift-left security).
Compliance & Risk: Ensure network infrastructure and controls meet stringent regulatory requirements relevant to FinTech (e.g., PCI DSS, SOC 2, SOX).
Incident Response: Support the Security Operations Center (SOC) by providing expert-level analysis of network security incidents, packet captures, and flow data to rapidly contain and remediate threats.

What you’ll need:

4+ years of hands-on experience in Network Security Engineering or a related role within a fast-paced environment.
Expertise in Zero Trust concepts and demonstrable experience implementing SASE solutions (e.g., Zscaler, Palo Alto Prisma Access).
Deep practical experience with at least one major cloud platform (AWS or Azure) specifically focused on networking and security services (VPC/VNet, Security Groups, NACLs, Cloud Firewall).
Advanced troubleshooting skills across the network stack (TCP/IP, routing protocols, proxies, DNS).

Nice to have:

Relevant certifications such as PCNSE, Zscaler ZCCA/ZCCP, or AWS Certified Security - Specialty.
Experience with container networking and security in Kubernetes (e.g., Network Policies, Calico).
Familiarity with Network Access Control (NAC) technologies and protocols (802.1x, RADIUS, Microsoft NPS).
Prior experience in a heavily regulated industry, particularly FinTech, and familiarity with compliance standards (PCI, SOX).
Hands-on experience with advanced monitoring and SIEM tools (e.g., Splunk, Elastic, Datadog).

Compensation and Benefits

The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.

To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!

SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The Company hires the best qualified candidate for the job, without regard to protected characteristics.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com.

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Internal Employees

If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.

See more open positions at SoFi

Privacy policy Cookie policy

Getro.org is a community-driven initiative to ease the impact of COVID-19 by connecting tech professionals and hiring companies. It's free for job seekers and companies, and curated by a growing list of referral partners.