Information Security Engineer, Network Security Engineering

JLL empowers you to shape a brighter way. Our people at JLL are shaping the future of real estate for a better world by combining world class services, advisory and technology for our clients. We are committed to hiring the best, most talented people and empowering them to thrive, grow meaningful careers and to find a place where they belong. Whether you’ve got deep experience in commercial real estate, skilled trades or technology, or you’re looking to apply your relevant experience to a new industry, join our team as we help shape a brighter way forward. ABOUT THE ROLEThis is a hands-on, highly technical role responsible for securing JLL’s global network infrastructure. The ideal candidate brings a security-first mindset, a bias towards action, and deep expertise in Palo Alto Networks technologies alongside broad command of API security, WAF/CDN platforms, and complex troubleshooting across network and application layers. You’ll work collaboratively with global engineering, application, and security teams to ensure security controls are intelligence-driven, optimized, and aligned to industry best practices.PRIMARY RESPONSIBILITIESServe as the primary subject matter expert for Palo Alto Networks technologies (NGFWs, Cloud NGFW, Panorama), Web Application Firewall, Content Delivery Network, API Security, IDS/IPS, and DDoS preventionOwn onboarding, policy tuning, and lifecycle management for WAF and CDN platforms; lead firewall ruleset optimization, IDS/IPS tuning, and DDoS protection configurationPartner with internal teams to drive the global rollout, tuning, and operational management of URL filtering and TLS decryption across the network estateLead API security efforts — ensuring API traffic routes through security tooling, identifying vulnerabilities, and working with application teams on fixesLead troubleshooting of complex, multi-layer global network and application issues — from packet captures on inter-continental BGP topologies to WAF false-positive triagePartner with business and application teams to produce clear, actionable security documentation, change proposals, and executive-ready findingsAnalyze existing network security architectures, processes, and procedures to identify gaps and drive meaningful improvementsConfigure and report on defensive measures against advanced threat actor tactics; maintain current awareness of the evolving threat landscape and the effectiveness of our defenses against themCommunicate complex technical problems and solutions clearly to both global engineering teams and C-suite stakeholdersChampion the broader Security team’s initiatives, not just Network Security EngineeringParticipate in the maintenance and tuning of all network security technologies including WAFs, CDNs, VPNs, and application-aware firewallsLeverage and contribute to automation pipelines for global firewall rule deployment and policy management across the network estateUtilize security tooling telemetry and data collection automations to produce actionable reporting and metrics for internal teams and executive stakeholdersREQUIRED QUALIFICATIONS5+ years of hands-on network security engineering experience designing and implementing enterprise-scale security solutionsExpert-level proficiency in Palo AltoNetworks — NGFWs, Panorama policy management, and PAN-OS; PCNSE or PCNSC certification strongly preferredExpert troubleshooting skills across network and application layers, including packet capture analysis on complex, dynamically routed architecturesDeep understanding of layer 7 web application technologies and WAF/CDN platforms (e.g. Akamai, Cloudflare, Imperva, F5) — onboarding, policy tuning, break/fix troubleshooting, and operational managementSolid grounding in API security — ensuring API traffic routes through security tooling, evaluating identified vulnerabilities, and partnering with application teams to drive remediationStrong HTTP/application security knowledge: TLS interception, SQL injection, XSS, CSRF, command injection, LFI/RFI, rate limiting, bot detection, geo-blocking, and sinkholingIntermediate to advanced network routing and switching knowledge with focus on DNS, TCP/IP, IPsec, TLS, GRE, OSPF, and BGPProficiency in at least one scripting language (Python preferred) and familiarity with Linux/CLI toolingWorking knowledge of public cloud environments (Azure, AWS, GCP)Experience with at least one SIEM platform for log analysis, behavioral analytics, and rule tuningProven written and verbal communication skills, including presenting to both technical and non-technical audiencesProven track record of taking ownership in unstructured environments — cutting through ambiguity, making sound decisions with incomplete information, building stakeholder consensus, and delivering security improvements without waiting for top-down directionPREFERRED QUALIFICATIONSIndustry certifications: PCNSE, PCNSC, CCNP/CCIE Security, GIAC (GWAPT, GPEN, or similar)Experience building metrics pipelines a