A Day in Your Life at MKS: We seek a highly skilled Principal Cybersecurity Perimeter Architect / Engineer with expertise in perimeter and internal segmentation firewall configuration and a proven background in Operational Technology (OT) and Internet of Things (IoT) environments. The ideal candidate will design, deploy, and oversee defensible network architectures to protect our critical infrastructure against emerging cyber threats. As a hands-on Principal Cybersecurity Engineer, you will work with a collaborative team and be responsible for enhancing the security posture of our enterprise network while maintaining high availability and performance. The Principal Cybersecurity Perimeter Architect / Engineer will design, implement, and audit network security solutions to protect our organization's infrastructure. You Will Make an Impact By: + Develop standards, procedures, and guidelines for building defensible network security architecture. + Plan and implement security measures to protect sensitive data and systems from cyber-attacks. + Design and deploy network technology to detect intrusions and anomalous system behavior. + Evaluate new cybersecurity threats and IT trends and develop effective security measures. + Review firewall and Switch ACL configuration change requests, including rule sets, policies, and VPNs. + Conduct regular firewall audits and assessments to ensure optimal performance and security. + Collaborate with IT and security teams to integrate firewall solutions with other security measures. + Respond to and investigate network security incidents, providing detailed analysis and recommendations. + Stay updated on the latest firewall technologies, threats, and trends. + Provide guidance and training to junior team members on firewall best practices. + Prepare and present firewall security reports to senior management. Skills You Bring: + Proven work experience as a Security Architect, Security Analyst or similar role. + 8+ years of hands-on experience in network engineering and cybersecurity, focusing on perimeter, endpoint, and internal segmentation firewall configuration. + Strong background in OT/IoT security and network design for critical infrastructure. + Extensive experience with Cisco routing/switching (IOS, NX-OS), Palo Alto Networks, Aruba/HP ProCurve, F5 Load Balancers, and Riverbed WAN Optimization. + Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. + Strong analytical and problem-solving skills. - Excellent communication and interpersonal skills. + Relevant certifications (e.g., CISSP, CISM, CCNP Security) are highly desirable. + This position is Hybrid and must be within drivable/commutable distance to one of our locations in Andover MA, Austin TX, Beaverton OR, Broomfield CO, Irvine CA, Rochester NY, Milipitas CA. Preferred Skills: + Experience with network security tools and technologies (e.g., IDS/IPS, SIEM). + Familiarity with cloud security and firewall solutions. + Ability to work independently and as part of a team. + Strong attention to detail and organizational skills. Physical Demands and Working Conditions: + Perform activities such as sitting, standing, or typing for extended periods of time + Regularly requires good manual dexterity and coordination + Ability to remain in a stationary position for 90% of the time + Must be able to communicate information and ideas so others will understand • Must be able to exchange accurate information + Operates in a professional office environment + Constantly operates a computer and other office productivity machinery + Ability to observe documents and details at close range (within a few feet of the observer) + Noise level in the work environment is usually average In addition to the above responsibilities, the following are considered material job duties of the position: + Ability to take and follow directions and instructions. + Ability to interact with other employees, customers, suppliers, vendors, or the public, in a safe, professional, and respectful manner. + Access to sensitive and confidential business systems and software, personally identifying information, the company’s financial information, and/or the ability to maintain physical security and safety. + Because this position involves the above material job duties, trustworthiness, reliability, and good judgment also are material job duties. Compensation and Benefits: + Salary Pay Range: $150k - $165k per year. This range is a good faith estimate of the expected salary range for this position, based on a wide range of factors including qualifications, experience and training, operational and business needs and other considerations permitted by law. + Bonus: This position is eligible for a discretionary annual bonus, in an amount to be determined by MKS [or as applicable]. + Benefits: MKS offers a comprehensive benefits package, including health insurance coverage (medical, dental and vision), 401(k) with company match, life and disability insurance, 12 paid holidays, sick time, 15 paid vacation days, [6 weeks fully paid] parental leave, adoption assistance and tuition reimbursement [and for participation in any stock programs, signing bonus, etc.]. This position is Hybrid and must be within drivable distance to one of our locations in Andover MA, Austin TX, Beaverton OR, Broomfield CO, Irvine CA, Rochester NY, Milipitas CA. Relocation benefits are not available for this position. We are interested in a qualified candidate who is eligible to work in the United States. However, we will not be sponsoring work visas for this position, at this time. MKS is an equal opportunity employer, including disability, veteran status and all categories protected by law. Please review our EOE statements for additional details. MKS is generally only hiring candidates who reside in states where we are registered to do business. MKS will consider qualified applicants with a criminal history pursuant to the California Fair Chance Act and the Los Angeles County Fair Chance Ordinance for Employers. #LI-MH1 #LI-Hybrid Globally, our policy is to recruit individuals from wide and diverse backgrounds. However, certain positions require access to controlled goods and technologies subject to the International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR). Applicants for these positions may need to be “U.S. persons.” “U.S. persons” are generally defined as U.S. citizens, noncitizen nationals, lawful permanent residents (or, green card holders), individuals granted asylum, and individuals admitted as refugees. MKS Instruments, Inc. and its affiliates and subsidiaries (“MKS”) is an affirmative action and equal opportunity employer: diverse candidates are encouraged to apply. We win as a team and are committed to recruiting and hiring qualified applicants regardless of race, color, national origin, sex (including pregnancy and pregnancy-related conditions), religion, age, ancestry, physical or mental disability or handicap, marital status, membership in the uniformed services, veteran status, sexual orientation, gender identity or expression, genetic information, or any other category protected by applicable law. Hiring decisions are based on merit, qualifications and business needs. We conduct background checks and drug screens, in accordance with applicable law and company policies. MKS is generally only hiring candidates who reside in states where we are registered to do business. MKS is committed to working with and providing reasonable accommodations to qualified individuals with disabilities. If you need a reasonable accommodation during the application or interview process due to a disability, please contact us at: accommodationsatMKS@mksinst.com . If applying for a specific job, please include the requisition number (ex: RXXXX), the title and location of the role