We're looking for a
Network Security Engineer to provide hands-on engineering across our IPAM and DNS Security, Zero Trust Platform, and Secure Vendor Remote Access, strengthening IDEXX's security posture while enabling the business at global scale.
Location: We are looking for someone within
driving distance to Westbrook, Maine, with the flexibility of working on a hybrid basis, a minimum of 8 days per month on-site. Alternatively, we are open to someone in
Massachusetts or
New Hampshire that could potentially also come on-site, but open to less times per month.
In this role, you will...- Manage DNS security and IP address management platforms across the enterprise using our (IPAM, DNS/DHCP, DNS Security), ensuring reliability, security controls, and operational excellence.
- Optimize & Expand Zero Trust access by partnering with network, endpoint, and security teams to deliver secure user/app connectivity.
- Run secure third-party access through our SVRA platform, enforcing least privilege access, strong auditing, and vendor lifecycle controls.
- Translate risk into engineering outcomes: improve segmentation, policy, logging, and security automation that reduce exposure without slowing the business.
- Build clarity through standards and documentation: create runbooks, patterns, and reference architectures that make secure operations repeatable and scalable.
- Serve as an escalation point for complex issues and mentor other engineers through design reviews, troubleshooting, and best practice adoption.
What You Will Need To Succeed...- 3-5+ years of hands-on experience in enterprise network security engineering.
- 3-5+ years of strong experience in IPAM and DNS/DHCP, plus DNS Security administration and operational troubleshooting.
- 3-5+ years implementing Zero Trust in production enterprise environments.
- 3-5+ years managing Secure Vendor Remote Access (or closely equivalent) with security controls and auditability.
- Strong foundational skills in TCP/IP, DNS, routing, firewall concepts, authentication/authorization, and security logging/monitoring.
- Ability to communicate clearly with both technical and nontechnical partners-turning complex systems into actionable decisions (and keeping the message customer focused ).
It would be a plus if you any of this experience...- Automation or infrastructure as code experience (APIs, scripting, policy automation, CI/CD integration).
- Experience integrating DNS and Zero Trust telemetry into SIEM/SOC workflows.
- Cloud networking/security exposure (Azure/AWS/GCP), plus enterprise identity integrations.
- Relevant certifications (e.g., Zscaler certs, CCNP Security, CISSP, GIAC).
