Network Security Engineer - Forescout

Warsaw-Poland-PolandFull-timePosted Jul 2, 2026
Open original posting

What you will do

As part of the global Zero Trust team, you will serve as the strategic and technical owner of the enterprise Network Access Control (NAC) platform. Working within a shared-responsibility model, you will focus on defining security policies, driving 3rd-party integrations, and enhancing device visibility, while partnering with the Network team who manages the underlying infrastructure.

You will act as the design authority, defining the global Zero Trust network micro-segmentation strategy and driving cross-functional teams to execute it.

How you will do it

  • Zero Trust Segmentation Pilots: Drive the end-to-end execution of network segmentation initiatives, transitioning from monitor-only phases to active enforcement via VLAN assignments and ACLs.

  • Dynamic Trust Profiling: Architect and refine the platform's Trust Model. Build multi-property assessments to accurately categorize a large-scale deployment of IT, IoT, and OT devices, effectively eliminating security blind spots for unmanaged assets.

  • Incident Response (IR) Quarantining: Partner with SecOps and IR teams to build automated, on-demand quarantining capabilities. Develop integrated workflows to instantly isolate rogue, compromised, or non-compliant endpoints.

  • Advanced Discovery & Integrations: Dictate requirements for enhanced network visibility (e.g., leveraging passive discovery techniques). Fully own the integration of the NAC platform with the broader security ecosystem, including EDR, MDM, ITSM, and cloud-based risk reporting tools.

  • Platform Governance & Automation: Design and enforce granular Role-Based Access Control (RBAC) to ensure the Principle of Least Privilege. Develop automated workflows (via REST APIs or low-code platforms) to streamline operations and aggressively reduce manual MAC address whitelisting.

What we look for

Required

  • Strong hands-on engineering experience with enterprise NAC platforms (Forescout or Cisco ISE), specifically focused on advanced policy creation and device profiling.

  • Deep understanding of Zero Trust Architecture, IoT/OT device classification, and building "Semi-Trust" logic for unmanaged network assets.

  • Ability to act as a technical authority, defining security policies and collaborating effectively with network infrastructure teams to execute changes.

  • Solid knowledge of core network security concepts, including network segmentation, VLAN assignments, 802.1X, RADIUS, and DHCP/SNMP protocols.

Preferred

  • Relevant NAC Certifications (e.g., Forescout FSCA/FSCP or Cisco ISE equivalent).

  • Familiarity with NAC cloud-based reporting, vulnerability data enrichment, and risk-based security scoring.

  • Experience leveraging REST APIs to build automated security response workflows and integrating with asset management or security tools.

About Us

Johnson Controls, a global leader in thermal management, mission-critical building systems, energy efficiency, and decarbonization, helps customers use energy more productively, reduce carbon emissions, and operate with the precision and resilience required in rapidly expanding industries such as data centers, healthcare, pharmaceuticals, advanced manufacturing, and higher education.

For more than 140 years, Johnson Controls has delivered performance where it really matters. Backed by advanced technology, lifecycle services and an industry-leading field organization, we elevate customer performance, turn goals into real-world results and help move society forward.

We are committed to diversity and inclusion and believe that different perspectives make us stronger. By encouraging open dialogue and valuing individuality, we strive to be one of the most desirable places to work.

The initial basic salary for this position will be in the range of 11 000 to 17 000 PLN per month. The final offer will reflect your experience, skills, and qualifications relevant to the role. We are committed to fair, equitable, and gender-neutral pay practices.

#LI-BB1

#LI-Hybrid

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free