Principal Engineer - Network, Cloud and Identity

Principal Engineer – Network, Cloud & Identity (ISE / NAC)

About This Role

CarMax is modernizing and scaling its technology platforms to support secure, reliable, and resilient digital experiences. As a Principal Engineer within the Solutions Delivery and Engineering organization, you will provide senior technical leadership across enterprise networking, cloud networking, and automation, with a specific focus on Identity Services Engine (ISE) and Network Access Control (NAC).

This role combines hands-on technical expertise with architectural guidance and cross-team influence. You will partner with engineering teams, operational support teams, architects, and leadership to implement, support, and evolve secure network platforms that support both cloud and on-premise environments.

Key Responsibilities

• Provide senior technical leadership for enterprise network and cloud networking platforms, ensuring reliability, scalability, and security.
• Partner with technology leadership to support large, cross‑organizational initiatives and address complex technical challenges.
• Collaborate with engineering, architecture, and product teams to design and deliver network and identity solutions aligned with business needs.
• Influence technical standards, patterns, and best practices across teams, with an emphasis on security, automation, and operational efficiency.
• Lead design and implementation efforts for network access control (NAC) and identity-based network security solutions.
• Mentor and guide engineers through technical reviews, design discussions, and problem resolution.
• Participate in on-call rotation to support scheduled change windows and incident response for enterprise networks.
• Display high level leadership skills, being able to drive the overall vision of the organization.
• Stay current with industry trends in networking, cloud connectivity, automation, and identity services, and apply relevant advancements where appropriate.

Role Summary

The Principal Engineer is a senior individual contributor role focused on technical depth, architectural consistency, and engineering excellence. This position requires strong problem-solving skills, the ability to work across organizational boundaries, and experience influencing technical direction without direct authority. You will be expected to balance strategic thinking with hands-on involvement, particularly in complex or high-impact initiatives related to network security and identity.

Required Qualifications

• Bachelor’s Degree in Computer Science, Decision Science, Engineering, Statistics, or a related field, or equivalent alternative education, skills, and/or practical experience is preferred.
• 7+ years of work experience required in Network, Cloud Network, Network Security, and other areas directly relevant to Network/Cloud/Automation responsibilities and tasks; multiple certifications preferred.
• Demonstrated experience working in large, complex enterprise environments.

Technical Experience

Network, Cloud, and Automation

• 7+ years of experience with enterprise routing, switching, firewalls, and wireless networks, with HPE Aruba and Fortinet experience preferred.
• 5+ years of experience designing, building, and operating network infrastructure in cloud platforms, with Azure preferred.
• Strong understanding of hybrid networking models connecting on‑premise environments with public cloud platforms.
• Experience with network automation and scripting using languages such as Python, Ansible or PowerShell.
• Proven ability to design and support highly available and resilient network architectures.
• Experience driving technical improvements or standards across multiple teams.

Identity, NAC, and Cisco ISE

• Hands-on experience designing, implementing, and supporting Cisco Identity Services Engine (ISE) in enterprise environments.
• Strong knowledge of Network Access Control (NAC) concepts and implementations for wired, wireless, and device administration use cases.
• Experience configuring authentication and authorization policies within Cisco ISE.
• Experience implementing and supporting TACACS+ for device administration and role-based access control.
• Ability to act as a technical subject matter expert for ISE and NAC, providing guidance to engineering teams and stakeholders.

Professional Skills

• Strong analytical and troubleshooting skills, with the ability to resolve complex technical issues.
• Clear and effective communication skills, both written and verbal.
• Ability to work independently while also collaborating across teams and disciplines.
• Attention to detail and a focus on operational stability and security.
• Interest in continuous improvement through automation and process optimization.

Work Location and Arrangement - This role can be based out of the following locations:

• Midtown:  This role will be based out of the CarMax Midtown Office (Richmond, VA) and associates will work onsite 5 days per week 
• Plano: This role will be based out of the Dallas Tech Hub (Plano, TX) and associates will work onsite 2 days per week. 

Work Authorization:  Applicants must be currently authorized to work in the United States on a full-time basis. Sponsorship will not be considered for this specific role.  

About CarMax 

CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 250 locations nationwide. 

Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community.  We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®. 

Our Commitment to Diversity and Inclusion:  

CarMax is committed to bringing together people from different backgrounds and perspectives, providing employees with a safe, welcoming, and inclusive work environment. 

CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.