Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund (PPAF) seeks a dynamic and effective Network Security Engineer/Architect. This job reports directly to the Sr. Dir, Security Operations in the Information Security division of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors and staff.
- The Network Security Engineer/Architect will work within a multi-disciplined team to support the Information Security Operations and Security Architecture domains by providing engineering expertise on end to end networking security infrastructure, including on-prem and cloud-based environments, physical and virtual security products, Next Generation Firewalls, CASB/SASE frameworks, as well as the DevSecOps initiatives, while following network security architecture standards and best security practices. This role adapts programs/policies to deliver a portfolio of projects and services. This role captures specific aspects of the customers’ needs or operational environment to ensure optimal project design/delivery.
- The Network Security Engineer/Architect will have primary responsibility for deploying and configuring Next Generation (Palo Alto) Firewalls to include implementing and adjusting firewall/networking policy rules, web proxies/DNS filters, cloud/host network security controls, traffic capture/logging, CASB/SASE configurations and other security-related constructs at the network layer and cloud environment level. Additionally, they will manage both AWS and Google security configurations, as well as overall network vulnerability management, along with identifying and providing recommendations for resolving security concerns related to the network environment, and will support security architecture networking priorities according to the security architecture roadmap. This role will support optimal delivery through adapting procedures and may affect quality project/service delivery.
- The engineer will also support in the development and management of information security operations, maintenance activities, written policy and SOP’s, and assists in the design/implementation of emergency/incident response processes and BCP/DR network redundancy.
- The engineer is responsible for developing security control implementation plans and coordinating the development of advanced security network initiatives or access control mechanisms that can be implemented on security systems such as intrusion prevention/detection systems, firewalls, routers or endpoints in response to new or observed threats within the enterprise.
- The engineer will leverage working knowledge of security and security tool technologies to improve the security posture and will provide leadership and guidance in identifying current tool capabilities and improvements that can be applied to their configuration through configuration tuning or improved processes.
- At the direction of the Security Architecture Director, will successfully complete Security Architecture prioritized deliverables.
- The engineer will implement and adjust both AWS & GSuite configurations in accordance with AWS/GSuite security best practices including AWS/GSuite HIPAA configuration requirements.
- The engineer will assist in audits, surveys and assessments and maintain security-related procedures applied to new and ongoing network services and security architecture priorities.
- The Network Security Engineer/Architect will engage with all team members in Information Security, IT Operations, DevSecOps, Architecture, Information Technology, PPFA strategic business partners, and management staff within PPFA.
- Work closely the security team to establish prevention, detection, and mitigation techniques to protect the core networking system capabilities
- Vendor relationship management with key networking vendors, MSP and MSSP providers.
- Collaborate with colleagues and clients while reflecting empathy of perspectives, identifying recognition of mutual/complementary interests
Knowledge, Skills and Abilities (KSAs)
- Reports to the Sr. Dir, Security Operations and will work closely with Sr. Director, Security Architecture. BA or BS in Information Security, Information Assurance, Computer Science, Engineering or related field.
- 5+ Years’ experience in Information Security Networking, Engineering and Architecture roles
- Hands-on implementation and troubleshooting experience configuring Palo Alto and other Next Generation Firewalls (NGFW’s) - along with experience in SDN/SD-WAN and Secure Access Service Edge (SASE) platforms.
- Possess Palo Alto certifications i.e. Palo Alto Networks Certified Network Security Administrator (PCNSA) or Palo Alto Networks Certified Network Security Engineer (PCNSE) preferred.
- Hands-on experience with and knowledge of IT security architecture and design (e.g., firewalls, IPS/IDS systems, CASB/SASE, virtual private networking, virus protection technologies, LAN/WAN design, cloud security platforms (AWS,Azure, Google) and/or general internetworking technologies)
- Full understanding of IP network and security engineering
- Knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, and network traffic analysis.
- Ability to write concise analytical reports and assessments.
- Ability to write / diagram network & cloud infrastructure topologies.
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience.