Summary of the Position
The Senior Network Security Engineer serves as key individual contributor on the Information Technology (IT) Security team. As part of the IT Security team, the Senior Network Security Engineer will help support USP’s global public health mission by protecting critical computing assets, securing sensitive data, and working with the Global IT teams to provide security monitoring and incident response.
The Senior Network Security Engineer is responsible for implementing, supporting and maintaining all aspects related to Palo Alto firewalls at an enterprise level. The engineer will maintain a strong focus on automation, self-service, rapid feedback, continuous improvement and leveraging best practices throughout.
Roles and Responsibilities
- Management, configuration, and administration of commercial firewall products such as Palo Alto or Cisco ASA
- Setup, Configuration, and Maintenance of Palo Alto perimeter defense appliances
- Utilize Panorama with strategic development of policies, rules, NATS, and security profiles
- Implement network security policies
- Monitor, secure, and communicate network vulnerabilities and attack vectors for diverse stakeholders
- Collaborate with solution architecture to devise infrastructure solutions most suitable to meet system requirements
- Plan and coordinate system utilization, and performs growth analysis and capacity planning
- Supporting mission critical, 24x7 systems
- Design, implement, operate, and maintain complex corporate LAN/WAN networks.
- Perform analysis, diagnosis, and resolution of complex network problems for a variety of end users and recommend and implement corrective hardware and software solutions.
- Provide senior level technical support and guidance to system engineers and telecommunications technicians on network and equipment issues
- Communicate and support security policy, deployment, and support needs.
- Communicate the security challenges associated and provide solutions to mitigate them.
- Work with other engineers on technical requirements and communicate to management.
- Work with minimal supervision, set priorities, and give attention to detail and quality, flexible, strong organizational and time management skills, ability to multitask, ability to work individually and with a team, positive attitude, self-motivated, reliable, trustworthy, strong interpersonal skills, diplomacy, and ability to handle stress in professional manner.
- Bachelor’s degree in Information Technology or a relevant field
- 5 years of experience practicing Change, Problem, and Incident management processes utilizing ITIL in an enterprise environment.
- PCNSE (Palo Alto Networks Certified Network Security Engineer)
** Equivalent combination of education and relevant experience may be considered
- Demonstrated experience with deploying, configuring, maintaining, patching, troubleshooting, and upgrading cybersecurity infrastructure and capabilities.
- Demonstrated knowledge of network traffic and communications, including known ports and services
- Experience with enterprise network security experience (firewall, Intrusion Detection (IDS), log management/reporting solutions)
- Experience with Juniper, Cisco, and Palo Alto Firewalls
- Resolution of trouble incidents for firewalls, intrusion detection systems (IDS), and network forensics tools.
- Knowledge of routing and switching fundamentals and products.
- Experience with Cisco ACI integration.
- Practical experience working in complex LAN/WAN environments
- Practical experience supporting Palo Alto or Cisco ASA firewalls
- Experience with Splunk or comparable logging system for troubleshooting
- Knowledge of best current security practices, firewalls, network administration, application/web fundamentals, IP transit, routing protocols and all aspects of networking needed to support the required SLAs.
- Possesses networking background with an understanding of switching, network routing as well as skills in managing and supporting firewalls.
- Understanding of all layers of the OSI model
- Understanding of packet capture review.
- Understanding of TCP / UDP and IP Protocol
- Able to work flexible hours when needed. In addition to normal business hours of 8:30 a.m. 5:00 p.m. Monday through Friday, serves on a team to provide 24 hour a day, 7 days a week response to emergency alarm calls and can be available on short notice to support requests during unusual hours, especially early or late in the day during the business week.