Senior Network Security Engineer
The Senior Network Service Engineer is part of The Network / Voice services team that provides strategic direction, technical/functional expertise, and system management of network and voice solutions which include: LAN/WAN and related components, Unified Communications/Telephony, Firewalls, and related equipment that support the networking, network security, and voice communications systems.
This position is responsible for the implementation, support, and management of the network security infrastructure including Palo Alto Next-Generation Firewalls, AAA authentication systems, and the Network Access Control platform. As a senior member of the team they are the primary resource responsible for the hands-on engineering activities which support the security strategy established by the Information Security Team.
The Senior Network Security Engineer directly reports to the Network and Voice Services Lead and implements technologies and solutions under their direction.
The ideal candidate will have a strong specialization in firewall engineering and security best practices, with a background in network technology.
Primary responsibilities include:
* Daily monitoring and management of firewall infrastructure, AAA solution, and NAC platform.
* Collaborates closely with the Information Security team to establish and enforce security policies and configurations across network device and firewalls consistent with the overall security posture.
* Provides detailed analysis and troubleshooting of ACLs and firewall rule sets as they relate to application performance and availability.
* Supports the change management process for all proposed configuration changes affecting security platforms by reviewing existing configurations to determine the overall impact of the change on the enterprise network then executes accordingly.
* Attends and participates in team and departmental meetings providing updates and insight into ongoing projects, initiatives, and incidents.
* Ensures adherence to IT Architecture principles and guidelines along with published Information Security Standard (ISS).
* Collaborates with outsourced partners in delivery of network security services.
* Under the direction of the Network and Voice Services Lead, effectively plans and executes on upgrades, replacements, and new installations of firewalls.
* Schedules, plans, and performs preventative maintenance on firewalls under the guidance of the Information Security Team to ensure systems are in good health and fully operational.
* Responds to and appropriately addresses support calls, incidents, and requests related to the network and security infrastructure including firewalls.
* Periodically reviews and updates documentation of the firewall environment to ensure accuracy.
* Adheres to Standard Operating Procedures (SOPS) and maintains daily checklists related to operational activities.
* Updates job knowledge by attending educational opportunities and training events.
* Minimum 7+ years networking experience and 5 years of hands-on firewall engineering activities.
* Experience configuring and managing Palo Alto Firewall infrastructure in an enterprise environment.
* Extensive hands-on work configuring and troubleshooting within the Palo Alto "Panorama* interface.
* PCNSE or CISSP certification is a preferred.
* Strong understanding of VPN (site to site, remote access client, IPSec, IKE, tunnel modes, SSL, Tunnels between Firewalls) with broad troubleshooting experience.
* Experience with micro-segmentation in a virtualized Data Center environment.
* Fundamental knowledge and experience with VMWare virtualization for desktop and servers.
* Working knowledge of the TCP/IP protocol suite, TCP/IP headers and packets, and commonly used TCP/UDP ports and associated services.
* Experience in information security auditing practices.
* Familiarity with Network Access Control (NAC) concepts and fundamentals.
* Basic understanding of network engineering and local and wide area (LAN/WAN) technologies and topologies.
* Possess fundamental knowledge of Network Infrastructure: Cisco routers, switches, wireless.
* Strong troubleshooting and problem solving abilities.
* Ability to work within a 24/7 environment across multiple time zones.
* Participation in an on-call rotation.
* Relies on extensive experience and judgment to plan and accomplish goals.
* Ability to work in a fast-paced, and embrace change.
* Results oriented, customer-focused.
* Ability to work well independently and in team environment.
* Highly motivated, ability to execute.
* Solid organizational and time management skills.
* Ability to make high quality decisions.
* Proven ability to deliver despite obstacles.
* Solid written and verbal communication skills, including the ability to communicate to both business and technical individuals.
* Excellent listener & communicator.
* Able to collaborate effectively with a variety of cross functional teams.
Senior Network Security Engineer