Network Security Engineer
· Working with the Technical Services team will actively support all network and systems security hardening efforts, to include annual, quarterly and daily security audit, assessments, reviews and remediation procedures
· As the Network Security Engineer, manage and support complex LAN/WAN and security infrastructure enhancements, to include design, implementation and SteadyState support for all Cisco firewalls, ISE infrastructure, Meraki WiFi, VPNs, including all routing and switching infrastructure to include enterprise class routers and switches from Cisco and Meraki.
· Proactively research and communicate emerging security threats, proposing recommendations for implementing short- and long-term solutions to decrease threat vectors and enhance over all security posture.
· Working with the network security team to oversee our Infrastructure monitoring & Incident Response teams in concert with SOC vendors to secure and monitor our corporate, and cloud infrastructures. Experience with industry recognized SIEM and Event Correlation tools.
· As the Network Security Engineer, provide escalation support for Network infrastructure service availability issues as well as all security incidents or escalations.
· Create and maintain network & systems documentation to include administration guides, network, security, configuration diagrams and asset management
· Be available, on-call as required to rapidly troubleshoot any problems resulting from changes or unexpected outages or security incidents.
Qualifications - What we require:
· 10+ years of advanced Network Security Engineering with seasoned experience designing, deploying and supporting complex LAN/WAN and Security infrastructure.
· Advanced experience with Cisco Sourcefire Firewalls, Zone based firewalls, Cisco ISE, 802.1x , MAB, PKI Certificate authentication, RSA, DUO, Okta MFA ASA integration, IDS/IPS, MDM, SSO and access control management solutions.
· Demonstrated experience independently managing large network infrastructure upgrade projects with little to no down time.
· Advance experience supporting large WAN networks and routing protocols including BGP, EIGRP, OSPF. Including MPLS, NNI Extranets and DMVPNs.
· Experience designing, deploying and supporting SD-WAN services from Viptela, Meraki, Fortinet and or Silver Peak highly desired.
· Demonstrated experience supporting enterprise class Cisco switching supporting VMWare clusters, using Nutanix or other complex switch fabric networking.
· Experience support NSX environments strongly desired.
· Demonstrated automation scripting experience using Python, Puppet, Batch and or Powershell.
· Seasoned advanced experience using Cisco Network management tools such as Prime, CSA with advance experience using other monitoring tools including Netflow, Solarwinds and packet level capturing tools such as Wireshark, Fiddler, Microsoft Network Monitor. Including industry recognized SIEM and Event Correlation tools.
· Experience using multiple security pen testing / scanning tools to include Qualys, Nessus, Snort etc.
· Strong understanding of security topics such as access control, network and systems hardening, threat modeling, encryption, vulnerability management, digital forensics and incident response
· Experience with compliance and risk management frameworks, such as PCI,SOX, ISO27001
· Excellent communication skills with prior experiencing leading or acting as a liaison between other departments, employees, management and vendors.