Senior Network Security Engineer (Forescout)
Raymond James Financial, Inc.
Description
Note: This position will follow our hybrid work model, we expect the selected candidate to be in the office a minimum of 8 days per month at one of the following locations: St. Petersburg, FL, Denver, CO, or Southfield, MI.
Job Summary:
The Senior Forescout Engineer is responsible for managing, designing and improving RJ’s enterprise network, with a focus on our Forescout NAC Global infrastructure. He or she will assist network architects with design and implementation of network technologies. This role is responsible for senior level network engineering implementation and providing technical principles guidance to peer engineers, proactively taking technology project delivery from 0 to 100% with little to no supervision. General duties include leading buildout of solutions and driving innovation for implementation of new modern technologies in the enterprise network. Partners with management and peer engineers to drive infrastructure modernization projects to completion and provides Tier3 technical support using extensive expertise to take on work assignments the team is engaged in. Strong people skills and the ability to balance/prioritize between multiple tasks and projects are essential. This position does involve both routing and switching as well as network firewall implementation projects for both on-prem and cloud infrastructure.
Essential Duties and Responsibilities:
Design, improve and innovate:
Understand and own the full lifecycle of Forescout infrastructure.
Primary focus is expanding on existing Forescout environment and building new functionalities driven by business requirements in collaboration with the architecture and engineering teams.
Researches and recommends innovative technologies and approaches for enterprise infrastructure management, upgrades, or improvements.
Utilize and integrate network components such as Forescout NAC servers, firewalls, switches, routers, AP/Controllers, SDN fabric components, load balancers and cloud infrastructure network elements.
Proactively identify and implement network improvements to assure the performance, resiliency and redundancy of the network.
Utilizes blueprints to engineer solutions and adhere to enterprise standards (engineering focused, architecture supported).
Take disaster recovery and business continuity plan aspects into consideration for any new technology implementation or change.
Monitor, document and offer proactive support:
Provides ad-hoc support for incidents requiring T3 level resources (engineering/architecture).
Use Microsoft Visio to produce and maintain documentation.
Participate in 24×7 on call rotation for SME T3 support requirements as needed (Forescout SME).
Maintains service level agreements of departmental metrics, key performance indicators and adhering to strict project timelines.
Maintain/Improve security posture, promptly addressing issues, vulnerabilities and security requirements according to regulatory guidelines (PCIDSS, PII, CIS, NIST).
Collaborate and coach:
Work collaboratively across a variety of business units to implement new technologies.
Coordinate and take lead of assigned projects in all technical and communication aspects.
Collaborate with peer engineers towards achieving common goals in assigned projects.
Coach peer engineers and effectively perform knowledge transfer/cross training activities (create SOPs, etc).
Qualifications
Qualifications, Skills, and Abilities:
Qualifications:
Required:
5-7 years of experience in network design, implementation and documentation of medium-large scale enterprise networks (10,000 users). Experience with routing and switching enterprise technologies (CCNA level required, CCNP level desirable).
3-5 years of experience with Forescout technologies.
Deploy and maintain Forescout NAC appliances in an environment of over 10,000 assets
Expanded Forescout capability through modules and security stack integrations (vCenter, Service Now, Qualys, Palo Alto, etc.)
Troubleshoot various types of issues with the Forescout platforms (authentication, 802.1x, quarantine VLANs, network reachability, logging, etc.).
Develop and maintain enforcement and posture policies
Create dashboards and automated reporting
Develop and maintain enforcement and posture policies
Awareness of IAM best practices and 802.1x deployment in large enterprise environments.
Experience with implementing and maintaining Palo Alto Centrally managed firewall platforms.
Panorama policy management (NGFW PanOS): Threat Prevention, UserID, Global Protect (Client VPN, LSVPN), HA setup
Prisma Access (preferred – Cortex, DataLake, CloudIdentityEngine)
Deployment from 0 to 100% of enterprise firewall clusters
Desirable:
Administering F5 Clusters, Load balancing, SSL decryption policies, DNS Geolocation (LTM, GTM, APM, ASM/Cloud WAF).
Certificate management (Venafi), Cryptographic protocols and algorithms, certificate PKI.
Experience with Infoblox DNS/IPAM functions.
Familiarity with cloud computing principles and experience in designing secure and scalable network solutions for cloud environments.
Automation/scripting experience (Python, Ansible).
Network security protocols, architecture and design principles; intrusion detection, prevention systems, secure socket layer (SSL) protocols, virtual private networks (VPNs).
Familiarity with one of following monitoring platforms: Microsoft SevOne, SolarWinds, DataDog, Splunk.
Experience in designing, implementing and maintaining data center spine leaf fabrics (Arista/Cisco).
Experience with Cisco Wireless technologies in a large enterprise environment (Cisco WLC, FlexConnect, CAPWAP).
Experience with Cisco DNA Center.
1-2 years of Experience with SDWAN technologies (Cisco, Palo Alto ION).
Skilled in:
Technical skills to oversee hardware and software systems.
Problem-solving skills, such as troubleshooting network issues and developing effective solutions.
Communication, convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
Satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.
Problem solving using effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.
Time management to prioritize and effectively get through project deadlines
Research, creating, writing, editing and proofreading documentation.
Communication, convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
Satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.
Ability to:
Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.
Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas.
Develop and use collaborative relationships to facilitate the accomplishment of work goals.
Ability and desire to effectively work as a team member in cross functional environment.
Strong communication with technical team members and more importantly non-technical team members.
Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.
Occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
Work in a team environment or project room to facilitate collaboration.
Understand basic programming concepts, coding practices, algorithms and data structures.
Work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
Performs other duties and responsibilities as assigned.
Educational/Previous Experience Requirements:
Minimum of a Bachelor’s degree in Computer Science, MIS, Business or related degree and three (3) to five (5) years of relevant experience or a combination of education, training and experience approved by HR.
Five (5) or more years of experience in Network or Information Security would be preferred.
Licenses/Certifications:
Required: Forescout Certified Professional (FSC) / Desirable: PCNSE, CCNP.
Security and Control certifications preferred: (CISSP, CISM, CISA, CRISC).
Job: Technology
Primary Location: US-FL-St. Petersburg-Saint Petersburg
Other Locations: US-FL-St. Petersburg-Saint Petersburg, US-CO-Denver-Denver
Organization Technology
Schedule Full-time
Job Shift Day Job
Travel No
Req ID: 2403163