Network Engineer (Firewall and Security SME)- TS
Amentum
Jacobs is seeking a Network Engineer in Quantico, VA. This is a Senior/SME position, providing firewall/engineering leadership over multiple firewall and perimeter security systems and devices. The well-qualified candidate must be capable of evaluating performance results, performing risk assessments, recommending, and implementing changes impacting the perimeter security team. The candidate must be capable of planning and leading engineering activities to include the testing, implementation, and maintenance of perimeter security technologies and devices and must be capable of communicating and coordinating all firewall related work to the include the government customer.
Responsibilities:
Responsible for the design, implementation and support of information security monitoring and protection technologies.
Build, design, test, deploy, maintain, and troubleshoot perimeter security (Firewall) solutions.
Deploy, configure, maintain, and troubleshoot network-based intrusion systems, web proxies, network-based dynamic malware engines, and endpoint security solutions. Manage Cisco Firepower platform including but not limited to licensing, update management, patching, and inventory.
Administer all network hardware and equipment, including routers, switches, wireless access points, and UPS.
Develop and deploy perimeter security solutions utilizing multi-vendor firewalls, email security, IPS/IDS, SSL/TLS decryption, DMZs, and virtualization/zones for on premise and cloud-based services.
Experience making use of enterprise tools to monitor and improve network security and performance.
Perform network, server and security audits, review logs for errors and trends, and ensure proper function of network infrastructure.
Collaborate with technical SMEs on enterprise-wide solutions, participate in technical working groups.
Supports the compilation of records and reports concerning perimeter operations and maintenance to analyze the performance of perimeter security systems.
Provides input to the problem management process, including assessing and evaluating software and hardware anomalies. Supports the root cause analysis efforts to determine problems and develop remediation activities. Interfaces with vendor support service groups to ensure proper support during outages or periods of degraded system performance.
Supports the transition to operations of perimeter security devices.
Collaborate with cross-bureaus and agencies to implement network changes as it relates to perimeter security
Supports the configuration testing of replacement perimeter devices
Plans, documents, and implements hardware and software build and refresh
Create and maintain standard operating procedures (SOPs) and guides for new and/or existing perimeter hardware and software.
Attend weekly meetings, and participates in working groups, as related to constant changing security environment.
#divergent
Active Top Secret
Bachelor’s degree in information technology, or equivalent experience
7-10 years of Information T security/network engineering experience (security, network infrastructure implementation, and maintenance)
Expert experience in one or more of the following security devices: Palo Alto firewalls, Panorama management console, Forcepoint/StoneGate firewalls, A10 Encrypted Traffic Inspection/Application Delivery, and Cisco ESA & ASA
Experience developing and configuring SSL/TLS encryption/decryption solutions for traffic inspection
Experience supporting the configuration and maintenance of Firewall/DMZ infrastructure including Network and Application Firewall Packet
Filtering technologies
Experienced with performing root cause analysis, risk identification, and risk mitigation
Knowledgeable with configuring Cisco switches
Recommend and perform network improvements, upgrades, and repairs.
Strong understanding of routing/switching technologies, IP addressing/subnetting, and network traffic analysis/troubleshooting
Work experience of Cisco Security product line, ASA and Firepower etc.
Experience with network monitoring devices such as HP Openview, Nagios, Zenoss, NeuralStar or other similar monitoring tools
Preferred:
Bachelor’s degree in information technology, or equivalent experience
Experience as an Information System Security Representative (ISSR) or Information System Security Officer (ISSO)
Certifications:
CompTIA Advanced Security Practitioner (CASP), Certified Information Systems Security Professional (CISSP), Cisco CCNP security or JNCIS (or equivalent)
Experience migrating from ASAs to Firepowers
Familiarity with IT security systems, policies and procedures)
Interpersonal skills including the ability to collaborate effectively, self-awareness, and excellent written and oral communications.