Our client, a premier non-profit organization in Philadelphia is looking for a Network Security Engineer.
Working within in the Network team, this position provides support and administration of all facets of security architecture and management furnished by the infrastructure service delivery group. This is a hands on engineering role whose responsibilities include working with firewalls, load balancers and SIEM. This position also requires a thorough understanding of infrastructure technologies (LAN, WAN, Wi-Fi, VPN, IPSec, Remote Access Solutions, Enterprise Monitoring) design principles and best practices
- Provide second level end-user support for network security infrastructure. Assist with other user support as required. Disseminate knowledge of security tools usage to other members of the group through informal on-the-job training & written documentation.
- Install appropriate network security tools that dynamically audit and report security violations occurring within the infrastructure.
- Design and integrate secure scalable network solutions into the organization's infrastructure based on the ongoing business requirements and those of the security policy.
- Keep network and security systems documentation up to date. Assist with developing Network Security Policies and Disaster Recovery Procedures.
- Maintain awareness of latest security risks, exploits and vulnerabilities and apply them to the network as required. This technical requirement goes beyond the scope of the traditional time and workspace.
- Ensure network security by maintaining network analysis tools with proper code that readily identifies the latest attack, probes or worm signatures. Establish base line conditions for each network segment and routinely review alarm / attack IDS messages, syslogs, server event logs. Analyze source of abnormal conditions then immediately take actions to stop or lessen risk. Develop tactical procedures to quickly identify and mitigate security threats.
- Ensure that all existing and new services / systems are installed and conform to our security specifications. Take appropriate measures to re-engineer older services to conform to security specifications whenever necessary. Lend technical support to other departments when they are designing new systems to ensure they follow security policy guide lines.
- Raise concerns to management regarding network security deficiencies or enhancements that need to be addressed.
Skills and Abilities
- Experienced with designing and implementing perimeter, DMZ and internal network architectures, remote access networks and VPNs.
- Proficient in configuring basic and advanced functions on firewalls (Checkpoint) and load balancing (F5) equipment
- Experience with the installation, configuration and usage of a Security Information and Event Management (SIEM) platform. Needs to be able to tune reporting tools by minimizing false positive, setting thresholds and establishing alerting procedures.
- Proficient when diagnosing network problems using reporting tools such as Snort or syslogs in conjunction with packet decoders like Etherpeek, ethereal or tcpdump.
- Strong understanding of TCP/IP, UDP, ICMP, IPSec, IKE, HTTP, SSL, SMTP, cryptography, wireless access, IP routing and telecommunications.
- Must keep abreast of current exploits relating to Cisco, Checkpoint and F5 ensuring that all network systems are maintained with the latest patches and code versions.
- Assist with the design and implementation of organizational security policies and business continuity plans or disaster recovery solutions.
Minimum 5 years applicable experience
Checkpoint or F5 certification a plus