Candidate Description

This is an engineer role and the candidate must be able to demonstrate the ability to install, manage and maintain Firewalls in both on-premise and cloud environments.  Demonstrated experience in supporting CISCO ASA/Firepower and Fortinet Firewalls as an engineer is REQUIRED. Holding one or more vendor-neutral security certifications or CISCO/Fortinet certifications (e.g., Security +, CISM, CISSP) is a plus for this position.

This position supports a customer out of AUSTIN, TX, and will support the customer’s need to run and maintain the CISCO and Fortinet Firewalls. This position is in direct support (on-site at customer facilities) of an customer in the government sector.  A Third party is providing Managed Security Service Provider (MSSP) functions related to the Security Operations Center (SOC) including Tier 1 through Tier 3 resource capabilities and activities related to security monitoring, threat, and vulnerability management and incident response (IR).

Selected candidates must be US Citizens, pass a CJIS background check process, and complete basic safety and security training to meet the customer requirements.   Candidates must be 18 years of age or older.

Responsibilities

• Run and maintain firewalls and WAFs for customer.
• Develop and maintain rule sets for firewalls.
• Help determine tactics, techniques, and procedures (TTPs) for firewalls.
• Recommend computing environment vulnerability corrections.
• Perform patch management for MSSP Security tools and customer’s security tools.
• Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
• Perform Changes to Firewalls as specified by customers.
• Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Create and document procedures and work instructions for use by the SOC staff (Tier 2- Tier 3).
• Train and mentor other engineers as needed.

Candidate Requirements

Candidate should have strong communications skills, both written and verbal, be comfortable presenting information to teammates, customer technical personnel and Leads and Managers.

The preferred candidate is REQUIRED to have:

• Eight (8) years of experience in CISCO/Fortinet FW administration, engineering, and configuration.
• Demonstrated experience using either an Enterprise/MSSP and/ or cloud Security SIEM technologies as an analyst.
• Ability to support and work across multiple customer and bespoke systems.
• Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.
• Complete basic safety and security training to meet the customer requirements.
• Ability to work a rotating shift and/or on-call schedule as required.
• CompTIA Security + certification or equivalent/higher

Candidate Preferred Requirements

The Preferred candidate holding one or more of the industry certifications will be a plus

• Any CISCO Certifications
• Any Fortinet Certifications
• Other Certs – such as CompTIA Networking+, any Cloud Certifications, Azure Sentinel

Qualifying Experience and Attributes 

• Ability to configure, deploy, and troubleshoot Cisco and Fortigate Firewall Platforms
• Work under limited supervision support and engineering of the WAF and Firewall policies
• Engineer and Architect solutions using WAFs and firewalls. Develops and maintains WAF and firewall
• Work with internal delivery teams to integrate applications with WAF policies
• Provide accurate and timely reporting on all project deliverables
• Ability to analyze firewall configurations and rule sets.
• Working knowledge of Windows Active Directory Domains
• Working Knowledge of various Linux OS
• Strong Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of cybersecurity and privacy principles.
• Knowledge of encryption algorithms, cryptography, and cryptographic key management concepts.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• Knowledge of incident response and handling methodologies.
• Knowledge of network traffic analysis methods.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
• Knowledge of security system design tools, methods, and techniques.
• Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
• Knowledge of cyber defense and information security policies, procedures, and regulations.
• Knowledge of the common attack vectors on the application layer.
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of how to use network analysis tools to identify vulnerabilities.