2022-035 – Security Engineer (Perimeter) – Dedicated
Position Description:
Candidate Description
This is an engineer role and the candidate must be able to demonstrate the ability to install, manage and maintain Firewalls in both on-premise and cloud environments. Demonstrated experience in supporting CISCO ASA/Firepower and Fortinet Firewalls as an engineer is REQUIRED. Holding one or more vendor-neutral security certifications or CISCO/Fortinet certifications (e.g., Security +, CISM, CISSP) is a plus for this position.
This position supports a customer out of AUSTIN, TX, and will support the customer’s need to run and maintain the CISCO and Fortinet Firewalls. This position is in direct support (on-site at customer facilities) of an AT&T customer in the government sector. AT&T is providing Managed Security Service Provider (MSSP) functions related to the Security Operations Center (SOC) including Tier 1 through Tier 3 resource capabilities and activities related to security monitoring, threat, and vulnerability management and incident response (IR).
Selected candidates must be US Citizens, pass a CJIS background check process, and complete basic safety and security training to meet the customer requirements. Candidates must be 18 years of age or older.
Responsibilities
- Run and maintain firewalls and WAFs for customer.
- Develop and maintain rule sets for firewalls.
- Help determine tactics, techniques, and procedures (TTPs) for firewalls.
- Recommend computing environment vulnerability corrections.
- Perform patch management for MSSP Security tools and customer’s security tools.
- Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
- Perform Changes to Firewalls as specified by customers.
- Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
- Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Create and document procedures and work instructions for use by the SOC staff (Tier 2- Tier 3).
- Train and mentor other engineers as needed.
Candidate Requirements
Candidate should have strong communications skills, both written and verbal, be comfortable presenting information to teammates, customer technical personnel and AT&T Leads and Managers.
The preferred candidate is REQUIRED to have:
- Eight (8) years of experience in CISCO/Fortinet FW administration, engineering, and configuration.
- Demonstrated experience using either an Enterprise/MSSP and/ or cloud Security SIEM technologies as an analyst.
- Ability to support and work across multiple customer and bespoke systems.
- Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.
- Complete basic safety and security training to meet the customer requirements.
- Ability to work a rotating shift and/or on-call schedule as required.
- CompTIA Security + certification or equivalent/higher
Candidate Preferred Requirements
The Preferred candidate holding one or more of the industry certifications will be a plus
- Any CISCO Certifications
- Any Fortinet Certifications
- Other Certs – such as CompTIA Networking+, any Cloud Certifications, Azure Sentinel
Qualifying Experience and Attributes
- Ability to configure, deploy, and troubleshoot Cisco and Fortigate Firewall Platforms
- Work under limited supervision support and engineering of the WAF and Firewall policies
- Engineer and Architect solutions using WAFs and firewalls. Develops and maintains WAF and firewall
- Work with internal delivery teams to integrate applications with WAF policies
- Provide accurate and timely reporting on all project deliverables
- Ability to analyze firewall configurations and rule sets.
- Working knowledge of Windows Active Directory Domains
- Working Knowledge of various Linux OS
- Strong Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of cybersecurity and privacy principles.
- Knowledge of encryption algorithms, cryptography, and cryptographic key management concepts.
- Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
- Knowledge of incident response and handling methodologies.
- Knowledge of network traffic analysis methods.
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
- Knowledge of security system design tools, methods, and techniques.
- Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
- Knowledge of cyber defense and information security policies, procedures, and regulations.
- Knowledge of the common attack vectors on the application layer.
- Knowledge of system administration, network, and operating system hardening techniques.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of how to use network analysis tools to identify vulnerabilities.
