2022-035 – Security Engineer (Perimeter) – Dedicated

Position Description:

Candidate Description

This is an engineer role and the candidate must be able to demonstrate the ability to install, manage and maintain Firewalls in both on-premise and cloud environments.  Demonstrated experience in supporting CISCO ASA/Firepower and Fortinet Firewalls as an engineer is REQUIRED. Holding one or more vendor-neutral security certifications or CISCO/Fortinet certifications (e.g., Security +, CISM, CISSP) is a plus for this position.

This position supports a customer out of AUSTIN, TX, and will support the customer’s need to run and maintain the CISCO and Fortinet Firewalls. This position is in direct support (on-site at customer facilities) of an AT&T customer in the government sector.  AT&T is providing Managed Security Service Provider (MSSP) functions related to the Security Operations Center (SOC) including Tier 1 through Tier 3 resource capabilities and activities related to security monitoring, threat, and vulnerability management and incident response (IR).

Selected candidates must be US Citizens, pass a CJIS background check process, and complete basic safety and security training to meet the customer requirements.   Candidates must be 18 years of age or older.

 

Responsibilities

  • Run and maintain firewalls and WAFs for customer.
  • Develop and maintain rule sets for firewalls.
  • Help determine tactics, techniques, and procedures (TTPs) for firewalls.
  • Recommend computing environment vulnerability corrections.
  • Perform patch management for MSSP Security tools and customer’s security tools.
  • Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
  • Perform Changes to Firewalls as specified by customers.
  • Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
  • Create and document procedures and work instructions for use by the SOC staff (Tier 2- Tier 3).
  • Train and mentor other engineers as needed.

Candidate Requirements

Candidate should have strong communications skills, both written and verbal, be comfortable presenting information to teammates, customer technical personnel and AT&T Leads and Managers.

The preferred candidate is REQUIRED to have:

  • Eight (8) years of experience in CISCO/Fortinet FW administration, engineering, and configuration.
  • Demonstrated experience using either an Enterprise/MSSP and/ or cloud Security SIEM technologies as an analyst.
  • Ability to support and work across multiple customer and bespoke systems.
  • Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.
  • Complete basic safety and security training to meet the customer requirements.
  • Ability to work a rotating shift and/or on-call schedule as required.
  • CompTIA Security + certification or equivalent/higher

Candidate Preferred Requirements

The Preferred candidate holding one or more of the industry certifications will be a plus

  • Any CISCO Certifications
  • Any Fortinet Certifications
  • Other Certs – such as CompTIA Networking+, any Cloud Certifications, Azure Sentinel

 

Qualifying Experience and Attributes 

  • Ability to configure, deploy, and troubleshoot Cisco and Fortigate Firewall Platforms
  • Work under limited supervision support and engineering of the WAF and Firewall policies
  • Engineer and Architect solutions using WAFs and firewalls. Develops and maintains WAF and firewall
  • Work with internal delivery teams to integrate applications with WAF policies
  • Provide accurate and timely reporting on all project deliverables
  • Ability to analyze firewall configurations and rule sets.
  • Working knowledge of Windows Active Directory Domains
  • Working Knowledge of various Linux OS
  • Strong Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of encryption algorithms, cryptography, and cryptographic key management concepts.
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • Knowledge of incident response and handling methodologies.
  • Knowledge of network traffic analysis methods.
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
  • Knowledge of security system design tools, methods, and techniques.
  • Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
  • Knowledge of cyber defense and information security policies, procedures, and regulations.
  • Knowledge of the common attack vectors on the application layer.
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Knowledge of how to use network analysis tools to identify vulnerabilities.