Firewall Management Security Engineer
Clearance Level: Top Secret with SCI eligibility
Education: Minimum High School Diploma with required experience
Location: Huntsville, AL
Travel: 0 - 10%
ONLY CANDIDATES WITH AT LEAST AN ACTIVE TOP SECRET CLEARANCE WILL BE ACCEPTED.
We are seeking a Firewall Management Security Engineer to support the team in Huntsville, Alabama. The candidate will be part of an Engineering team for our Federal customer, providing Firewall management and Security Engineering support services for a network infrastructure consisting of unclassified, classified, and top-secret networks. The team ensures the availability of a reliable/robust network transport infrastructure that provides data protection for information delivered across strategic, operational, and tactical boundaries.
The candidate will be responsible for working with a team of engineers operating and maintaining the overall network infrastructure to include multi-vendor Network Firewalls and high-level network engineering and network transport integration support services for network development/design, defining the network architecture, network transport technology testing and evaluation, and network implementation/integration of new IT services or modifications of existing services for all network transport enclaves.
- Operate and maintain multiple multi-vendor Network Firewalls
- Responsible for operational & technical support of the network transport infrastructure to include firewalls that are used for network implementations that involve enhancements and modifications to the network transport infrastructure.
- Provide network sustainment services to ensure the consistent delivery of network services across all security enclaves. Network management include all activities related to the standardization, operational design, identification, management, and remediation of network faults to maintain the service quality of the enterprise networks. Provide management and technical leadership for the team and act as an escalation point in the event additional support is required.
- Provide management and administration of all routers, firewalls, load balancer, Type-1 encryptors and switches used to provide connectivity and communication necessary for all enterprise users to access enterprise services/systems needed to perform their duties.
- Provide support for the operations and administration of all firewalls (Cisco, Palo Alto, Juniper) and Type 1 Encryptors used to provide isolation and added security for the network transport and enterprise services
- Provide engineering support for the establishment of mobile and ubiquitous Internet access and connections to other agencies' networks that supports this universal information sharing.
- Responsible for managing network access controls/admission, network transport compliance and engineering standards enforcement functions, network transport security management/change management, along with other associated programmatic support for emerging network transport technologies.
- Provide feeds to the customers’ operations centers and other government designated centers as directed for situational awareness, responding to escalated incidents and outages (e.g. from the service desk), taking corrective actions to resolve the issue, escalating issues that cannot be resolved within the network operations center, and maintaining/upgrading the supporting network.
- Verify services performed/implemented reflect industry standard security best practices
- Provide connectivity and troubleshoot on the security network devices and effectively manage the network management tools.
- Provide communications security (COMSEC) Services focusing on COMSEC support for enterprise-level networks (wide area, metropolitan area, and campus area networks).
- Provide expertise as a COMSEC Responsible Officer when required by the Government in individual task orders
- Rapidly resolve COMSEC issues to the complete satisfaction of the appropriate COMSEC inspection authorities; maintain COMSEC and perform system administrator functions with full access privileges to the Local Management Devices / Key Processors (LMDs/KPs)
- Create, delete, and modify COMSEC operator accounts and create/delete Tier 3 hand receipt holder accounts
- Perform downloads of crypto key from the Electronic Key Management System (EKMS); conduct inventories of COMSEC material in accordance with regulations; maintain crypto equipment and operational keys
- Rekey and reinitialize crypto equipment as required and troubleshoot/resolve crypto problems and processing COMSEC material for shipping
- Provide deliverables to include program support for enterprise projects and assignments.
- Deliver innovative solutions to align with current network infrastructure through technological innovations and industry standard best practices via documentation, metrics, and performance analytics.
- Contribute to the development and dissemination of technical documents including requirements analyses, design documents, manuals, fielding documents, and preparing contract deliverables and reports; assisting in preparation of presentation graphics.
- Oversee the designing, developing, integrating, and maintaining of applications, tools, services, and other software to improve business and mission capabilities and improve application effectiveness.
- Manage network security and compliance documentation, track security progress and performance, coordinate all improvement efforts and monitor process effectiveness
- Active Top Secret clearance with SCI eligibility
- Bachelor’s degree in technology related field (BS/BA) and 2 years of related experience. (High School plus 6 years related experience in lieu of a degree)
- Network and/or security certifications such as: CCSK, CISSP, CCNA CCNP, JNCIA-SEC .
- Enterprise network security experience (firewall, Intrusion Detection and Prevention (IDPs), log management/reporting solutions)
- Planning and deployment of new network security systems.
- Resolution of tier 3 trouble incidents for firewalls, secure e-mail gateways, email encryption technologies, intrusion prevention systems (IPS), and network forensics tools.
- Practical experience supporting Palo Alto, Cisco Firepower/Sourcefire, and/or Cisco ASA firewalls
- Practical experience with Splunk or comparable logging system for troubleshooting
- CCIE, JNCIE
- Knowledge of Cisco and Juniper Network Transport Routers and Switches and Identity Service Engine (ISE) appliances, Network Firewalls, Type 1 encryptors, WAN optimization devices, Load Balancers, HP, TACLANES, Remedy ITSM technologies, and VMware
- Knowledge of Agile management practices
- Experience supporting a large enterprise environment
- 6+ years of relevant information Firewall Mgmt and Security Engineer experience in classified and unclassified (DOJ, DoD and/or other Intelligence Community environments preferred)