Nesco Resource has partnered with a growing, global organization that is looking to hire a Senior Network Security Engineer that possess a strong background in Cisco R/S, ASA/Fortigate Firewalls, VPNs, and F5 load balancers. Bonus points for anyone who also has experience with Splunk, SD-WAN, enterprise authentication, and WAN acceleration.
The Senior Network Security Engineer position will be responsible for technical support of all areas that fall within the network and operational network security disciplines. This includes third-level engineering and design for all network and network security environments within the enterprise. This role is responsible for protecting the integrity and availability of information, assets and technology within the organization. This role also plays an integral part in security program planning, assists leadership in tool selection, and contributes to framework alignment to ensure the protection of systems and data. Additional responsibilities include design engineering, leading project efforts, day-to-day administration, advanced troubleshooting and providing off-hours support. This position will report directly to the Network Team Lead.
ESSENTIAL DUTIES & RESPONSIBILITIES:
To perform this position successfully, an individual must be able to perform each job duty at a high level. The requirements listed below are representative of the knowledge, skills and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
- Work directly with management and internal teams to ensure the integrity of project goals and deadlines
- Provide advanced third-level support for Cisco routers and switches, Cisco wireless controllers and access points, and both Cisco and Fortinet firewalls
- Experience configuring and troubleshooting L2TP/IPSec, PPTP or SSTP tunnels
- Assist with design and implementation of multi-year strategies to leverage maximum value of network assets
- Possess a strong understanding of MPLS and WAN topologies, and demonstrate proficiency in troubleshooting connectivity throughout a global footprint
- Understand and demonstrate a working knowledge of PCI compliance and actively participate in remediation and external auditing efforts
- Follow process and procedure standards from a technical, business and compliance perspective
- Balance the ability to provide day-to-day support and quickly respond to issues, while still ensuring that project efforts are delivered on time and with high quality
- Assist cross-functional engineering teams to accommodate network solutions for applications, server and storage requirements
- Participate in security compliance efforts and perform any security audit activities required by Corporate IT and Internal auditing departments
- Demonstrate proficiency in load-balancing, WAN acceleration, SD-WAN technologies, Collaboration (Cisco UC), Enterprise authentication and Web-Filtering solutions
- Champion security process and operational improvements and best practices
- Demonstrate proficiency with various routing protocols (BGP, EIGRP, OSPF), complex network configurations, and support of remote and international locations
- Effectively use monitoring/administrative tools to maintain network uptime and efficiency. These include but are not limited to: Wireshark, SolarWinds, PRTG, Cisco Prime, Firepower, Silver Peak Orchestrator and Air Magnet
- Provide 24 x 7 support (when necessary) for both planned and emergency activities, in an effort to minimize any disruptions to the production environment
- As new technologies emerge, effectively assess whether they can be leveraged to enhance functionality, replace old technologies or streamline operations
Required Length & Type of Experience:
- Bachelor's degree in Information Systems, Computer Science or related field.
- Cisco certification in routing and switching, security, or enterprise preferred
- CISSP certification desired
Knowledge, Skills & Abilities:
- Minimum 5-7 years as a network and security engineer in a medium or large multi-site enterprise environment
- Demonstrate a history of leveraging Cisco maintenance and software, including opening and managing support cases, upgrading firmware, maintaining backups, navigating contracts, and understanding hardware/software compatibility matrixes
- Administration of various Cisco hardware models, including but not limited to Nexus 9K, Nexus 5K, ASR/ISR, Catalyst 9300 series, Catalyst 4500/6500 series, and 2960X and 3560X series
- Administration of Cisco security appliances, including but not limited to ASA 55XX series, Client and Ironport
- Support of Fortinet Firewalls including 3301E, 201E and 101E models and leveraging FortiManager for adminstration
- Design and adminstration of F5 load balancers
- Possess experience with security frameworks such as NIST
- Strong understanding of integration between networking and security environments
- Demonstrate strong troubleshooting anaytics and the ability to resolve complex technical issues
- Creating and implementing routing solutions to accommodate unique use cases
- Proficiency in layer 1 cabling standards (fiber/copper/analog) throughout an enterprise environment. This includes termination of copper connections, cable management within a data center and network closets, and troubleshooting of SPF/X2/GBIC modules.
The characteristics listed below are representative of the physical demands required by an individual to successfully perform the essential duties of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
- Flexible, positive and team-oriented attitude
- Ability to interact professionally with a diverse group of vendors, service providers, users and peers
- Proven success in time management and organizational skills
- Excellent interpersonal skills and ability to work effectively with technical and business partners
- Strong written, verbal and presentation competencies
- Desire to learn new technical skills and adapt to an ever-changing IT landscape
- Proven ability to work productively in team settings, as well as independently
- Demonstrate excellent critical-thinking and analytical abilities
- Possess ability to work methodically, even during high-pressure or production-down situations
- Strong working knowledge of Fiber Channel and Ethernet connectivity, SSH, FTP/SFTP, DNS/DHCP, IP addressing and PCI compliance
- Working knowledge of technologies such as active directory, SAN/NAS environments, backup solutions, Splunk/Enterprise Logging, Windows operating systems and Active Directory, and disaster recovery and data replication
- Experience in PowerShell and Python scripting
- Basic knowledge of Linux operating systems
The characteristics listed below are representative of the work environment typically encountered by an individual while performing the essential duties of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
- Must be able to install, move and uninstall network hardware, not exceeding 50 pounds
- In emergency situations, must be able to work extended hours, potentially up to 18 hours at a time
Nesco Resource and affiliates (Lehigh G.I.T Inc, and Callos Resource, LLC) is an equal employment opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status, or any other legally protected characteristics with respect to employment opportunities.
- Majority of work will be performed in normal office space, with additional work within the data center and network closets
- Integrated Service Routers
- Storage (Computing)
- Information Security
- Network Switches
- Routing Protocols