Network Security Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Overview

We are seeking a talented and experienced Network Security Engineer to join our team. The ideal candidate will have a strong background in network security technologies, protocols, and methodologies. They will be responsible for designing, implementing, and maintaining network security measures to protect our infrastructure from cyber threats.

Responsibilities:

Network Security Infrastructure:

• Spearhead the design, implementation, and upkeep of the organization's network security architecture, ensuring alignment with business imperatives and industry benchmarks.
• Configure and administer Intrusion Prevention Systems (IPS), firewalls, and other security appliances to fortify the network perimeter.

Security Policy Development:

• Develop and enforce robust network security policies and procedures, encompassing access control, authentication, and authorization mechanisms.
• Conduct regular reviews and updates of security policies to adapt to evolving threats and technological advancements.

Vulnerability Management:

• Execute swift deployment of fixes for vulnerabilities detected across network devices.

Security Incident Response:

• Actively engage in incident response endeavors, encompassing the analysis of security events, orchestration of containment efforts, and facilitation of post-incident reviews.
• Formulate and uphold an incident response plan to ensure a prompt and efficient response to security incidents.

Network Monitoring and Analysis:

• Utilize Security Information and Event Management (SIEM) tools to monitor network traffic, identifying and responding to suspicious activities.
• Analyze security logs and reports to discern patterns and trends indicative of security threats.

DDoS Mitigation Strategy:

• Devise and implement DDoS mitigation strategies to shield the organization's online assets and services.
• Collaborate with network architects and security teams to seamlessly integrate DDoS protection measures into the overarching security architecture.

DDoS Detection and Monitoring:

• Employ advanced monitoring and detection tools to pinpoint potential DDoS attacks swiftly.
• Implement real-time monitoring solutions for anomalous traffic patterns, enabling early detection of DDoS threats.

Network Security in the Cloud:

• Oversee the implementation and management of security measures for cloud networks, encompassing firewalls, network access controls, and encryption.
• Conduct routine security assessments and audits to pinpoint and rectify vulnerabilities.

Cloud Service Integration:

• Seamlessly integrate cloud networking services such as Amazon VPC, Azure Virtual Network, or Google Cloud VPC into overarching network designs.
• Collaborate with cloud service providers to leverage platform-specific networking features.

Security Awareness and Training:

• Develop and deliver comprehensive security awareness programs for employees, educating them on security policies, best practices, and cybersecurity's significance.
• Provide ongoing training to IT staff on emerging threats and security technologies.

Compliance and Auditing:

• Ensure compliance with industry regulations and standards such as CIS or NIST.
• Prepare for and actively participate in both internal and external security audits, addressing findings and implementing corrective actions.

Network Access Control:

• Implement and manage network access controls, including VPNs, secure remote access solutions, and multi-factor authentication.
• Vigilantly monitor user activity to swiftly detect and respond to unauthorized access attempts.

Security Documentation:

• Maintain meticulous documentation of network security configurations, procedures, and incidents.
• Continually create and update documentation for security policies, guidelines, and standard operating procedures.

Collaboration and Communication:

• Collaborate seamlessly with IT teams, system administrators, and other departments to ensure a unified and integrated approach to security.
• Communicate technical security issues effectively with non-technical stakeholders, translating them into comprehensible business risk language.

Skills:

• Proficiency in firewall and intrusion detection/prevention system administration, such as PaloAlto & Cisco FTD.
• Hands-on experience in deploying virtual firewalls like Cisco/PaloAlto/Fortigate or similar on cloud platforms.
• Familiarity with DDoS mitigation tools and services like Cloudflare or Akamai.
• Knowledge of EASM tools like BitSight, SecurityScorecard, or equivalents.
• Expertise in monitoring web security gateways, perimeter security, network access controls, and endpoint security.
• Proficient in SIEM tools like Splunk, Elastic, or similar.
• Understanding of cloud networking concepts and services.
• Familiarity with cloud-native networking tools and platforms like Prisma, Orca Security, or equivalents.
• Proven ability in maintaining and implementing SOPs for network security.
• Experience in investigating security breach alerts.
• Knowledge of network security protocols, routing, and switching.
• Strong problem-solving and analytical skills.
• Excellent communication and interpersonal abilities.
• Capability to work collaboratively in a team as well as independently.

Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Relevant certifications such as CCNA Security, CEH, or equivalent.
• Typically, 3-5 years of experience in network security roles.
• Experience with security assessment tools and methodologies.
• Familiarity with cloud security principles is advantageous.