Candidate Description
This is an engineer role and the candidate must be able to demonstrate ability to install, manage and maintain Firewalls in both on-premise and cloud environments. Demonstrated experience in supporting CISCO ASA/Firepower and Fortinet Firewalls as an engineer is REQUIRED. Holding one or more vendor-neutral security certifications or CISCO/Fortinet certifications (e.g., Security +, CISM, CISSP) is a plus for this position.
This position supports a customer out of AUSTIN, TX, and will support the customer's need to run and maintain the CISCO and Fortinet Firewalls. This position is in direct support (on-site at customer facilities) of an AT&T customer in the government sector. AT&T is providing Managed Security Service Provider (MSSP) functions related to the Security Operations Center (SOC) including Tier 1 through Tier 3 resource capabilities and activities related to security monitoring, threat, and vulnerability management and incident response (IR).
Selected candidates must pass a CJIS background check process, and complete basic safety and security training to meet the customer requirements. Candidates must be of 18 years of age or older.
Responsibilities
• Run and maintain firewalls and WAFs for customer.
• Develop and maintain rule sets for firewalls.
• Help determine tactics, techniques, and procedures (TTPs) for firewalls.
• Recommend computing environment vulnerability corrections.
• Perform patch management for MSSP Security tools and customer's security tools.
• Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
• Perform Changes to Firewalls as specified by customers.
• Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Create and document procedures and work instructions for use by the SOC staff (Tier 2- Tier 3).
• Train and mentor other engineers as needed.
Candidate Requirements
Candidate should have strong communications skills, both written and verbal, be comfortable presenting information to teammates, customer technical personnel and AT&T Leads and Managers.
The preferred candidate is REQUIRED to have:
• Eight (8) years of experience in CISCO/Fortinet FW administration, engineering, and configuration.
• Demonstrated experience using either an Enterprise/MSSP and or cloud Security SIEM technologies as an analyst.
• Ability to support and work across multiple customer and bespoke systems.
• Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.
• Complete basic safety and security training to meet the customer requirements.
• Ability to work a rotating shift and/or on-call schedule as required.
• CompTIA Security + certification or equivalent/higher
Candidate Preferred Requirements
The Preferred candidate holding one or more of the industry certifications will be a plus
• Any CISCO Certifications
• Any Fortinet Certifications
• Other Certs - such as CompTIA Networking+, any Cloud Certifications, Azure Sentinel
Qualifying Experience and Attributes
• Ability to configure, deploy, and troubleshoot Cisco and Fortigate Firewall Platforms
• Work under limited supervision support and engineering of the WAF and Firewall policies
• Engineer and Architect solutions using WAFs and firewalls. Develops and maintains WAF and firewall documentation.
• Work with internal delivery teams to integrate applications with WAF policies
• Provide accurate and timely reporting on all project deliverables
• Ability to analyze firewall configurations and rule sets.
• Working knowledge of Windows Active Directory Domains
• Working Knowledge of various Linux OS
• Strong Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of cybersecurity and privacy principles.
• Knowledge of encryption algorithms, cryptography, and cryptographic key management concepts.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• Knowledge of incident response and handling methodologies.
• Knowledge of network traffic analysis methods.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol TCP and Internet Protocol IP , Open System Interconnection Model OSI , Information Technology Infrastructure Library, current version ITIL ).
• Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
• Knowledge of security system design tools, methods, and techniques.
• Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
• Knowledge of cyber defense and information security policies, procedures, and regulations.
• Knowledge of the common attack vectors on the application layer.
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of how to use network analysis tools to identify vulnerabilities.