Network Engineer / Change / Configuration Analyst / Technical Specialist Level II:

This position within the Network Engineering and Operations team within the Enterprise Infrastructure Division (EID), providing engineering oversight and activity to multiple routing, firewalls, and perimeter security and network appliances. The well qualified candidate must be capable of developing and provide evaluation for device performance, firewall performance results, network performance, risk assessments, and be able to recommend changes impacting the network perimeter and security systems. The candidate must be capable of planning and leading engineering activities to include the testing, implementation, and maintenance of internal routing, network routing and perimeter security technologies and devices. Must be capable of communicating and coordinating all routers, switches, and firewall related work to the Operations Manager and to include the Government customer.

The position directly supports DOI Enterprise Services Network Operations Chief and the Lead Engineer and the over 80,000 end user customers nationally.

Primary focus for Enterprise Change Manager and Network & Security Engineering:

• Design, build, test and deploy perimeter security appliances (, Cisco,)
• Directs compilation of records and reports concerning perimeter operations and maintenance to analyze the performance of perimeter security systems.
• Provides input to the problem management process, including assessing and evaluating software and hardware anomalies. Supports the root cause analysis efforts to determine problems and develop remediation activities. Interfaces with vendor support service groups to ensure proper support during outages or periods of degraded system performance.
• Collaborate across Bureaus and Agencies to implement network changes.
• Supports the configuration testing of perimeter devices.
• Plans, documents, and implements hardware and software builds and refresh.
• Create and maintain standard operating procedures and guides for new and/or existing perimeter hardware and software.
• Must understand networking change management.
• Will manages system upgrades, process and procedures.
• Will understand the use of the Remedy Change Management system.
• Ensure best use of tools, systems and processes.
• Monitor status of all RFCs to ensure process compliance.
• Ensure all policies, procedures, and regulations are followed, according to established processes.
• Update training material, documentation and process documents.
• Carry out regular change reviews and process improvement reviews.
• Work with the Change Advisory Board team and attend CAB meetings as needed.
• Follow procedures to contain, analyze, eradicate, and develop sustainable monitoring for malicious activity.
• Support system architecture requirements that meet both user needs while maintaining confidentiality, integrity, and availability at all times.
• Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition lifecycle.
• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Employ secure configuration management processes.
• Ensure that acquired or developed system(s) and architecture(s) are consistent with cybersecurity architecture guidelines.
• Demonstrate critical thinking and creative analysis techniques in distilling test results, eliminating false positives and providing actionable recommendations for mitigation.
• Perform other official duties as assigned

Responsibilities:

Under the supervision of the Network Operations Unit, the Senior Engineer / Firewall Engineer will implement, support, and maintain all aspects related to Cisco, Palo Alto, FortiGate and Juniper firewalls at an enterprise level. As a Senior network and Firewall Engineer, you must have solid knowledge of security best practices, firewalls, network administration, application/web fundamentals and routing protocols (e.g., BGP). Solid experience with Palo Alto and FortiGate administration, creating and supporting virtual contexts (VDOM/VSYS). Primary functions will include supporting the design, architecture and build of firewall configurations across various geographic locations. Will need to work with internal network and security organizations for configuration and installation work. Periodic interaction with service providers to establish VPN tunnels and/or dedicated circuits. Flexibility to work outside normal business hours to support change windows.

Details of these Responsibilities:

• Understanding of major compliance solutions, ITIL, COBOLT, HIPPA, ISO, NIST, PCI, Sarbanes Oxley and the methods to carry these out.
• Develops security strategies and solutions to improve, augment and enhance the posture of IT Security.
• Engineer, install, upgrade, maintain, and/or support a variety of security tools.
• Assists in the coordination and completion of applicable IT security SOP's.
• Periodically reviews, modifies corporate IT Security standards and procedures as required by changes in technologies, business activities, and regulations.
• Work with IT leadership to develop strategies and plans to enforce security requirements and address identified risks.
• Is a subject matter expert in the area of IT Security and provides technical guidance on any IT projects.
• Develops and maintains detailed knowledge of security products, tools, regulations, and best practices.
• Reports to IT management concerning risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
• Plays a consultative role in application development and lead security role in acquisition/merger projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
• Collaborates on critical IT projects to ensure that IT security issues are addressed throughout the project life cycle.
• Fully understand security policies, standards, processes, and procedures, and supports service-level agreements to ensure that security controls are managed and maintained.
• Researches, evaluates, and recommends IT and information-security-related hardware and software, including developing business cases for security investments.
• Ensure that acquired or developed system(s) and architecture(s) are consistent with cybersecurity architecture guidelines
• Demonstrate critical thinking and creative analysis techniques in distilling test results, eliminating false positives and providing actionable recommendations for mitigation.
• Perform other official duties as assigned

Qualifications:

• Bachelor's degree in a computer science/computer engineering related discipline or 5-7 years IT network engineering support experience (Tier II, Tier III, network infrastructure implementation and maintenance); may accept additional experience in lieu of degree.
• Strong experience with one or more of the following security devices: firewalls, VPN concentrators, NEXTGEN Firewalls, etc.
• Experience supporting the configuration and maintenance of Firewall/DMZ infrastructure including Network and Application Firewall Packet Filtering technologies
• Firsthand experience in developing and providing quality assurance review of engineering change orders relating to the replacement or enhancement of perimeter security hardware and software
• Experienced with performing root cause analysis, risk identification, and risk mitigation
• Knowledgeable with configuring Cisco switches and routers
• Experienced with network monitoring devices such as Riverbed, OpNet, SPLUNK, NetRounds, SolarWinds or other similar monitoring tools

Certifications: Cisco CCNA, Network+, Security+, HP-Aruba or other network and security related product and industry certifications.

• Significant experience with the implementation and support of an IT Security program including aspects of threat and vulnerability management, security management, and application security related products, projects, procedures, and processes.
• This person should be able to perform a variety of technical tasks, including, for example, the installation of security software, configuration of software, and problem determination and resolution.
• Experience with Cisco ASA VPN, McAfee and Zscaler, Network Access Control with Cisco Client, Wireless 8021.1x, Keysight Network Packet Brokers (NPB),
• Experience with Fortinet Firewall and Intrusion prevention governance
• DNS security management and operations Cisco
• Security Analytics operations support and investigations
• Experience with zero trust architecture and governance
• Network Anomaly IA Analytics with Darktrace, configuration, design, and operations or similar
• Familiar with management frameworks, such as International Organization for Standardization (ISO) 2700x, ITIL, COBIT, PCI, HIPAA and National Institute of Standards and Technology (NIST) 800-53.
• Expertise in performing vulnerability assessments including network, system and/or application vulnerability scanning, penetration testing and remediation methods.
• Technical knowledge of; mainstream operating systems including, for example, Microsoft Windows, UNIX and Linux; a wide range of security technologies, such as, network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

Required:

Minimum Education and Experience:

• Requires a degree with 2-4 years of experience or no degree and 8-10 years of related experience of which at least 2 years must specialize in network engineering, information technology.

Desired Education and Experience:

• Security related certifications preferred such as Cisco CCNA, Security +.
• Vendor training Fortinet, Cisco, Juniper, A-10, HP-Aruba, etc.
• Bachelor's Degree or a combination of formal education and work experience.
• Information Security, Technology or Computer Science or certificate in Cybersecurity, Computer Systems Engineering, Computer Science, Computer Information Systems or equivalent education and experience required.
• Certificate(s) in Cyber Security, Computer Science, or Information Security Management.
• One or more certifications in Cisco,

Required Clearance:

Ability to receive a National Agencies Clearance, pass a basic background check. May require further ability to reach a Secret Clearance depending on job classification at a later point.

Futron Incorporated is committedto creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

It is Futron Incorporated's policy not to discriminate because of a person's relationship or association with a protected veteran. This includes spouses and other family members. Also, Futron Incorporated will safeguard the fair and equitable treatment of protected veteran spouses and family members regarding all employment actions and prohibit harassment of applicants and employees because of their relationship or association with a protected veteran.