Network Engineer

The Security Specialist will provide subject matter expertise, technical support, and overall administration privileges for Network Security in general and for specific hardware-based and software-based security platforms, ensuring that strict network access and intrusion prevention guidelines and policies are deployed logically onto the network.

This is a major role in that the individual charged with this function must:
• Protect the Network and business operations against directed security attacks.
• Prevent damage from worms and virus to the network.
• Ensure the effective deployment and administration of consistent security policy as directed by Security Architecture and or Network Engineering.

Major Activities:
• Work very closely with the Network Engineering Group and or Security Architecture to ensure seamless, integration of new security guidelines, policies and security systems throughout the Network.
• Provide rigorous testing for new network security and access tools, hardware to ensure a resilient and intrusion proof network.
• Provide technical security implementation leadership within Network Services on firewalls and other intrusion detection systems ensure eliminate network vulnerability.
• Provide administrative support and maintenance on Checkpoint Firewall-1 as required.
• Provide administrative support and maintenance for DNS as required.
• Provide administrative support for Security Reviews, Vulnerability Assessments, Threat and Risk Assessments.
• Provide administrative support for Security Audits, Penetration Testing and Analysis and Intrusion Detection.
• Provide administrative support and maintenance on Bluecoat Proxy servers as required.
• Implementation and Support of Firewalls, PKI, VPN, IDS, Security Policies, Procedures and Handbooks.
• Support the Internet and E-commerce environment to include maintenance of the Firewall (DNS, Proxies and Security).
• Provide administrative support for restricted users’ access to the Internet; and vice versa.
• Responsible for security intrusion / worm attack prevention, determination, and resolution to prevent and minimize impact to the production.
• Responsible for immediate response to events (i.e. attacks) and complex network security and IPSec problems as they occur.
• Accountable for evaluating, implementing complex security-based network hardware and associated software tools-sets as required, on a project-by-project basis, i.e. Complex IMACs.

Physical Demands/Work Conditions:
• Ability to be on-call at any time to immediately respond to a security intrusion incident or worm/virus attack
• Continuous learning within an IT environment

Requirements:

Knowledge Work Experience:

• Minimum 7 years experience supporting an extensive multi-vendor network (LAN/WAN/MAN) environment.
• Degree (or equivalent) in a discipline relevant to the demands of the position (i.e. Computer Science).
• Certified CISCO router engineer: CCNA, CCNP, CCDA, CCDP (one or more or combination thereof preferred)
• Specialized Cisco Certification: CCIE-Security, CISSP (preferred)
• Ability to demonstrate a superior insight and skills adeptness on specialized network security technology or policy such as (but not limited to):
1. Access (User-based) Security
2. Distribution Layer Restriction policies on propagation of certain addressing.
3. Core Layer firewalls (Checkpoint, PIX) for perimeter Security
4. Intrusion Detection (IDS)
5. Secure VPN Tunneling
6. Security: Advanced knowledge of VPN-1 and FW-1 (PIX, Checkpoint, Nokia Platforms)
7. Network Security Engineering (Policies, Proxies, Authentication, etc)
8. DNS support knowledge
9. Authentication, Encryption, and General Access (passwords, restrictions, etc…)
• Ability to demonstrate extensive knowledge of security policy, guidelines, platforms
• Demonstrate excellent abilities in the areas of performance diagnostic and analytical skills pertaining to security issues
• Demonstrate excellent organizational, interpersonal, project leadership.
• Excellent written and verbal communication skills coupled with a strong orientation towards customer service.


Experience with the following technologies:
• Cisco AVVID: Cisco CSSs, SANs, Wireless, VoIP, etc
• Remote access: Cisco Systems (Cisco 2509 and 2511 Communication servers); VPN infrastructures (TACACS, Radius, ACE Server); design, deployment, and troubleshooting
• DNS: Maintain DNS zones, maintain DNS zone data: maintain Infoblox platform - ensure correct functionaly of Infoblox platform
- upgrade/patch Infoblox appliances
• Wireless: 802.11x wireless policy and security encryption (including, VPN Tunneling); Cisco Aironet Access Points; and wireless technology in general.
• Analysis tools: Network Associates Sniffer Technologies (DSS RMON Pro; Portable), Netcom Systems, Cisco Systems, Shomiti Systems, LANanalyzer, ZDnet Benchmark Tools, and NetIQ
• Operating Systems: Sun SOLARIS/SunOs, HP-UX, and IBM AIX UNIX workstations

Knowledge Transfer:
• Ability to disseminate knowledge to other Specialist Team members and Command Centre Network Support Team members (pier-level communication and knowledge transfer)
• Ability to interact and collaborate with senior-level engineering and architecture staff members on concepts, planning, and new technical policies and procedures.

Skills:
Accountability
Agile/Adaptable
Analytic/Systematic Thinking
Building Trust
Conceptual Thinking
Confident
Initiative
Problem Solving & Decision Making
Results Orientation
Service Orientation
Teamwork & Partnering

Degree (or equivalent) in a discipline relevant to the demands of the position (i.e. Computer Science)
Certified CISCO router engineer: CCNA, CCNP, CCDA, CCDP (one or more or combination thereof preferred).
Specialized Cisco Certification: CCIE-Security, CISSP (preferred)

Must Have:
Experience with PIX/Nokia Checkpoint firewalls - 5 years
Experience working with DNS - 5 years
Experience working with proxy - 5 years

By Email: kelly.mccormick@soroc.com