5 months ago
Responsible for the design, testing, evaluation, implementation, support, management, and deployment of security systems/devices used to safeguard the organization's information assets, debugging of security, routing and management of network schemes to meet high level of reliability required to support critical computer applications. Plan and develop security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. Work with management and other personnel, as needed, to identify security needs. Develop and define security standards which incorporate practices, processes, and products for the enterprise in support of the corporate security policies.
- Provide technical expertise and advice on all areas of security technology, including: network security, platform security, authentication/authorization systems, application security, security architecture, policy enforcement, and security frameworks.
- Work with appropriate personnel to create a practical, scaleable, and secure model for enterprise applications, networks, and services.
- Research, evaluate, design, test, recommend, and plan implementation of new and/or improved information security.
- Assist in the review of security policies.
- Proactively protect the integrity, confidentiality, and availability of information processed by and/or in the custody of the organization.
- Assist in developing and maintaining effective disaster recovery plans, processes, and procedures for critical security systems.
- Work with technology group to evaluate, select, install, and configure hardware/software systems to comply with established enterprise security standards and policies.
- Develop technical documentation to support the evaluation, selection, installation, and maintenance of security technology systems.
- Keep abreast of industry trends, emerging technologies and available products/services.
- Develop and document technical practices to comply with Corporate Information Security policies.
- Conduct technical evaluations of IT systems for compliance with Corporate Information Security policies.
*May perform other duties as assigned.
WHAT ARE WE LOOKING FOR:
- BS or BA degree, plus two (2) or more years experience in related field, or any combination or equivalent education, experience, and formal training that allows the candidate to meet the requirements of the job.
- Preferred candidate will have Master's degree in IT or related field, plus five (5) or more years of relevant experience.
- High performing and self-motivated, extensive professional experience in designing, implementing and managing a network, and also in providing network support.
- Strong expertise in the areas of network security and troubleshooting.
- Experience with devices Palo Aalto Network firewalls such as security NAT, Threat prevention & URL filtering.
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
- Experience of cisco routers including ASR 1000 series and cisco catalyst switches including 3650, 9300 series.
- Strong experience in Firewall Technologies, including hands-on experience in providing firewall support, installation and analysis of infrastructure communication.
- Deep knowledge and practical experiences with WAN/LAN/WiFi network technologies, implementation and operation, such as DOCSIS, Cellular LTE, Network Address Translation (NAT), DHCP and TCP-IP.
- Experience with converting VPN rules from Juniper Netscreen over to the Cisco ASA solution.
- Migration from Checkpoint to Palo Alto hardware platform
- Hands on experience of data center environment and implementation of VPC, VDC and ACI Fabric on Nexus 9K ,7K, 5K, & 2K Switches
- Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
- Hands-on experience with TCP/IP, LANs, WANs, and WLANs (Wi-Fi)
- Cisco ASA VPN Concentrators, F5 APM SSL VPN
- Experience with layer 2 security and different kinds of attacks.
- Verify the layer 2 WAN PPP authentication using PAP-CHAP and PPPOE.
- Knowledge of configuring the WAN protocols including HDLC, PPP, Frame Relay.
- Configuring, Administering and troubleshooting the Checkpoint, Palo Alto, and ASA firewall.
- Knowledge of the VPN technology and tunneling protocol including GRE, DMVPN, L2TP, MPLS, IPSec.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
- Upgrading code on Palo Alto firewalls PA5000/3000 and Checkpoint firewalls to meet company security policy.
- Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, Subnetting, also including DNS, WINS, LDAP, DHCP, http, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.
- Remote access and site-to-site VPN administration using Cisco ASA.
- Configured traffic filtering using standard and extended Access-List, Prefix-list, Distribution-list, and Route-map Technique.
- Demonstrated abilities in working with team to deliver projects to clients within specified timeframe and as per specifications.
TECHNICAL SKILLS DETAIL
- Firewalls: PA 3000, PA5000, PA 7080, Cisco ASA, Checkpoint 4800, Checkpoint 5600, Checkpoint 13800,
- Routing: OSPF, BGP (eBGP & iBGP), EIGRP, RIP v1 and v2, Summarization, Redistribution, Static Routing and Dynamic Routing, IPV4, IPV6.
- Security Technologies: Cisco Stealthwatch, Cisco ISE, DMVPN, QRadar, Akamai WAGF
- Switching: VLANs, Dot1Q, VTP, STP, RSTP, VLAN Maps.
- Protocols: TCP/IP, UDP, LAN/WAN, DHCP, DNS, FTP, TFTP, ICMP, SNMP, ARP, HSRP.
- Technologies: GRE, mGRE, ACL, DHCP, DNS, Route map, HSRP, Tunnel.
- Security: ACL, NAT/PAT, VPN, SSH, SSL, GRE Tunnelling, ASA.
- LAN/WAN Technology: Ethernet, DSL, MPLS.
- Tools: Wireshark, Packet Tracer, PUTTY, MS Visio and Service Now.
- Operating System: Palo Alto 7.2, Palo Alto 8.0, Cisco ASA, Cisco MEVO
TECHNICAL/PROFESSIONAL CERTIFICATIONS & SKILLS (PREFERRED)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Network Professional (CCNP)
- Palo Alto Networks ACE