Network Security Engineer – Leidos – Boulder, CO

Job title: Network Security Engineer

Company: Leidos

Job description: DescriptionLeidos is seeking a Network Security Engineer on the NOAA Cyber Security Center contract in Boulder, CO. or Fairmont, WV. This position will be part of a Network Security team which is part of a larger Enterprise Security Services (ESS) team. ESS is responsible for security tools for the NOAA Cyber Security Center as well as supporting 5 Trusted Internet Connection Access Provider (TICAP) sites. An active Secret security clearance is required prior to start.PRIMARY RESPONSIBILITIES:Software/hardware patching and NIST 800-53r5 high-impact security control configurations.Support the NOAA cyber security mission by building, configuring, troubleshooting, and updating the network security capabilities that protect NOAA core networks and information.Plan and perform maintenance and upgrade of Juniper network routers and switches, Gigamon Network Terminal Access Point (TAP), Fortinet firewalls, Palo Alto firewalls, Stealthwatch, remote access systems, and network management systems.Monitor network connectivity and ensure high quality data transmission using standard network tools (ex: Netbrain, Ansible, FortiManager or Nagios)Serve as a liaison with 3rd party vendors and providers and be able to coordinate troubleshooting and provide real time updates via standard collaboration toolsCreate the established network security processes to defend and operate the national NOAA network.Provide direct end user support to a diverse user base ranging from average desktop users to other IT and Information Security ProfessionalsEstablish and maintain standard operating procedures for operations team members.Participate in an on-call rotation to provide emergency support for the corporate network security environment.Provide feedback to team leadership to improve existing solutions so they better meet the business’ needs.Provide technical leadership to mid and junior engineers.Help customers from around the enterprise troubleshoot and resolve their network security related issues.Provide technical support for system upgrades, technical refreshes, or new builds per requirements set by the leadership team as well as functional leads.Be a technical resource for individual projects when his or her knowledge and experience meet the requirements of the project group or task.Provide critical incident response & problem management including root cause of system problems, such as configuration issues resulting in operational performance degradation or system outages, supporting the government with information and advice on the necessary correction actions and/or interim workarounds relative to network security.Provide documentation support for designs, implementations, configurations, knowledge base articles relative to network securityProvide support relative end-user issues regarding all services provided by SEOSupport the project lifecycle for network security projects as well as projects with dependencies on network securityRecommend and develop system solutions ensuring proprietary/confidential data and systems are protected (i.e., system security upgrades, technical refreshes etc,.)Develop and maintain technical documentation and diagrams related to the field communications systems equipment & networksEnsure documentation relative operational procedures, services, etc., are written and centrally accessible and updated as necessaryBASIC QUALIFICATIONS:Bachelor’s degree and 8+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of degree.4+ years of experience in an enterprise network or security environment.Must have network and firewall engineering experience designing, implementation, and maintaining network infrastructure and Layer 2 and 3 networking devices and/or firewall devices such as Juniper, Dell, Cisco, Fortinet, or Palo AltoStrong knowledge of OSI 7-layer model, TCP/IP and common application layer protocolsKnowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)Knowledge of security system design tools, methods, and techniques.Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.Skill in applying and incorporating information technologies into proposed solutionsKnowledge of cybersecurity and privacy principlesExperience providing O&M and engineering support to complex, mission-critical systemsExperience working closely with customers and users to troubleshoot and resolve complex network related issuesAbility to work and brief customers to include senior managementKnowledge of management of classified systems and the required security guidelines associated with secure facilitiesExperience with Information Assurance (IA) hardening and compliance, i.e. DISA STIGs, documentation, etc.Must be able to work collaboratively with other system administrators, system engineers, and network engineers in a team environmentKnowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offsMust be a US Citizen.Must have an active Interim Top Secret or adjudicated Secret to be considered for this role.PREFERRED QUALIFICATIONS:Knowledge of government TICAP implementations and controlsExperience with Implementation and maintenance of Next Generation Firewall Features (Application aware filtering, DNS, IPS, Web filtering, SSL Inspection)Experience with automation tools such as Netbrain, Ansible, XSOAR, Fortimanager, Panorama.Experience with managing SSL, and IPSEC VPN clients and site to site VPNsZTNA experience preferredExperience with Fortinet productsExperience with Palo Alto ProductsDeveloping the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).Network/Cyber Security Training or Certification (ie Security+, Network+, Splunk, FireEye, CCNA, CCIE, etc.)Knowledge of NIST SP 800 53 series or ISO 27000 series documentsUnderstanding of advanced threat detection in an enterprise environmentUnderstanding of malware families, their types, and the threat they poseExperience designing, developing, integrating, implementing, operating, and analysis of cybersecurity technologiesSkill in independently making configuration updates to ensure system availability requirementsStrong problem-solving and analytical skills and demonstrates poise and ability to act calmly and competently in high-pressure and high-stress situationsUnderstanding of accepted security practices, troubleshooting issues, attack vectors and customer supportOriginal Posting Date: 2024-05-06While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.Pay Range: Pay Range $101,400.00 – $183,300.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.#Remote

Expected salary: $101400 – 183300 per year

Location: Boulder, CO

Job date: Thu, 09 May 2024 07:26:18 GMT

Apply for the job now!