Network Security Engineer

Description

Leidos is seeking a Network Security Engineer on the NOAA Cyber Security Center contract in Boulder, CO. or Fairmont, WV. This position will be part of a Network Security team which is part of a larger Enterprise Security Services (ESS) team. ESS is responsible for security tools for the NOAA Cyber Security Center as well as supporting 5 Trusted Internet Connection Access Provider (TICAP) sites. An active Secret security clearance is required prior to start.

PRIMARY RESPONSIBILITIES:

Software/hardware patching and NIST 800-53r5 high-impact security control configurations.

Support the NOAA cyber security mission by building, configuring, troubleshooting, and updating the network security capabilities that protect NOAA core networks and information.

Plan and perform maintenance and upgrade of Juniper network routers and switches, Gigamon Network Terminal Access Point (TAP), Fortinet firewalls, Palo Alto firewalls, Stealthwatch, remote access systems, and network management systems.

Monitor network connectivity and ensure high quality data transmission using standard network tools (ex: Netbrain, Ansible, FortiManager or Nagios)

Serve as a liaison with 3rd party vendors and providers and be able to coordinate troubleshooting and provide real time updates via standard collaboration tools

Create the established network security processes to defend and operate the national NOAA network.

Provide direct end user support to a diverse user base ranging from average desktop users to other IT and Information Security Professionals

Establish and maintain standard operating procedures for operations team members.

Participate in an on-call rotation to provide emergency support for the corporate network security environment.

Provide feedback to team leadership to improve existing solutions so they better meet the business' needs.

Provide technical leadership to mid and junior engineers.

Help customers from around the enterprise troubleshoot and resolve their network security related issues.

Provide technical support for system upgrades, technical refreshes, or new builds per requirements set by the leadership team as well as functional leads.

Be a technical resource for individual projects when his or her knowledge and experience meet the requirements of the project group or task.

Provide critical incident response & problem management including root cause of system problems, such as configuration issues resulting in operational performance degradation or system outages, supporting the government with information and advice on the necessary correction actions and/or interim workarounds relative to network security.

Provide documentation support for designs, implementations, configurations, knowledge base articles relative to network security

Provide support relative end-user issues regarding all services provided by SEO

Support the project lifecycle for network security projects as well as projects with dependencies on network security

Recommend and develop system solutions ensuring proprietary/confidential data and systems are protected (i.e., system security upgrades, technical refreshes etc,.)

Develop and maintain technical documentation and diagrams related to the field communications systems equipment & networks

Ensure documentation relative operational procedures, services, etc., are written and centrally accessible and updated as necessary

BASIC QUALIFICATIONS:

Bachelor's degree and 8+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of degree.

4+ years of experiencein an enterprise network or security environment.

Must have network and firewall engineering experience designing, implementation, and maintaining network infrastructure and Layer 2 and 3 networking devices and/or firewall devices such as Juniper, Dell, Cisco, Fortinet, or Palo Alto

Strong knowledge of OSI 7-layer model, TCP/IP and common application layer protocols

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)

Knowledge of security system design tools, methods, and techniques.

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Skill in applying and incorporating information technologies into proposed solutions

Knowledge of cybersecurity and privacy principles

Experience providing O&M and engineering support to complex, mission-critical systems

Experience working closely with customers and users to troubleshoot and resolve complex network related issues

Ability to work and brief customers to include senior management

Knowledge of management of classified systems and the required security guidelines associated with secure facilities

Experience with Information Assurance (IA) hardening and compliance, i.e. DISA STIGs, documentation, etc.

Must be able to work collaboratively with other system administrators, system engineers, and network engineers in a team environment

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs

Must be a US Citizen.

Must have an active Interim Top Secret or adjudicated Secret to be considered for this role.

PREFERRED QUALIFICATIONS:

Knowledge of government TICAP implementations and controls

Experience with Implementation and maintenance of Next Generation Firewall Features (Application aware filtering, DNS, IPS, Web filtering, SSL Inspection)

Experience with automation tools such as Netbrain, Ansible, XSOAR, Fortimanager, Panorama.

Experience with managing SSL, and IPSEC VPN clients and site to site VPNs

ZTNA experience preferred

Experience with Fortinet products

Experience with Palo Alto Products

Developing the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Network/Cyber Security Training or Certification (ie Security+, Network+, Splunk, FireEye, CCNA, CCIE, etc.)

Knowledge of NIST SP 800 53 series or ISO 27000 series documents

Understanding of advanced threat detection in an enterprise environment

Understanding of malware families, their types, and the threat they pose

Experience designing, developing, integrating, implementing, operating, and analysis of cybersecurity technologies

Skill in independently making configuration updates to ensure system availability requirements

Strong problem-solving and analytical skills and demonstrates poise and ability to act calmly and competently in high-pressure and high-stress situations

Understanding of accepted security practices, troubleshooting issues, attack vectors and customer support

Original Posting Date:

********

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $101,400.00 - $183,300.00

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Remote

REQNUMBER: R-********

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an equal opportunity employer/disability/vet.