Network Security Engineer
Information Security – Network Security Engineer
The Network Security Engineer is a technical expert concerned the security controls and tools associated with all network systems. With a focus on physical, virtual, and cloud network operations, the Network Security Engineer envisions, designs, specifies, implements, monitors, and improves upon those controls; ensuring alignment with governing standards (NIST, ISO27001) and compliance with regulatory requirements (SOC, PCI, CCPA). The Network Security Engineer also fosters automated integration and interoperability across multiple vendors’ security appliances; this integration is not just between those appliances that are deployed within Freedom Financial Network production systems, but also between those internal devices connected to outside parties.
Responsibilities and Duties:
- Responsible for Firewalls, IPS/IDS, Proxies, URL Filtering, IP Whitelist/Blacklisting, Geo-fencing, DDoS protection, VPNs, and other perimeter security technologies for both physical and cloud operations.
- Designs, specifies, programs, deploys, and fine-tunes capabilities that analyzes network traffic and other recorded activity, to detect unauthorized or suspicious activity such as data exfiltration, command and control signatures, lateral movements, and trigger automated remediation responses.
- Management of network access control systems and policies, ensuring that only authorized devices and users are able to access their approved networks, including access to the network devices themselves.
- Supports other members of the Information Security Team when assistance with network technologies is needed or could be better leveraged.
- Responsible for ensuring the integrity of network device logging to the centralized logging platform.
- Provides second line support to Operations teams on matters of security controls.
- Fine-tunes the existing network security monitoring systems so that false positives and false negatives are minimized, and so that both accurate and useful information is being actioned
- Works with the other technical staff who monitor information system activities, to ensure appropriate data points are monitored, that appropriate alert thresholds are set and responses defined, and that data collected is useful to providing threat/landscape status reports.
- Performs product evaluations for those information security systems that are being seriously considered for use on Freedom Financial Network production information systems
- Performs post-mortem analysis with logs, network traffic flows, and other recorded information to identify intrusions by unauthorized parties, as well as unauthorized activities of authorized users
Qualifications and Education Requirements:
- The desire to LEARN and GROW as part of a TEAM
- Bachelor's degree preferred
- 5 + years of enterprise network and security experience with a heavy emphasis on the Cisco security stack
- Network management in VMware environments, and cloud-hosted operations (AWS, GCP)
- Ability to identify problems, analyze data and present conclusions effectively
- Knowledge of frameworks, standards, and best practices (i.e. NIST, OWASP, PCI, ISO, COBIT,)
- CCIE/CCNP Security, CISSP, CEH, CISM or similar certifications
- Critical Thinking -- Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
- Active Listening -- Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
- Writing -- Communicating effectively in writing as appropriate for the needs of the audience.
- Skilled at communicating and prioritizing threats and vulnerabilities to a diverse audience, and be able to confidently express and assist with proper remediation methods