Network Security Engineer

Job Description

Experience:

A Minimum of 4 years in the Financial Industry, preferably in a Trading environment, is required for this position. The candidate must have experience in the Architecture, Design, Implementation, and Maintenance of Trading-related Network infrastructure, such as: Market Data Distribution Networks, low-latency, ultra-low-latency and high frequency trading networks. The candidate must have the relevant knowledge and experience with Network Security systems in a financial trading environment, including the Architecture, engineering, implementation and operations of the different aspects of Network Security in a financial trading environment.

General Competency:

The candidate must be highly motivated.

Willing to work in a fast-paced, constantly changing environment.

The candidate must have good communication skills.

The candidate must be customer focused.

Ability to work effectively and productively with others, and still comfortable working independently.

Core Technical Competency:

Architect, Design, Implement, and Troubleshoot Networks for different needs in the financial industry.

A solid background designing, managing, and troubleshooting diverse multi-protocol, switched and routed enterprise networks.

Expert level knowledge of Firewall technology – including Architecture, design, implementation, operations, and troubleshooting.

The candidate must be very comfortable configuring firewall rules and policies for both client connectivity and other security requirements of the network.

Ability to analyze firewall logs and policies to troubleshoot client connections, and other network related security issues on the network.

Ability to be able to troubleshoot network connectivity issues with both external and internal clients.

The candidate would Jointly work with the Security Architecture Manager to perform weekly pre and post implementation review of security operational activities.

Review active firewall policies and proposed changes for insecure rule sets and coordinate with the customer to ensure rules will support intended objectives

Work with the Security Architecture Manager and the Network Manager to track the progress of assigned projects and tasks to ensure SLA compliance.

Ability to handle complex network engineering assignments with little supervision.

Analyze and resolve network issues or as determined by monitoring tools and systems.

Respond to Trouble Tickets and perform scheduled activities related to network security.

The candidate must be good at documentation in general. Competent with working with network diagrams using Microsoft Visio.

Expert level knowledge and experience with BGP and other routing protocols to be able to design and implement various connectivity solutions to clients, vendors, and the management of the Trading network environment.

Strong ability to use packet tracing technologies to troubleshoot network issues.

Strong knowledge of TCP, UDP, and higher layer protocols in order to understand application performance and troubleshooting application issues on the network.

Create and maintain network device configurations and relevant databases.

Specific Technology Expertise:

Strong and extensive knowledge of complex protocols and technologies:

Routing Protocols:

BGP, OSPF, EIGRP, Static Routing, route-redistribution, summarization, Policy-Routing. Firewall Architecture, design, configuration, operations and Troubleshooting.

Switching:

Trunking, spanning- tree, dot1q, VLANs, VTP, Ethernet switching, multi-layer switching, vPC, MLAG.

Multicast:

PIM, IGMP, MSDP

Network Services:

TCP/IP, UDP, HSRP, DNS, DHCP, FTP, TFTP, NAT, TACACS, SSH, NTP, SYSLOG, TELNET,

Network Management/Automation:

SNMP, SYSLOG, IPSLA, NETFLOW, Network Telemetry, and Network automation tools.

Security:

IPSEC, VPNS, Firewalls and Firewall Management and Analyzer systems, IDS systems,

Packet Analysis:

PICO CNEs, Wireshark, sniffers, packet captures, and packet decodes, Market Data packet decodes, FIX packet decodes.

Vendor specific technology expertise:

Cisco and Arista switching and routing platforms.

Fortinet Firewalls and FortiManager.

Juniper, Cisco, and Checkpoint Firewall and security solutions.

PICO/Corvil Packet capture devices and management platforms.

SevOne SNMP Management system.

HPNA Network Automation system.

Education:

A minimum of a bachelor’s degree is required.

Industry Certifications:

Cisco, Arista, Juniper or Fortinet Certifications in Network Security will be a big plus

Accomplishments:

Candidates should provide some key job-related accomplishments in their current or previous roles.