Network Security Engineer

Network Security Engineer (VPN & Firewall Modernization)

Location: 10850 White Rock Road, Rancho Cordova, CA 95670

Duration: 6 Months

Role Overview This role supports the infrastructure modernization of site-to-site IPsec VPN tunnels and the strengthening of firewall access control policies across the enterprise network environment. The contractor will focus on upgrading VPN tunnels from IKEv1 to IKEv2, aligning cryptographic configurations with organizational standards, and improving secure connectivity with external partners. The role will also review and refine Cisco Firepower firewall rules to reduce overly permissive access and enforce least-privilege network security.

Primary Responsibilities

• VPN Modernization: Review ~80 existing site-to-site IPsec VPN tunnels and upgrade ~50 from IKEv1 to IKEv2.

• Cryptography & Security: Ensure VPN configurations align with organizational cryptographic standards and update pre-shared keys (PSKs) to meet a minimum 20-character requirement.

• Firewall Hardening: Review ~10 firewall access control rules on Cisco Firepower. Modify rules to remove overly permissive subnet access and restrict them to required source/destination networks, ports, and protocols (applying the principle of least privilege).

• Implementation & Testing: Validate VPN tunnel functionality after each change. Perform post-firewall validation testing to confirm no service disruptions.

• Coordination: Support the execution of approved maintenance window changes, coordinate cryptographic updates with external partners, and document all changes and validation results.

Required Skills & Experience

• Proven experience managing site-to-site IPsec VPN environments, specifically hands-on migrations from IKEv1 to IKEv2.

• Hands-on experience with Cisco Firepower firewall administration and access control rule management.

• Strong knowledge of cryptographic standards, secure key management, and VPN configuration validation.

• Experience implementing least-privilege network security controls and supporting production change/maintenance windows.

• Experience performing post-change validation, troubleshooting network issues, and coordinating technical changes with internal teams/external partners.

Preferred Qualifications & Certifications

• Cisco CCNA Security or CCNP Security (or equivalent experience).

• CompTIA Security+ or equivalent security certification.

• ITIL Foundation.

• Experience in healthcare or higher education IT environments, and familiarity with large-scale enterprise networks.

Manisha Soy

Sr. Technical Recruiter

Oreva Technologies Inc.

a: 1320 Greenway Drive, Suite 460, Irving, TX 75038

e: