The purpose of the position is to design, configure, test, implement, monitor, and maintain the NCDOT computer network security infrastructure, primarily NCDOT Cisco ASA firewalls. The candidates primary task will be to install and make configurations to firewalls to comply with PCI-DSS, State, NCDOT security standards, state auditing and industry best practices. Candidate must be proficient in advanced Cisco ASA configuration, deployment and operational support and be familiar with the latest Cisco ASA hardware, operating system versions and functionality. Candidate must have experience and ability supporting a large quantity (250+) of Cisco ASA firewalls in the field. Candidate will assist the Network Services Team providing advanced technical production configuration and support primarily for firewall services. The candidate will interact with employees at all levels in all DMV and other DOT offices across the state as needed to implement network security solutions and provide an advanced point of escalation for network security issues.
Knowledge, Skills, and Abilities Requirements:
• Advanced experience with enterprise and data center security policy design and deployment using Cisco ASA firewalls, specifically Cisco ASA appliances and HA (high availability active/standby) environments. 2+ years advanced level hands-on experience.
• Proficient operational configuration and support of site-to-site VPN solutions using Cisco ASA firewalls.
• Proficient operational support of Cisco ASA firewall operating system upgrades, specifically to ASA IOS version 8.4 and beyond.
• Moderate familiarity with current network technologies and equipment, particularly data center LAN and WAN environments.
• Experience with structured change management processes.
• Ability to manage tasks and meet schedules.
• Experience supporting security compliance with PCI-DSS
• Experience with sourcefire and FTD
• Must have excellent customer service and teamwork skills.
• Willingness to work overtime and weekends as needed.
• Willingness to accommodate occasional regional travel.
• A minimum of 5 years direct hands-on experience with Cisco ASA firewall products.
• Prefer experience with Firemon.
• Prefer experience with QRadar.
• Currently active CCNA, CCNP, CCSP, or CISSP certifications, expiration within past 2 years.
• Currently active CCIE (Cisco Certified Internetworking Expert) Security certification, or expiration within past 5 years.
Required / Desired
Enterprise Cisco Firewall (ASA) configuration and troubleshooting experience
Enterprise VPN configuration and troubleshooting experience
Enterprise hands-on experience with Cisco LAN switching and routing products experience
CCNA, CCNP, CCIE
Enterprise SourceFire / FireSight IPS management experience
Experience with Qradar and Firemon
Nice to have