Job Description
We are looking for a Firewall Engineer with project lead experience and hands-on engineering experience. The Firewall Engineer will be responsible for the engineering, implementation, and support of security solutions for the State of Maryland DoIT Security Operations Center (SOC) with a special focus on enterprise firewall systems.
This role will be responsible for performing the following tasks:
Duties and Responsibilities:
• Gap assessment and analysis of security solutions and recommendation of improvement initiatives.
• Implementation of scalable, redundant, and reliable firewall solutions.
• Security hardening firewall configurations.
• Configuration management and control of architectural/design/functional configuration changes to firewalls.
• Firewall brake-fix troubleshooting, root cause analysis, and support.
• Firewall patch/upgrade monitoring, reviews, maintenance scheduling and deployment.
• Management of firewall operational and security audits logs.
• Definition, development, and configuration of firewall security and operational alerts, dashboards, and reporting.
• Monitoring firewall operation and security alerts and dashboards.
• Defining, implementing, and monitoring process/procedures for maintaining the lifecycle firewall policies and rules.
• Configuration, maintenance, and support of additional firewall services such as URL filtering, Malware Sandboxing Analysis, Threat Intelligence Feeds, Threat Prevention, User ID etc.
• Provide firewall log correlation support for emerging and retroactive security incident investigations.
• Support the integration with other security tools such IDS/IPS, SIEM, NACs, VPN etc.
• Define requirements and develop roles-based Standard Operating Procedure (SOPs) documents.
Education and Years of Experience:
• At least 6-8 years of hands-on experience in Network Engineering/Architecture.
• At least five (5) years of technical experience in architecture, design, implementation, and support of firewall technologies.
• Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline.
Required Skills/Certifications:
• Must have current Palo Alto Networks Certified Network Security Engineer (PCNSE) certification or hands-on experience implementing Palo Alto Advanced/NextGen features to include App-ID, User-ID, Content-ID, URL Filtering, Threat Prevention, Wildfire, Virtual Wire, Virtual System (VSys), Global Protect, NAT Policies, Security Profiles, Inbound SSL Decryption, Outbound SSL Decryption (SSL Forward Proxy), File Blocking, and Data Filtering
• Hand-on experience with Palo Alto Panorama for centralized management of PANOS firewalls
• Self-starter, able to gather requirements, plan, execute firewall architecture and deployment efforts.
• Able to perform gap analysis and initiate and execute architectural improvements.
• Strong demonstrated experience with network security architecture, design, and implementation best-practices i.e., Defense-in-depth architecture, knowledge of emerging Zero Trust architecture.
• Hands-on experience with firewall architecture, design, and implementation.
• Hands-on experience with operational and security hardening configuration for firewall solutions.
• Hands-on experience with configuration management and change control for firewall solutions.
• Demonstrated experience with networking and switching protocols and infrastructure services, able to troubleshoot and identify DNS, DHCP, Wi-Fi protocols, NTP, SNMP, routing, switching, and firewall issues affecting connectivity of applications and services.
• Must have working knowledge and understanding of network infrastructure components such as Routers, Switches, IDS, IPS, NAC, VPN Gateways, Wireless APs etc.
• Customer-oriented with excellent issue follow-through and resolution abilities.
• Outstanding leadership and organizational skills.
• Utilize tools and analytical skills to plan and execute technical changes.
• Excellent written and oral communication, and presentation skills.
• Ability to effectively work both autonomously as well as on a team.
• Outstanding interpersonal skills, strong work ethic, self-motivated and excellent presentation skills. Desired Skills/Certifications:
• Hands-on experience with Juniper firewalls
• CISSP, CompTIA Security +, CCNA/CCNP Security, Juniper JNCIP-SEC or relevant industry security certifications
• Cisco CCNA or CompTIA Network + or relevant networking industry certifications
• Experience in project task technical analysis, planning, and estimation
• Experience with technology capabilities market research, technical analysis/review, and recommendation.
State of Maryland - SNMS DOIT- Office of Security Management
Location: 100 Community Pl, Crownsville, MD 21032 Crownsville, Maryland 21032
Min. Citizenship Status Required: U.S Citizenship.
Physical Requirement(s): None
Benefits: Full benefit package included with salary/W2.
Clearance Type: Fingerprints