Firewall Engineer

Job Description

We are looking for a Firewall Engineer with project lead experience and hands-on engineering experience. The Firewall Engineer will be responsible for the engineering, implementation, and support of security solutions for the State of Maryland DoIT Security Operations Center (SOC) with a special focus on enterprise firewall systems.

This role will be responsible for performing the following tasks:

Duties and Responsibilities:

• Gap assessment and analysis of security solutions and recommendation of improvement initiatives.

• Implementation of scalable, redundant, and reliable firewall solutions.

• Security hardening firewall configurations.

• Configuration management and control of architectural/design/functional configuration changes to firewalls.

• Firewall brake-fix troubleshooting, root cause analysis, and support.

• Firewall patch/upgrade monitoring, reviews, maintenance scheduling and deployment.

• Management of firewall operational and security audits logs.

• Definition, development, and configuration of firewall security and operational alerts, dashboards, and reporting.

• Monitoring firewall operation and security alerts and dashboards.

• Defining, implementing, and monitoring process/procedures for maintaining the lifecycle firewall policies and rules.

• Configuration, maintenance, and support of additional firewall services such as URL filtering, Malware Sandboxing Analysis, Threat Intelligence Feeds, Threat Prevention, User ID etc.

• Provide firewall log correlation support for emerging and retroactive security incident investigations.

• Support the integration with other security tools such IDS/IPS, SIEM, NACs, VPN etc.

• Define requirements and develop roles-based Standard Operating Procedure (SOPs) documents.

Education and Years of Experience:

• At least 6-8 years of hands-on experience in Network Engineering/Architecture.

• At least five (5) years of technical experience in architecture, design, implementation, and support of firewall technologies.

• Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline.

Required Skills/Certifications:

• Must have current Palo Alto Networks Certified Network Security Engineer (PCNSE) certification or hands-on experience implementing Palo Alto Advanced/NextGen features to include App-ID, User-ID, Content-ID, URL Filtering, Threat Prevention, Wildfire, Virtual Wire, Virtual System (VSys), Global Protect, NAT Policies, Security Profiles, Inbound SSL Decryption, Outbound SSL Decryption (SSL Forward Proxy), File Blocking, and Data Filtering

• Hand-on experience with Palo Alto Panorama for centralized management of PANOS firewalls

• Self-starter, able to gather requirements, plan, execute firewall architecture and deployment efforts.

• Able to perform gap analysis and initiate and execute architectural improvements.

• Strong demonstrated experience with network security architecture, design, and implementation best-practices i.e., Defense-in-depth architecture, knowledge of emerging Zero Trust architecture.

• Hands-on experience with firewall architecture, design, and implementation.

• Hands-on experience with operational and security hardening configuration for firewall solutions.

• Hands-on experience with configuration management and change control for firewall solutions.

• Demonstrated experience with networking and switching protocols and infrastructure services, able to troubleshoot and identify DNS, DHCP, Wi-Fi protocols, NTP, SNMP, routing, switching, and firewall issues affecting connectivity of applications and services.

• Must have working knowledge and understanding of network infrastructure components such as Routers, Switches, IDS, IPS, NAC, VPN Gateways, Wireless APs etc.

• Customer-oriented with excellent issue follow-through and resolution abilities.

• Outstanding leadership and organizational skills.

• Utilize tools and analytical skills to plan and execute technical changes.

• Excellent written and oral communication, and presentation skills.

• Ability to effectively work both autonomously as well as on a team.

• Outstanding interpersonal skills, strong work ethic, self-motivated and excellent presentation skills. Desired Skills/Certifications:

• Hands-on experience with Juniper firewalls

• CISSP, CompTIA Security +, CCNA/CCNP Security, Juniper JNCIP-SEC or relevant industry security certifications

• Cisco CCNA or CompTIA Network + or relevant networking industry certifications

• Experience in project task technical analysis, planning, and estimation

• Experience with technology capabilities market research, technical analysis/review, and recommendation.

State of Maryland - SNMS DOIT- Office of Security Management

Location: 100 Community Pl, Crownsville, MD 21032 Crownsville, Maryland 21032

Min. Citizenship Status Required: U.S Citizenship.

Physical Requirement(s): None

Benefits: Full benefit package included with salary/W2.

Clearance Type: Fingerprints