Job Description

Roles & Responsibilities

WAN Security Engineers are required to be certified at the expert level in multiple disciplines of networks and security (e.g. CCNP/CCIE & CISSP). WAN Security Engineers support Enterprise-class network security technologies, which includes network firewalls, web proxy appliances, VPN appliances, Comply to Connect (C2C) and Network Access Control solutions. The WAN Security Engineers are responsible for design, troubleshooting, optimization, administration, change management and technical documentation. The core network technologies include Cisco Firepower Next-Generation Firewalls, Cisco Secure Firewall Management Center (FMC), Menlo Cloud-Based Internet Isolation Solutions (CBII), Forescout Enterprise Manager, and Cisco Identity Services Engine (ISE).

Responsibilities

• Provide enterprise-level customer support for all requests to modify network firewall access-lists; manage access control to all network devices in the theater; troubleshoot and resolve web browsing issues; support requests for services hosted in the demilitarized zones (DMZ).
• Provides network security policy recommendations, project planning, change control, firewall management, and access control list (ACL) management.
• Enforce enterprise security policies.
• Assist with identifying and investigating malicious network activity.
• Ensure that all managed technologies are compliant with current DISA Security Technical Implementation Guides (STIGs).
• Perform regular system maintenance in support of IAVA vulnerabilities and CCRI compliance.
• Create, update and maintain proxy web filtering policies. Analyze logs to look for irregularities and identify miscategorized sites that may need to be blocked.
• Support authentication, authorization, accounting (AAA) & auditing for all network devices and maintain records for accounts in Cisco ISE.
• Support the Comply to Connect (C2C) infrastructure and work with other departments that play a role in the Zero Trust architecture.
• Monitor the status and health of the managed network devices using network monitoring tools.
• Create, update, and maintain detailed network diagrams.
• Create and track network issues/requests using the ServiceNow ticketing system.
• Performs other duties and assignments as required.

Skills and Technology Used:

• Ability to verify that all systems under the direct control of RCC-SWA are properly configured in accordance with the Higher Headquarters, Local, and DISA STIG configuration policies.
• Ability to manage asset documentation for accreditation and authorization.
• Ability to assess networking requirements and provide solutions.
• Ability to make accurate and independent decisions under pressure.
• Ability to successfully execute many complex tasks simultaneously.
• Expert ability to troubleshoot infrastructure equipment.
• Excellent organizational, interpersonal, written, and verbal communication skills
• Ability to perform comfortably in a fast-paced, deadline-oriented work environment.
• Ability to successfully execute many complex tasks simultaneously across departmental boundaries.

Desired Candidate Profile

Qualification

• Requires an active Secret Clearance

Education / Certifications: One year of related experience may be substituted for one year of education if degree is required.

• Bachelors Degree or equivalent experience preferably in Computer Science or MIS, IS, Engineering or related field.
• This position requires candidates to adhere to DoD 8570.01M. All candidates are required to maintain at least one (1) baseline certification and one (1) computing environment (CE) certification. Baseline certifications cannot also be used as a Computing Environment (CE) certification.
• The authorized certifications for this job title are listed as follows:

• BASELINE:
• Cisco: CCNP Security (Cannot be used as a dual qualifier)
• CompTIA: CASP+ ce: Advanced Security Practitioner
• CompTIA: SecurityX ce
• GIAC: GCED: Certified Enterprise Defender
• GIAC: GCIH: Certified Incident Handler
• ISACA: CISA: Certified Information Systems Auditor
• ISC2: CISSP (or Associate): Certified Information Systems Security Professional
• COMPUTING ENVIRONMENT (CE):
• Cisco: CCNP: Certified Network Professional (Any) (Cannot be used as a dual qualifier)
• Cisco CCIE: Enterprise Infrastructure
• Cisco CCIE: Security
• Palo Alto Networks: NGFE: Certified Next-Generation Firewall Engineer

Experience: One year of related academic study above the high school level may be substituted for one year of experience up to a maximum of a 4-year bachelor's degree in a Software Engineering or Business Information Systems discipline for three years general experience.

• Minimum of 10 years of experience working with network and firewall technologies.
• Experience with VPN technologies.
• A high-level ability and aptitude to perform technical, managerial, or analytical work and coordination involving enterprise network equipment & software.
• Platforms including a combination of the following: Cisco Firepower Next Gen Firewall, Cisco Secure Firewall Management Center, Menlo Cloud-Based Internet Isolation (CBII), Forescout Enterprise Manager, and Cisco Identity Services Engine (ISE).
• A solid background with TCP/IP and must be able to troubleshoot all supported network protocols.
• Experience with a customer service-oriented company.