Infrastructure Engineer 3
Portland, OR - Added Nov 26th, 2018Apply For this Opportunity Back to Results
Infrastructure Engineer 3
This contract Infrastructure Engineer position with a local utility company supports the implementation of the Demilitarized Zone (DMZ) security in an Internet/intranet environment. Firewalls are the primary protection devices on the company's outward-facing computer environments and are integrated with IPS (Intrusion Prevention Systems) to ensure highly secured web, mail and data activities. Work performed in this position is a balance between operational uptime, security, and technology.
- Administer firewall processes to verify data security.
- Install, test, and configure Firewalls and other DMZ Systems.
- Provide support for Network security operations, performance, and planning.
- Review configuration and lifecycle management concepts of current network services and provide recommendations to the Manager for the acquisition of new or upgraded services.
- Monitor system performance and execute approved preventative maintenance.
- Participate in planning, installing and maintaining network services, such as:
- Forward Proxy Servers (e.g. Websense / Palo Alto)
- Web Connectivity (HTTP/HTTPS)
- Reverse Proxy Servers / Application Delivery Controllers (e.g. Citrix NetScalers/ F5 BIG-IP)
- Encrypted Remote Access and Site-to-Site (VPN)
- Domain Name Server (DNS) – including DNSSec
- Intrusion Prevention Systems (IPS)
- Firewall services (Check Point / Palo Alto / Cisco)
- Provide support in monitoring, troubleshooting and sniffing the DMZ using the firewall and IPS systems.
- Provide network administration by supporting:
- Troubleshooting LAN and WAN components such as routers, hubs, switches, and monitors
- Create network maps and topologies.
- Troubleshoot and monitor network problems; e.g., connectivity failures.
- Assist with the development and implement Manager approved configuration management plans for secure, complex environment.
- Identify the need to upgrade or enhance network component capabilities in response to network problems and deficiencies; e.g., degradation of service.
- Configure Cisco ASA 5500X series appliances.
- Install and Configure Checkpoint / Palo Alto firewalls.
- Install, patch and monitor RHEL 6 or above.
- Using IT and security best practices and established processes, analyze risk of existing and proposed system architectures and their security policies.
- Using IT and security best practices and established processes, document risks and propose risk treatment plans for information systems. Alert Manager of any risks to company Systems.
- Review operating practices and documentation to verify if controls and security measures are adequate. Recommend necessary changes and alert the manager of any concerns.
- Propose updates to technical control standards supporting the various platforms, systems, and environments.
- Conduct vulnerability testing in all environments (development, test, and production). Notify the manager if vulnerabilities are detected.
- Review system logs and monitoring tools for potential incidents. Alert the Manager of any concerns.
- Bachelor of Science Degree in Computer science, Information technology or closely related field is preferred.
- 10 Years of IT Infrastructure Engineering or equivalent experience is required (5 years with a Bachelor’s Degree as specified above).
- 5 Years Network Firewall Administration experience in an enterprise environment (Combined experience with Check Point or Palo Alto Firewalls and Cisco ASAs.).
- Candidate’s past experience must include work in hands-on technical implementation of networks and systems.
- Network, firewall, and IPS design, principles and concepts as implemented in a fault tolerant, centrally managed infrastructure.
- Network topology concepts in a routing schema.
- Firewall configuration, rule installation & troubleshooting, and access reporting concepts and practices.
- Intrusion Prevention System concepts, and practices.
- Network operation and maintenance concepts and methods.
- Network architecture principles and concepts and Network management tools.
- LAN and WAN development principles and methods.
- Cisco ASA 5500X series appliances.
- Unix/Linux command line experience (BASH).
- Ability to perform analysis of in-place technical and non-technical security controls protecting information and information systems.
- Ability to clearly communicate results of discussion, artifacts, and recommendations.
- Knowledge of security incident handling, response, and follow-up.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.
Job ID: AE2722471126