This job description is for a Senior Network Security Engineer to be located at the Advance Auto Parts office in Raleigh, NC.  This is an implementation engineering role with escalation support engineering and low-level design, implementation & warranty phases of projects 

Desired Skills 

• Solid communication skills.  The ability to translate end-user concerns to technical needs for communication within team or with other IT teams. 

• Good collaboration skills, within team and with others.  The engineer must have the ability to work with others in a collaborative way, sharing his/her ideas/opinions. 

• Experience managing the Akamai content delivery and web application firewall platform. 

• Knowledge of IP address management, including management of IP address blocks and DHCP. 

• Experience with the creation and maintenance of DNS records and DNS zones. 

• Knowledge of DNSSEC and secure zone transfers. 

• Knowledge of modern cloud technology components and deployment patterns.  

• Understanding of and experience with Palo Alto firewalls and the Panorama or Strata Cloud Manager management platforms. 

• Knowledge of public key infrastructure (PKI) and certificate lifecycle management. 

• Solid understanding of firewalls, VPNs, IDS/IPS, and security event analysis. 

• Proficient in the configuration, implementation and troubleshooting of Network Access Control Lists, Network IPS Filtering Policies, Internet Access Web-Filtering Policies, Network Access Endpoint Posture and Profile Policies, VPN Client and Point-to-Point technologies, and Network Authentication Services (AAA). 

• The ability to understand IPv4 networks and subnet masks and calculate CIDR boundaries. 

• Understanding of Cisco Routing and Switching including VLANs, Ethernet, WANs, LANs, Spanning Tree, Port Channels, and industry best practices 

• Familiar with different desktop operating systems and tools used by an IT professional. 

• Ability to effectively use Network Monitoring tools to isolate and diagnose problems proactively. 

• Ability to use industry standard tools and learn Advance Auto Parts specific tools to understand and diagnose issues with the network. 

• Ability to understand the 7 layers of the OSI network model. 

• Able to identify and document the root cause of network issues and outages, as well as recommended after-action changes to prevent further recurrence. 

• Able to open a support case and work with vendor TAC services to resolve open issues. 

• Can work independently on multiple projects or tasks. 

Primary Responsibilities 

• Acts as a subject matter expert (SME) for security tools, applications and processes, including, but not limited to, Akamai, DNS, DHCP, Palo Alto firewalls, AppViewX, Cisco ISE, and Palo Alto's Prisma platform with primary responsibility with Akamai and DNS and DHCP. 

• Configure and manage Akamai services, including Content Delivery Network (CDN), Web Application Firewall (WAF), and DNS.  

• Optimize Akamai settings for performance, security, and cost-effectiveness.  

• Implement Akamai caching strategies and rules to improve website performance and reduce server load. 

• Monitor the performance and health of DNS and DHCP services, addressing issues promptly 

• Generate regular reports on DNS and IP address utilization 

• Assist in auditing DNS and IPAM configurations to identify and mitigate risks 

• Provide technical support and troubleshooting for DNS, DHCP, and IPAM-related issues 

• Identify and resolve security issues across the on-premise and cloud infrastructure. 

• Collaborate with Product Managers, Platform Leads, and Information Security teams, to design and implement cloud security solutions. Collaborating with IT and development teams to ensure cloud solutions are securely integrated with existing software and infrastructure 

• Work closely with functional area architects, engineering, and security specialists throughout the company to ensure adequate security solutions and controls are in place throughout all IT systems, cloud systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements 

• Regular network service and infrastructure lifecycle maintenance planning and activities. 

• Communication with incident manager or problem manager for major incidents, including drafting and submitting IT Incident Reports. 

• Escalation of requests or tickets that are not resolved within existing processes. 

• Taking ownership of any P1 ticket with no immediate resolution defined. 

• Regular check-in on P1 and P2 priority tickets.  Comfortable with recognizing and reprioritizing up or down based on defined prioritization guidelines. 

• Diagnose and troubleshoot Infrastructure issues (WAF, Network Firewall, IPS/IDS, Network Access Control technologies, VPN, and AAA Services) quickly and efficiently. 

• Configuration and management of Akamai Web Application Firewalls, Palo Alto Firewalls, Network Access Control technologies, VPN, and AAA Services. 

• Ongoing support process development and improvement. 

• Engagement with vendors for system operation, detailed design, and best practices evaluation regarding project initiatives and escalated incidents or problems. 

• Develop and maintain documentation and diagrams for security tools, system environments, and cloud operations. 

• Be available for after-hours support and participate in an on-call rotation.