Network Security Firewall Engineer - IoT - ITmPowered
The Network Security Firewall Engineer focuses on firewall solution deployment for IoT and Medical Devices enterprise wide. Administer, configure, test, deploy, and maintain network security and access control platforms for hundreds of thousands of Medical Devices, IoT / OT devices. Work will focus on nextgen firewalls, distributed firewalling, micro segmentation, network policy distribution, host / device access controls.
- Administration of Network Security platforms micro segmentation distributed firewalling solution design.
- Explore and implement network security and access management software solutions at various layers and devices, including kernel modules, distributed control planes & agents, management APIs, and user facing Medical devices and IoT platforms.
- Administration on firewalls, routers, switches, servers, to secure Medical Devices and Internet of Things (IoT).
- Assess requested security policy changes, process firewall change requests, update URL / DNS (block) lists.
- Support includes, installation, configuration, integrations, troubleshoot and performance tuning.
- Technical knowledge of networks, firewalls and network segmentation.
- Ensure readiness of new security capabilities and feature upgrades in inline network security products.
- Create playbooks for security procedures, document security configurations, and communicate best practices
Requirements :
6-10 years' experience in Networking, Network Security, Cybersecurity,5 years in enterprise firewalls and secure design (DMZ's, ACL's, NAT / PAT, ssl-offloading & traffic inspection)Networking (Security). Industry-level expertise in any of the following networking (security) aspectsNetwork security platforms, including segmentation, ACLs, DPI, DDoS protection. Examples include : Software : iptables, ipsec, VPN, IDS, firewall management platforms, ACL compilers and tooling. Hardware : switch ACLs, stateful firewalls, network segmentation, security zones
OSI model and debugging network trafficNetworking protocols (TCP / UDP, BGP, DNS, DHCP)Familiarity in firewall solutions in Zero-Trust, Network Admission Control, microsegmentation, microfirewalls, macrosegmentation, VRF, microsegmented traffic, virtual networks, or Identity Defined Networks (IDN).Proven expertise in implement enterprise firewall solutions (Cisco ASA, Palo Alto, Check Point, etc.)Experience maintaining firewall appliances and firewall rulesExperience in firewall and / or security platform design and implementation.Familiarity in configuring and utilizing network protection components. (e.g., Firewalls, VPNs, IDS / IPS, etc.)Strong knowledge of networking concepts, including topology, IP networking, protocols, components, and principles. (e.g., L2 switching protocols, L3 routing protocols, BGP)Security : Strong knowledge in security fundamentals : authentication / authorization frameworks (SSO, SAML, Oauth), secure transport (e.g., SSL, TLS), identity management (e.g., certificates, PKI)VMs / Containers. Familiarity with VMs / containerization (e.g., OpenStack, Docker, Kubernetes)Linux & Windows security hardening expertise and Syslog / monitoring and alerting.Excellent understanding of managing Cybersecurity Risk.Network Security certifications. (CCSA, CCSE, PCNSE, PCSAE, CCNP) can prove equal skills during an interview.Cyber Security Certification desired : CISSP, CISM, CISA, OSCP, ETH, CCSP and / or other designationsExperience in the creation of technical diagrams and technical presentations.LOGISTICS :
Local Denver resources only. No relocation provided.Will be remote primarily but must be able to come into DTC office periodically after COVID Abates.COVID-19 - Must be fully vaccinated OR provide medical or religious exemption.W2 only - No sub vendors. Sponsorship NOT available. Must have direct contact information on resume to apply.You will need to be a US Citizen, and with the ability to obtain US Government TOP SECRET clearance, as well as successfully pass a 12 panel drug screen and 10 year background check, in order to meet eligibility requirements for access to classified information.
