Senior engineer/administrator responsible for network and data security applications at the enterprise and strategic departmental levels, including Firewall/IDS/IPS, VPN, SIEM, Antivirus/Malware, Vulnerability Management, Encryption, and others. Participates in supporting access and authorization infrastructures and lifecycles including SSO, PKI, MFA, NAC and other wireless security technologies. Coordinates activities of outsourced NOC/SOC teams, including incident response.
Secondary responsibilities include network management/engineering, ensuring that all network infrastructure components are properly designed and functioning within the security framework. This includes wireless network configuration and analysis of signal performance tuning data as well as security analysis of core/distribution/access layers of the enterprise wired network. Builds/manages wireless networks for special events and other guest services including captive portals, user registration, and data integration with customer management systems. Scans the campus for rogue wireless access points and other sources of signal interference and/or malicious activity.
Works with solutions architects, system administrators, consultants, and vendors to build, configure, test and implement security solutions that meet the enterprise’s business needs and are aligned and consistent with corporate security policies, enterprise IT strategies and plans. This role will take ownership of incident tickets and service requests and work with end-users and IT staff for resolution/fulfillment. Additional responsibilities include working with server and application administrators on designing new architectures securely and testing/hardening existing systems via penetration test exercises. Additionally, the position will participate in on-call support rotations for non-business hours.
- Infrastructure Security (30%)
Administration and engineering of all network security hardware and software including firewalls, intrusion detection/prevention, information/event log management/analysis, antivirus/malware, access control.
Design, implementation, and management of security configurations at the host, service, storage, and database layers for both on-premise and cloud-based environments, including server/device hardening, configuration file management, encryption, auditing and monitoring.
Participation in Internet edge security including traffic analysis, DDOS, secure DNS, partnerships with ISP and CDN.
Participation in security architecture development including network, host, and application stack design as well as secured data flow.
Participation in system performance analysis, system instrumentation/management, and change management activities.
- Vulnerability Management & Incident Response (20%)
Administration and engineering of vulnerability management programs including scanning, patching/remediation, and penetration testing.
Participation in user-centric security programs including password cracking, phish testing, and security awareness training.
Participation in formal and ad-hoc computer emergency response and incident response teams, including tabletop exercises and disaster recovery testing.
- Network Engineering & Administration (20%)
Design and implementation of core routers and Internet routers.
Design and implementation of access layer configurations including closet switches, wireless networking, and secure network access control for authorized endpoints.
Tier-2 troubleshooting/resolution and backup network administration of switches/routers/etc as needed.
- Endpoint & Applications Security (10%)
Design, implementation, and management of workstation and mobile security including encryption, security templates/scripts, antivirus/malware, host firewall and intrusion detection/prevention, application control policies, data loss prevention, and remote wipe/anti-theft controls.
Design, implementation, and management of on-premise and cloud/SaaS application security including application patching and hardening, access control and identity management, security assessments and audits.
- Third Party & Remote Access Management (10%)
Design, implementation, and management of all secure data connections to third parties including network design, encryption, access control, and auditing.
Participation in designing and delivering secure remote access to employees via VPN, including client/clientless access and multi-factor authentication.
- Privacy/Audit/Compliance (10%)
Engineering and management of encryption programs at both hardware and data layers including hard disk encryption, database/file/message encryption, key management, PKI and SSL/TLS certificate management.
Management of regulatory compliance programs including PCI-DSS and GDPR.
Participation in all routine and ad-hoc activities related to system and data integrity.
Minimum Education Required
Bachelor’s degree in Computer Science or related discipline, or equivalent experience. CISSP, CEH, SANS GSEC and other relevant certifications a plus. ITIL v3 certification a plus.
Minimum Years and Type of Experience
Minimum of five years’ experience with network security administration as well as implementation of appropriate data/host-based security layers within a heterogeneous computing environment. Minimum of five years’ experience with network engineering and administration of enterprise campus networks including access/core/border layers, wireless, and remote office connectivity. Comfortable working in cloud-first / consumerized technology environments and integrating Apple products into enterprise security programs and networks. Experience with responding to security breaches and other outages including proactive risk mitigation, incident response, and forensics. Background with Linux and open source tools, as well as active security community participation.
Knowledge and Skills Required
In-depth knowledge/experience with enterprise security systems administration and engineering, particularly with products from Palo Alto Networks, Cisco, and other major vendors. Strong experience with securing, configuring, and integrating infrastructure products from Aruba, Brocade/Extreme, VMWare, NetApp, Dell, as well as Amazon Web Services and Google Cloud Platform. Strong experience with securing endpoint devices including Windows, Mac OS X, Chrome, iOS, Android as well as IoT. Familiarity with cloud-based security tools and service providers including Okta, Cisco Cloudlock, Vera, and Rapid7.
Ability to function in a dynamic environment subject to changes in schedules and priorities. Ability to participate in multiple projects concurrently from inception to completion with limited management supervision. Excellent oral and written communication skills. Ability to interact positively and productively with teams across organizational lines. Strong customer service, troubleshooting and problem solving a must. ITIL v3 certification and/or experience with IT Service Management a plus.
No direct reports
National Geographic is an equal opportunity employer. All employment-related decisions are made without regard to race, color, religion, sex (including pregnancy), national origin, age, disability, veteran status, citizenship, marital status, or any other legally protected category.
To apply for this job please visit itjobpro.com.