TSS Senior Network Security Engineer with AlgoSec (Remote)

Type of Requisition: Regular

Clearance Level Must Be Able to Obtain: None

Public Trust/Other Required: BI Full 6C (T4)

Job Family: Cyber Engineering

Own your career as a Senior Network Security Engineer at GDIT. Here, youll have the opportunity to use cutting-edge technologies. Your work in Network Security at GDIT will have an impact on securing our clients missions and ensuring we anticipate the threats of tomorrow.

Our work depends on Network Security Engineers with advanced AlgoSec to join our team to be responsiblefor the configuration, deployment, and management of the customers security appliances and infrastructure in a 24x7x365 environment with regards to AlgoSec and Firewalls. The senior engineer is responsible for but not limited to monitoring, configuration changes, accounts, and software updates for the customers security appliances for internal and border security framework. The engineer must be able to analyze, troubleshoot, and remediate issues within the enterprise. The engineer will also work closely with other teams to ensure that all security solutions are performing to standard.

GENERAL DUTIES AND RESPONSIBILITIES

• Provide all ISSOs access to run existing reports in AlgoSec
• Provide training materials / 1 on 1 training to ISSOs on how to use AlgoSec
• Work with OCIO, CIT service areas, and ICs to identify established and authorized use of ports 22/3389 (e.g. CyberArk, Tenable, domain controllers, etc)
• Identify those authorized sources within AlgoSec policies
• Provide ISSOs Splunk reports on usage of ports 22/3389 to identify any other required sources of that traffic
• ICs submit FRCs w/ISSO approval for those other sources
• Add those authorized sources into AlgoSec as needed
• Create explicit firewall rules to block SSH/RDP except from authorized sources (shorter effort) OR automatically remove their access as any/any firewall rules are replaced with specific rules (much longer effort)
• Run AlgoSec reports to demonstrate the after state on firewalls
• Administration of LAN technologies for Cisco ASA Firewalls
• Administration of firewalls, including but not limited to Cisco ASA, ACS, RSA, Cisco AnyConnect, Gigamon, Cisco VPN
• Assist in troubleshooting and problem solving for a wide variety of client/user LAN/Security related issues
• Work closely with other IT functional teams to ensure cohesive support and strategies across the IT organization
• Support the development of a project plans and execute as authorized
• Maintain relationships with key Third-Party software/hardware vendors to provide support to the infrastructure as needed.
• Provide daily support for tickets: service requests, incidents, problems, and tasks
• Execute tasks to support projects
• Auditing and Compliance
• Configuration changes and Code upgrades needed to address vulnerabilities report by internal/external audits.
• Analyze and prepare data using Algosec/Splunk, present to the customer, propose changes required to remove vulnerable rules.
• IOS code version bug scrapping with Cisco SME/TAC
• IOS code version lab testing before implementing in production
• Quarterly IOS code upgrades
• Auditing of any newly deployed firewalls to verify they are compliant
• 24 hours availability for weekly On-Call rotation with Security Team
• Firewall Hardware refreshes including rack and stack

DELIVERABLES

• Provide regular updates to tickets
• Produce daily/weekly status reports
• Develop and execute change request plans
• Develop High-Level Designs (HLDs) and Low-Level Designs (LLDs)
• Document physical and logical topologies for security solutions
• Develop High-Level task lists/Work Breakdown Structure (WBS)
• Develop Bills of Materials (BOMs) and participate in the decision-making process for the acquisition of current/new technologies for the customer environment
• Document solution risks, issues and mitigation strategies

REQUIRED QUALIFICATIONS

• BS degree in Computer Science, Information Systems or equivalent.
• AlgoSec Experience is a must
• Minimum of eight years of experience implementing and maintaining Cisco ASA, VPN, ACS, AnyConnect, Gigamon
• Minimum eight years of experience in a Network Security Engineering role.
• Experience with network infrastructure in enterprise datacenter solutions.
• Experience with mid to large scale implementations of Cisco firewalls.
• Requires US Citizenship due to the nature of contracts across organization

DESIRED QUALIFICATIONS

• Cisco CCNA/CCNA/Security, CCNP/CCNP Security, CCIE certifications
• Cisco SISE certification
• Forescout FSCA/FSAA/FSCE certifications
• Experience with Cisco wireless LAN controllers.
• Experience with Forescout security products.
• Experience configuring Cisco ASAs and switches.
• Experience configuring 802.1X.
• Experience configuring and implementing network segmentation including VLANs and MPLS.
• Experience with multiple end-system operating systems including Windows, Linux, Mac OS, and Apple IOS.
• Experience with ServiceNow and Visio is an asset

ATTRIBUTES FOR SUCCESS

• Expert experience with CLI.
• Excellent written and verbal communication skills.
• Ability to explain and elaborate on technical details.
• Ability to self-direct, take initiative and lead teams.
• Ability to multitask and prioritize work in a fast-paced IT environment

WHAT GDIT CAN OFFER YOU:

• Full-flex work week
• 401K with company match
• Internal mobility team dedicated to helping you own your career
• Collaborative teams of highly motivated critical thinkers and innovators
• Ability to make a real impact on the world around you

COVID-19 Vaccination: GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.