Job Description:
- The deployment of the Prisma Access solution requires a great deal of expertise in designing, implementing, troubleshooting, and documenting network security infrastructures and related systems.
- This position servers as the SASE Security Administrator responsible for providing technical analysis, planning, engineering, and implementation in the field of network security.
- The contractor will serve as the expert in enterprise network and cyber security infrastructure, ensuring the efficient and effective implementation of network security solutions.
- The position requires expertise in network and cyber security hardware and software, including routers, firewalls, and Intrusion Detection/Intrusion Prevention devices.
- The candidate will be working with a cross functional team comprised of technical experts from DOI, Client, Palo Alto, and other organizations in the transition of the Prisma Access solution from the pilot project to securely connecting all DOI users to the production applications they need.
Essential Responsibilities:
- Conduct technical analysis and provide expertise in network security planning, engineering, and administration.
- Serve as the expert in enterprise network and cyber security infrastructure, collaborating with cross-fu
- nctional teams.Analyze implementation techniques and tools to identify the most efficient solutions for network security problems.
- Coordinate third-party maintenance for network and cyber security equipment and troubleshoot problems.
- Validate network security design and assess newly released equipment software and operating systems for vulnerabilities.
- Provide specifications and detailed schematics for unified network architecture.
- Monitor and detect potential performance and throughput issues, developing risk mitigation solutions.
- Provide guidance to team members and report status metrics to the Government officials.
- Provide third-level support and troubleshooting for network problems, including after-hours and weekend support.
- Assist the DOI SOC and cyber defense and response teams during security incidents, involving timely configuration changes to SASE and participation in significant incident bridges.
- Support user access in the Client SASE portal based on least privilege roles and provide operations training and support as needed.
- Provide guidance, assistance, and recommendations to determine new technical services and solutions for DOI.
- Development of configurations, troubleshooting, and best practices to DOI and stakeholders.
- Expedite and escalate service issues for a quick resolution.
- Manage support cases to ensure issues are recorded, tracked, resolved, and follow-ups are completed promptly.
- Utilize fault isolation and root cause analysis skills to provide DOI and stakeholders with post-sales technical support, configuration, troubleshooting, and standard methodologies.
- Identify product defects and work with Client and Manufacturer via lab replication for root cause analysis.
- Work with Client and Manufacturer to develop and deliver bug fixes.
Experience:
- Hands on experience with one or more of the following Next-Gen firewalls: Barracuda, Juniper, Cisco, Check Point, or Palo Alto.
- Extensive experience implementing and maintaining firewalls and staying updated on any released security vulnerabilities and how they affect the network.
- Extensive experience performing on-going optimization of the network security devices to ensure adequate capacity, availability, and scalability.
- • Experience designing, implementing, troubleshooting, managing, and documenting network security infrastructures and related systems.
- Demonstrated ability to participate in the Change Management process including creating new change requests, reviewing submitted change forms, peer reviewing submitted change requests, implementing firewall changes and peer reviewing firewall changes.
- Expertise in modifying firewall rule sets, changing policies, whitelisting, content filtering, and troubleshooting issues by studying network traffic flows, locking down applications, and troubleshooting firewalls, routers, and switches.
- In-depth knowledge of layer 4-7 app aware firewalls.
- Experience establishing and modifying site-to-site VPNs.
- Ability to manage threat protection, URL blocking, IOC feeds, routers, and switches.
- Experience performing monthly firewall health checks.
- Experience developing detailed build and test plans for implementing firewalls and other security appliances.
Qualifications:
- Bachelor’s Degree in information security (or similar field).
- Palo Alto Networks Certified Network Security Administrator (PCNSA)
- 10+ years of experience in designing and deploying advanced support of enterprise networks and security solution architectures.
- 3+ years of experience in Palo Alto PRISMA Cloud preferred.
- Extensive knowledge of data security practices and systems; NIST, ISO, etc.
- Strong ability to independently debug broad, complex, and unique networks with mixed media and protocols required.
- Ability to interact with customers, vendors, and project managers on a regular basis to support implementations, change management and troubleshooting.
- Experience working in a leading ticketing system and prioritizing workflow based on criticality and urgency.
- Excellent communications and teamwork skills.
- Ability to pass a background investigation.