Dept.:Information Security - Delivery & Support
Owings Mills, Maryland
6+ Months
$65/hr
The Sr. Network Security Engineer is responsible for the operation and maintenance of mission-critical enterprise security infrastructure solutions. This position will focus on the implementation of Web Application Firewalls, and Vulnerability Management across the enterprise. As such, the engineer will play a vital role in integrating vulnerability scan results into the QA process for enterprise visibility as the current vulnerability management services re expanded.
The Sr. Network Security Engineer will also play an integral role in the deployment and tuning of a new Intrusion Prevention system, next generation firewall technology, as well as Security Information and Event Management solutions.
Essential Functions
1. Perform web application vulnerability scans. Prioritize vulnerabilities for remediation. Track remediation process of vulnerabilities.
2. Ensure all security solutions and designs meet local and federal compliance requirements such as HIPAA, SOX, GLBA, FFIEC and PCI DSS.
3. Develop project, implementation and test plans.
4. Research and evaluate security technologies.
5. Investigate threats/attacks against the enterprise.
6. Implementation, configuration, monitoring and tuning of numerous security technologies including Next Generation Firewalls, IPS devices, Web Application Firewalls, Vulnerability Scanners etc..
7. Assist in monitoring, investigating, documenting and resolving identified security weaknesses, and recommend solutions for improvement.
8. Maintain an exceptional level of documentation including diagrams, security standards, manuals and white papers.
9. Lead cross-domain, cross-functional matrix project teams to implement solutions according to established milestones and budgets.
10. Efficiently manage multiple simultaneous projects.
11. Provide accurate and timely reporting on all project deliverables.
12. Candidate will be expected to participate in an on-call rotation.
13. Ability to effectively communicate with both technical and non-technical users.
Skills and abilities
1. Networking hardware - routers, switches, load balancers, etc.
2. IBM Rational Appscan Source and Enterprise editions.
3. Next generation firewalls and application identification and tuning. Experience with Palo Alto Networks is highly desirable
4. Web Application Firewalls - F5 Application Security Manager (ASM).
5. Wireless network security devices such as AirTight or Motorola AirDefense
6. SSL VPNs - Cisco ASAs, Juniper IVEs, F5 FirePass
7. Next generation transparent remote access solutions such as Microsoft UAG or F5 BIG-IP Edge Gateway
8. PKI – CyberTrust, RSA, Entrust, Trustwave, Microsoft CA
9. IPS technology – experience with with Sourcefire 3D, RNA and RUA preferred
10. Vulnerability management – Nessus, nCircle, Rapid7
11. Forensics systems and techniques such as HBGary, Encase, FTK, etc
12. Application execution control such as with CoreTrace, Bit9, Microsoft AppLocker, or Verdasys
13. SIEM such as ArcSight, Q1 Labs, RSA envision or LogLogic.
Experience with one or more scripting/programming language on this list:1. Python (preferred)
2. Perl
3. Shell scripting
4. VBScript
5. .NET
6. PowerShell
Qualifications/Credentials
A Bachelor’s degree in Engineering, Computer Science or an equivalent combination of education and work experience is required.
Desirable certifications:
CISSP
GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Intrusion Analyst (GCIA)
Sourcefire Certified Professional (SFCP) or Sourcefire Certified Expert (SFCE)
Business Justification:
Staff Augmentation for the Accelerated Security Opportunities Program (ASOP) Corporate Initiative
Essential Functions
1. Perform web application vulnerability scans. Prioritize vulnerabilities for remediation. Track remediation process of vulnerabilities.
2. Ensure all security solutions and designs meet local and federal compliance requirements such as HIPAA, SOX, GLBA, FFIEC and PCI DSS.
3. Develop project, implementation and test plans.
4. Research and evaluate security technologies.
5. Investigate threats/attacks against the enterprise.
6. Implementation, configuration, monitoring and tuning of numerous security technologies including Next Generation Firewalls, IPS devices, Web Application Firewalls, Vulnerability Scanners etc..
7. Assist in monitoring, investigating, documenting and resolving identified security weaknesses, and recommend solutions for improvement.
8. Maintain an exceptional level of documentation including diagrams, security standards, manuals and white papers.
9. Lead cross-domain, cross-functional matrix project teams to implement solutions according to established milestones and budgets.
10. Efficiently manage multiple simultaneous projects.
11. Provide accurate and timely reporting on all project deliverables.
12. Candidate will be expected to participate in an on-call rotation.
13. Ability to effectively communicate with both technical and non-technical users.
Skills and abilities
1. Networking hardware - routers, switches, load balancers, etc.
2. IBM Rational Appscan Source and Enterprise editions.
3. Next generation firewalls and application identification and tuning. Experience with Palo Alto Networks is highly desirable
4. Web Application Firewalls - F5 Application Security Manager (ASM).
5. Wireless network security devices such as AirTight or Motorola AirDefense
6. SSL VPNs - Cisco ASAs, Juniper IVEs, F5 FirePass
7. Next generation transparent remote access solutions such as Microsoft UAG or F5 BIG-IP Edge Gateway
8. PKI – CyberTrust, RSA, Entrust, Trustwave, Microsoft CA
9. IPS technology – experience with with Sourcefire 3D, RNA and RUA preferred
10. Vulnerability management – Nessus, nCircle, Rapid7
11. Forensics systems and techniques such as HBGary, Encase, FTK, etc
12. Application execution control such as with CoreTrace, Bit9, Microsoft AppLocker, or Verdasys
13. SIEM such as ArcSight, Q1 Labs, RSA envision or LogLogic.
Experience with one or more scripting/programming language on this list:1. Python (preferred)
2. Perl
3. Shell scripting
4. VBScript
5. .NET
6. PowerShell
Qualifications/Credentials
A Bachelor’s degree in Engineering, Computer Science or an equivalent combination of education and work experience is required.
Desirable certifications:
CISSP
GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Intrusion Analyst (GCIA)
Sourcefire Certified Professional (SFCP) or Sourcefire Certified Expert (SFCE)
