Principal Network Security Engineer

About The Position

Requirements

• Bachelor’s degree or four or more years of relevant work experience demonstrated in data networking and telecommunications, including expert knowledge of TCP/IP (IPv4 & IPv6), VXLAN, SR, EVPN, OSPF, and BGP.
• Six or more years of relevant work experience
• Demonstrated experience in Carrier/Service Provider Network Engineering or Security with hands-on proficiency with Cisco IOS XE/XR/NX-OS, Nokia SR OS, Juniper OS, and F5 F5OS/TMOS.
• Proven experience securing Spine-Leaf architecture and data center fabrics with strong knowledge of BGP security (RPKI, prefix-lists, TTL security) and IGP security (OSPF/IS-IS authentication).
• Framework fluency in CIS Benchmarks applying Level 1 & Level 2 hardening profiles.
• Proven track record of managing and delivering results.
• MITRE ATT&CK: Ability to explain how specific network controls mitigate specific TTPs (Tactics, Techniques, and Procedures) in the Network Devices matrix.
• Strong leadership and mentoring abilities.
• Ability to work with diverse stakeholders including highly technical teams, business owners, and executives.
• Effective written, interpersonal, and verbal communication skills.

Nice To Haves

• Cisco: CCIE (Service Provider or Security)
• Nokia: NRS II (Nokia Routing Specialist) or SRA (Service Routing Architect).
• Juniper: JNCIE (Service Provider or Security)
• F5: Certified Technology Specialist (BIG-IP)l or Solution Expert
• CISSP

Responsibilities

• Providing recommendations to improve defensive cyberspace operations - internal defensive measures (DCO-IDM) and the cyber resiliency of the portfolio’s systems and services.
• Collaborating with stakeholders to improve the core networking security posture through the assessment and implementation of the Network Security Fundamentals (Access Management, Situational Awareness, Configuration Hardening, Vulnerability Mitigation).
• Providing recommendations to improve defensive cybersecurity practices.
• Discovering, identifying, and confirming inventory of all network assets and asset information (model, version, etc) in your respective area of responsibility.
• Building a deep understanding of the network assets and the roadmap to quickly assess the impact of vulnerabilities and identify End-of-Life/End-of-Support hardware/software.
• Developing a baseline of normal operations and implement intelligent threat detections to alert on deviations to proactively identify potential cyber threats.
• Performing log analysis and develop incident response protocols to quickly identify, contain, and resolve network security incidents and threats.
• Architecting security hardening and implementation of CIS Benchmarks for Cisco IOS XE/XR/NX-OS, Nokia SR OS, Juniper OS, and F5 F5OS/TMOS to enforce "Gold Standard" configurations.
• Designing and auditing of ACLs to drive segmentation strategy across network infrastructure.
• Creating and using automation tools (Ansible, Spunk) and programmatic methods to build life cycle management workflows, perform configuration compliance, and implement threat modeling / detection.
• Driving adversary emulation by mapping core network defenses directly to the MITRE ATT&CK for Network Devices matrix.

Benefits

• medical
• dental
• vision
• short and long term disability
• basic life insurance
• supplemental life insurance
• AD&D insurance
• identity theft protection
• pet insurance
• group home & auto insurance
• matched 401(k) savings plan
• up to 8 company paid holidays per year
• up to 6 personal days per year
• paid parental leave
• adoption assistance
• tuition assistance
• vacation