Description

Leidos is seeking a Network Security Engineer on the NOAA Cyber Security Center contract in Boulder, CO. or Fairmont, WV. This position will be part of a Network Security team which is part of a larger Enterprise Security Services (ESS) team. ESS is responsible for security tools for the NOAA Cyber Security Center as well as supporting 5 Trusted Internet Connection Access Provider (TICAP) sites. An active Secret security clearance is required prior to start.

PRIMARY RESPONSIBILITIES:

• Software/hardware patching and NIST 800-53r5 high-impact security control configurations.

• Support the NOAA cyber security mission by building, configuring, troubleshooting, and updating the network security capabilities that protect NOAA core networks and information.

• Plan and perform maintenance and upgrade of Juniper network routers and switches, Gigamon Network Terminal Access Point (TAP), Fortinet firewalls, Palo Alto firewalls, Stealthwatch, remote access systems, and network management systems.

• Monitor network connectivity and ensure high quality data transmission using standard network tools (ex: Netbrain, Ansible, FortiManager or Nagios)

• Serve as a liaison with 3rd party vendors and providers and be able to coordinate troubleshooting and provide real time updates via standard collaboration tools

• Create the established network security processes to defend and operate the national NOAA network.

• Provide direct end user support to a diverse user base ranging from average desktop users to other IT and Information Security Professionals

• Establish and maintain standard operating procedures for operations team members.

• Participate in an on-call rotation to provide emergency support for the corporate network security environment.

• Provide feedback to team leadership to improve existing solutions so they better meet the business' needs.

• Provide technical leadership to mid and junior engineers.

• Help customers from around the enterprise troubleshoot and resolve their network security related issues.

• Provide technical support for system upgrades, technical refreshes, or new builds per requirements set by the leadership team as well as functional leads.

• Be a technical resource for individual projects when his or her knowledge and experience meet the requirements of the project group or task.

• Provide critical incident response & problem management including root cause of system problems, such as configuration issues resulting in operational performance degradation or system outages, supporting the government with information and advice on the necessary correction actions and/or interim workarounds relative to network security.

• Provide documentation support for designs, implementations, configurations, knowledge base articles relative to network security

• Provide support relative end-user issues regarding all services provided by SEO

• Support the project lifecycle for network security projects as well as projects with dependencies on network security

• Recommend and develop system solutions ensuring proprietary/confidential data and systems are protected (i.e., system security upgrades, technical refreshes etc,.)

• Develop and maintain technical documentation and diagrams related to the field communications systems equipment & networks

• Ensure documentation relative operational procedures, services, etc., are written and centrally accessible and updated as necessary

BASIC QUALIFICATIONS:

• Bachelor's degree and 8+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of degree.

• 4+ years of experience in an enterprise network or security environment.

• Must have network and firewall engineering experience designing, implementation, and maintaining network infrastructure and Layer 2 and 3 networking devices and/or firewall devices such as Juniper, Dell, Cisco, Fortinet, or Palo Alto

• Strong knowledge of OSI 7-layer model, TCP/IP and common application layer protocols

• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

• Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

• Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)

• Knowledge of security system design tools, methods, and techniques.

• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

• Skill in applying and incorporating information technologies into proposed solutions

• Knowledge of cybersecurity and privacy principles

• Experience providing O&M and engineering support to complex, mission-critical systems

• Experience working closely with customers and users to troubleshoot and resolve complex network related issues

• Ability to work and brief customers to include senior management

• Knowledge of management of classified systems and the required security guidelines associated with secure facilities

• Experience with Information Assurance (IA) hardening and compliance, i.e. DISA STIGs, documentation, etc.

• Must be able to work collaboratively with other system administrators, system engineers, and network engineers in a team environment

• Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs

• Must be a US Citizen.

• Must have an active Interim Top Secret or adjudicated Secret to be considered for this role.

PREFERRED QUALIFICATIONS:

• Knowledge of government TICAP implementations and controls

• Experience with Implementation and maintenance of Next Generation Firewall Features (Application aware filtering, DNS, IPS, Web filtering, SSL Inspection)

• Experience with automation tools such as Netbrain, Ansible, XSOAR, Fortimanager, Panorama.

• Experience with managing SSL, and IPSEC VPN clients and site to site VPNs

• ZTNA experience preferred

• Experience with Fortinet products

• Experience with Palo Alto Products

• Developing the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

• Network/Cyber Security Training or Certification (ie Security+, Network+, Splunk, FireEye, CCNA, CCIE, etc.)

• Knowledge of NIST SP 800 53 series or ISO 27000 series documents

• Understanding of advanced threat detection in an enterprise environment

• Understanding of malware families, their types, and the threat they pose

• Experience designing, developing, integrating, implementing, operating, and analysis of cybersecurity technologies

• Skill in independently making configuration updates to ensure system availability requirements

• Strong problem-solving and analytical skills and demonstrates poise and ability to act calmly and competently in high-pressure and high-stress situations

• Understanding of accepted security practices, troubleshooting issues, attack vectors and customer support

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Remote