Cloud Network Security Subject Matter Expert
Information Technology --> Cloud
We are seeking a highly skilled and experienced Cloud Network Security Subject Matter Expert (SME) to join our Cyber Security Engineering & Design team. In this critical role, you will be responsible for designing, implementing, and maintaining secure cloud network solutions, evaluating emerging technologies, and providing technical leadership across a multi-vendor enterprise environment. You will be a key contributor to our efforts in securing both cloud and on-premise infrastructure, supporting migrations, and ensuring compliance with DoD security directives.
Responsibilities:
- Network Security Engineering & Design: Develop, engineer, and document emerging technology solutions across a multi-vendor platform to support an enterprise security architecture, including those for commercial and GOV cloud environments (Amazon, Microsoft Azure, and Oracle). This includes, but is not limited to, Web Application Firewalls (WAF), Network Access Control (NAC), malware/zero-day detection, SSL decryption, packet brokers, machine learning behavioral analysis, application-aware firewalls, enterprise log analysis, and intrusion detection systems.
- Cloud Security Implementation: Design, deploy, upgrade, and support security components in a hybrid cloud network, including firewalls, routers, VPN devices, load balancers, and WAFs. Configure and maintain cloud-native security components such as network security groups, security lists, and network access control lists (ACLs).
- Automation & Scripting: Leverage scripting and automation technologies (Python, PowerShell, F5 iRules) to simplify and streamline deployment and operations tasks.
- Troubleshooting & Optimization: Troubleshoot and analyze server performance, workload distribution, and component sizing in a cloud environment. Assist with the implementation and optimization of server monitoring tools to maintain visibility on key metrics.
- Network Connectivity: Extend on-premise networks to the cloud over direct connect and private gateways.
- Security Expertise: Support migrations of various applications (commercial and custom) to the cloud environment, ensuring appropriate security posture with firewalls, WAFs, and other security devices. Provide expertise in Transport Layer Security (TLS) decryption and inspection.
- Collaboration & Leadership: Collaborate with other Network and Security SMEs to accomplish tasks, design and assist sustainment/deployment engineers, and serve as a resource for the Cloud Network Engineer team. Participate in team meetings and provide status reports.
- Documentation & Training: Develop and maintain comprehensive documentation to support projects. Create educational materials for operational teams and conduct instructional sessions for deployment and sustainment staff.
- Business Planning & Compliance: Participate in business planning meetings to recommend technical solutions that meet capacity, scalability, and performance requirements. Adhere to change management policies and ensure compliance with DoD security directives and FIPS 140-2 requirements.
- Knowledge Sharing: Proactively share technical and non-technical knowledge to improve team skills and foster cohesiveness. Seek opportunities for professional development through certifications, training, or conferences.
Requirements:
- Bachelor’s degree in Computer Science or a related technical field, or equivalent experience (5-7 years in a network engineering or telecommunications environment).
- OS Certification (CCNA or higher) required; equivalent knowledge to a CCNP certification level - able to obtain OS Certification
- 8570 Requirement: Engineering – IAT Level II (One of CCNA Security, CySA+, GICSP, GSEC, Security+ CE or SSCP) – able to obtain both OS and Security Certifications.
- Knowledge of Cisco routers, switches, and firewalls.
- IP Network Design & Troubleshooting Skills.
- Understanding of authentication schemes, security assessment, and network management.
- Experience designing and deploying network solutions in enterprise environments.
- Excellent written and verbal communication skills.
- Experience in large-scale enterprise network rollout and support.
Preferred Qualifications:
- Expertise with LAN/WAN technologies throughout a global infrastructure.
- Minimum 10 years Network Administration experience (Cisco, Palo Alto, F5, Fidelis, etc.).
- Minimum 3 years of F5 experience (SSLO, ASM, C3D, LTM, GSLB).
- Minimum 4 years of experience working on enterprise-sized networks.
- Experience working with Network Automation frameworks (NetMiko, Napalm, Pandevice).
- Experience with Application Programming Interfaces (API) of various network devices.
- Experience in commercial and on-premises private cloud environments (AWS, Azure).
- Cloud automation utilizing Java, Jenkins, Python, PowerShell, DevOps, Code Deploy and Cloud Formation.
- Cloud networking technologies (Transit Gateway, Customer Gateways, Virtual Private Gateways, Internet Gateways, Peering, MeetMe, UDR, ExpressRoute).
- Cloud management and security (IAM, Azure Active Directory, AWS Key Management Service, Azure Encryption models).
- Native cloud security tools (Azure Security Center, Azure Virtual Network TAP, Azure Log, AWS logging and CloudWatch), and non-native cloud security tools.
- Technical writing skills.
- Experience with TCPDump and Wireshark for network traffic analysis.
- Experience with implementing Office 365 in an Enterprise environment.
- Understanding of SaaS and IaaS private cloud connectivity to an Enterprise environment.
- Experience with Cisco CSRv1000 and Palo Alto virtual firewalls.
- Experience working in a healthcare or DoD environment.
Education and Experience Preferred:
- B.A or B.S. in Computer Science, Information Systems or Information Technology or 7 years related experience.
- Minimum of 3 years of experience in AWS, Azure and/or OCI.
- Minimum of 3 years of experience with Python or PowerShell.
Licensure, Certification or Registration Preferred:
- 8570 Compliant / CCNA OS cert
- Must be able to obtain TS security clearance.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.