Job Description

The Role

The Lead Information Security Engineer will be responsible for implementation and administration of network security hardware and software, enforcing network security policies and compliance requirements. This role requires proficiency with Fortinet, Palo Alto firewalls and related products..  The role is expected to contribute to documentation and adhere to SLA targets and requirements.  The daily duties include hands-on troubleshooting, maintaining and patching managed security platform and  interfacing with clients and associates as needed to resolve complex cases.

The Main Responsibilities

•    Architects, designs, implements, maintains and operates information system security controls and countermeasures;
•    Analyzes and recommends security controls and procedures in business processes, development, and change management lifecycle of information systems, and provides oversight to ensure compliance
•    Develops monitoring and visibility capabilities on information  systems to identify security incidents and vulnerabilities; reports on incidents, vulnerabilities, and trends to customers or executive management
•    Architects, designs, implements, maintains and operates authentication systems and access controls, including provisioning and changes to existing controls
•    Analyzes and develops information security governance controls including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information system
•    Provides guidance to organization management and customers as well as develops and executes plans for compliance and mitigation of risks. 

   Provide direct technical support including:

•    Advanced troubleshooting on the full range of Fortinet and Palo Alto products 
•    Collection, analysis and change recommendations of configuration information
•    Collection and analysis of customer network information
•    Collection and analysis of packet trace information
•    Recommend corrective actions based on analysis
•    Provide customer education where needed due to gaps in networking, product knowledge
•    Consultation of technical documentation, bulletins and release notes for known problems
•    Reproduction of customer environments on lab equipment
•    Follow up on technical cases including proper escalation and management of the case
•    Manage customer communications and expectations until the closure of each case

Specific installation tasks could include:

•    Physically or works with partners to install and connect firewalls and other security appliances
•    Install latest vendor-approved stable OS on appliances
•    Create virtual firewalls with appropriate configurations and policies
•    Configure remote access VPN functionality 
•    Configure site-to-site VPN functionality 
•    Configure firewall interfaces, network configurations, access control lists and policies, routing, remote access (VPN) and next-generation firewall feature sets implementing best practices
•    Integrate firewall with FortiManager, FortiAnalyzer, FortiAuthenticator and other Fortinet products as required
•    Integrate firewall with Palo Alto Panorama/ Prisma, Global Protect and other Palo Alto products as required
•    Configure high availability
•    Configure SIEM Integration
 

What We Look For in a Candidate

Bachelor’s degree in Computer Science, Software Engineering or related field, or an equivalent combination of training and experience is desirable
•    Advanced experience on Fortigate products
•    Advanced experience on Palo Alto products
•    Advanced experience with deploying Palo Alto products in Azure
•    Advanced experience with networking concepts   
•    Experience in a technical support role in a networking/security company or equivalent education
•    Advanced experience in networking (TCP/IP) protocols, computer/network security, firewalls, software defined networking and system administration.
•    Experience with security products firewalls, IPSec, IDS/IPS, Anti-Spam, virus scanning
•    Strong troubleshooting and problem-solving skills
•    Extensive working knowledge of Windows, UNIX or Linux
•    Strong English skills both written and verbal
•    Possesses and applies expertise on multiple complex work assignments
•    Hands-on technical IT, managed security operations and system administration experience.
•    Knowledge of information security principles and practices.
•    Demonstrated ability to learn and administer new systems and tools.
•    Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks.
•    Contributes to deliverables and performance metrics where applicable.
•    Advanced experience in Linux shell scripting, Windows Powershell, Python, or Perl.
•    Advanced experience in security system architecture and design techniques.

Preferred Qualifications: 

•    Fortinet NSE5 and higher certifications strongly desired
•    Palo Alto PCNSE and higher certifications strongly desired
•    Broader security certifications a plus
•    7+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
•    7+ years of Technology Operations experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
•    5+ years of experience in supporting managed security operations , including problem identification, ticket documentation, and customer/vendor relations, demonstrated through work, military, or education
•    5+ years of experience with Cloud platforms, Software defined networking architecture and deployment services 
•    Must have advanced hands on working knowledge of Linux, Microsoft NT/200X, firewall multi-layer design and implementation, router access list/packet filtering (Cisco), WANs, LANs, the Internet, Intranets, network protocols and network services (e.g., SSH, SFTP) ,intrusion detection systems, Software defined networks, Virtual Private Network (VPN), RSA SecureID, Enterprise Security management tools, security assessment software