University of California - San Francisco
Network Security Engineer
University of California - San Francisco, San Francisco, California, United States, 94199
Network Security Engineer
IT Data NetworkFull Time80408BRJob SummaryThe Network Security Engineer within the University of California, San Francisco's (UCSF) Information Technology (IT) department will ensure the security and integrity of UCSF's network infrastructure. The Network Security Engineer supports the planning, design, optimization, implementation, audit, and troubleshooting of network security systems. The Engineer improves the overall security posture of UCSF and its assets. The Security Engineer will partner with other teams, including security operations, governance, and system administrators, to successfully design and deploy required solutions to harden UCSF platforms.The Network Security Engineer will:Configure/Install and manage various network security devices, features, and technologies including, but not limited to Firewalls, DDI (DNS, DHCP and IP Address Management), VPN, Network Access Control solutions, Web Filtering solutions, CASB and SASE systems, Intrusion Detection/Prevention systems, Network Packet Brokers, and Network Traffic Visibility solutions.Fulfill project requests and tasks for our clients (Firewall Policy, VPN tunnel creation, DDI, CASB Incident Response, applying web filter entries, etc.).Manage and mitigate vulnerabilities for the devices that are backed by the Network Security Team.Resolve problems and break/fix incidents on the enterprise network and its network security systems.Provide administrative-level technical network security implementation skill set for enterprise and Data Center environments of UCSF.Assist in the development of network device hardening standards.Apply professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues.Establish methods, techniques and evaluation criteria to obtain results.Interface with management, IT-Security and vendors to develop and implement new solutions to meet business requirements.Serve as an escalation point for junior staff.Required QualificationsBachelor's Degree, or equivalent combination of experience/training in one or more of the following fields: computer science, engineering, computer information systems, etc.5-7 years of experience working in one or more of the following fields: network services, information technology, network security, or network operations.Cisco Certified Network Professional (CCNP) and/or equivalent experience/training.Demonstrated advanced knowledge of various network security devices, features, and technologies like firewalls, intrusion detection and prevention systems, network access control solutions, web filtering solutions, network packet brokers, load balancing, DDI (DNS, DHCP, and IP Address management), VPN, and network traffic visibility solutions.Demonstrated advanced knowledge of various VPN technologies.Demonstrated advanced knowledge of network security protocols, technologies, standards and tools.Demonstrated advanced knowledge of various authentication protocols and services.Demonstrated advanced understanding of modern enterprise TCP/IP data networks using standards and technologies including but not limited to OSPF, STP, RSTP, 802.1Q, Multicast, Quality of Service, and tunneling protocols.Demonstrated advanced knowledge of security architectures in private and public cloud environments. Experience designing and implementing network services within public cloud environments (e.g., AWS, Azure).Demonstrated advanced knowledge, skills, and experience with Cisco Routing and Switching products.Demonstrated advanced problem-solving skills. Ability to diagnose and resolve network connectivity issues, in a timely manner. Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention.Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, load balancing, packet capture, and/or data loss prevention.Understand the implications of work in other areas of IT and business.Proven ability to learn effectively and meet deadlines. Self-motivated and works independently and as part of a team with minimal supervision. Participates in network on-call rotation supporting a 24/7 environment.Excellent communication skills with the ability to convey technical information to both technical and non-technical personnel. Ability to support the creation of presentation materials, generate reports, and lead presentations to stakeholders.Demonstrated advanced ability to gather, organize, and analyze data in the completion of a variety of functional assignments.Familiarity with network security best practices and the ability to implement and maintain firewall rules, access controls, and intrusion detection/prevention systems.Excellent interpersonal skills, with the ability to work effectively with colleagues and stakeholders across departments.Preferred QualificationsDemonstrated advanced knowledge, skills, and experience with Juniper Routing and Switching products.Demonstrated advanced knowledge and experience with network device management tools, technologies, and products like SASE, CASE, and CASB solutions.Extensive knowledge of structured cabling systems, network facilities, electrical, UPS, etc.Experience performing packet and flow analysis with various toolsets including in-line taps, firewall/IPS appliances, network routers, and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools.Palo Alto Networks Certified Network Security Engineer and/or equivalent experience/training.Certified Information Systems Security Professional (CISSP).AWS Solutions Architect or AWS Cloud Practitioner Certification.License/CertificationCisco Certified Network Professional (CCNP) and/or equivalent experience/training.About UCSFThe University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world's leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.Pride ValuesUCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values. In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at diversity.ucsf.edu. Join us to find a rewarding career contributing to improving healthcare worldwide.Equal Employment OpportunityThe University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.OrganizationCampusJob Code and Payroll Title000545 COMM AND NETWORK TCHL ANL 4Job CategoryClinical Systems / IT ProfessionalsBargaining Unit99 - Policy-Covered (No Bargaining Unit)Employee ClassCareerPercentage100%LocationMission Center Building (SF), San Francisco, CAShiftDaysShift Length8 HoursAdditional Shift DetailsMon-Fri, 9-5, as required after hours support
#J-18808-Ljbffr
IT Data NetworkFull Time80408BRJob SummaryThe Network Security Engineer within the University of California, San Francisco's (UCSF) Information Technology (IT) department will ensure the security and integrity of UCSF's network infrastructure. The Network Security Engineer supports the planning, design, optimization, implementation, audit, and troubleshooting of network security systems. The Engineer improves the overall security posture of UCSF and its assets. The Security Engineer will partner with other teams, including security operations, governance, and system administrators, to successfully design and deploy required solutions to harden UCSF platforms.The Network Security Engineer will:Configure/Install and manage various network security devices, features, and technologies including, but not limited to Firewalls, DDI (DNS, DHCP and IP Address Management), VPN, Network Access Control solutions, Web Filtering solutions, CASB and SASE systems, Intrusion Detection/Prevention systems, Network Packet Brokers, and Network Traffic Visibility solutions.Fulfill project requests and tasks for our clients (Firewall Policy, VPN tunnel creation, DDI, CASB Incident Response, applying web filter entries, etc.).Manage and mitigate vulnerabilities for the devices that are backed by the Network Security Team.Resolve problems and break/fix incidents on the enterprise network and its network security systems.Provide administrative-level technical network security implementation skill set for enterprise and Data Center environments of UCSF.Assist in the development of network device hardening standards.Apply professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues.Establish methods, techniques and evaluation criteria to obtain results.Interface with management, IT-Security and vendors to develop and implement new solutions to meet business requirements.Serve as an escalation point for junior staff.Required QualificationsBachelor's Degree, or equivalent combination of experience/training in one or more of the following fields: computer science, engineering, computer information systems, etc.5-7 years of experience working in one or more of the following fields: network services, information technology, network security, or network operations.Cisco Certified Network Professional (CCNP) and/or equivalent experience/training.Demonstrated advanced knowledge of various network security devices, features, and technologies like firewalls, intrusion detection and prevention systems, network access control solutions, web filtering solutions, network packet brokers, load balancing, DDI (DNS, DHCP, and IP Address management), VPN, and network traffic visibility solutions.Demonstrated advanced knowledge of various VPN technologies.Demonstrated advanced knowledge of network security protocols, technologies, standards and tools.Demonstrated advanced knowledge of various authentication protocols and services.Demonstrated advanced understanding of modern enterprise TCP/IP data networks using standards and technologies including but not limited to OSPF, STP, RSTP, 802.1Q, Multicast, Quality of Service, and tunneling protocols.Demonstrated advanced knowledge of security architectures in private and public cloud environments. Experience designing and implementing network services within public cloud environments (e.g., AWS, Azure).Demonstrated advanced knowledge, skills, and experience with Cisco Routing and Switching products.Demonstrated advanced problem-solving skills. Ability to diagnose and resolve network connectivity issues, in a timely manner. Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention.Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, load balancing, packet capture, and/or data loss prevention.Understand the implications of work in other areas of IT and business.Proven ability to learn effectively and meet deadlines. Self-motivated and works independently and as part of a team with minimal supervision. Participates in network on-call rotation supporting a 24/7 environment.Excellent communication skills with the ability to convey technical information to both technical and non-technical personnel. Ability to support the creation of presentation materials, generate reports, and lead presentations to stakeholders.Demonstrated advanced ability to gather, organize, and analyze data in the completion of a variety of functional assignments.Familiarity with network security best practices and the ability to implement and maintain firewall rules, access controls, and intrusion detection/prevention systems.Excellent interpersonal skills, with the ability to work effectively with colleagues and stakeholders across departments.Preferred QualificationsDemonstrated advanced knowledge, skills, and experience with Juniper Routing and Switching products.Demonstrated advanced knowledge and experience with network device management tools, technologies, and products like SASE, CASE, and CASB solutions.Extensive knowledge of structured cabling systems, network facilities, electrical, UPS, etc.Experience performing packet and flow analysis with various toolsets including in-line taps, firewall/IPS appliances, network routers, and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools.Palo Alto Networks Certified Network Security Engineer and/or equivalent experience/training.Certified Information Systems Security Professional (CISSP).AWS Solutions Architect or AWS Cloud Practitioner Certification.License/CertificationCisco Certified Network Professional (CCNP) and/or equivalent experience/training.About UCSFThe University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world's leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.Pride ValuesUCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values. In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at diversity.ucsf.edu. Join us to find a rewarding career contributing to improving healthcare worldwide.Equal Employment OpportunityThe University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.OrganizationCampusJob Code and Payroll Title000545 COMM AND NETWORK TCHL ANL 4Job CategoryClinical Systems / IT ProfessionalsBargaining Unit99 - Policy-Covered (No Bargaining Unit)Employee ClassCareerPercentage100%LocationMission Center Building (SF), San Francisco, CAShiftDaysShift Length8 HoursAdditional Shift DetailsMon-Fri, 9-5, as required after hours support
#J-18808-Ljbffr