DMI
Palo Alto Security Firewall Engineer
DMI, Arlington, Virginia, United States, 22201
About DMIDMI is a leading global provider of digital services working at the intersection of public and private sectors. With broad capabilities across IT managed services, cybersecurity, cloud migration and application development, DMI provides on-site and remote support to clients within governments, healthcare, financial services, transportation, manufacturing, and other critical infrastructure sectors. DMI has grown to over 2,100+ employees globally and has been continually recognized as a Top Workplace in both regional and national categories.
About the OpportunityThe
Security Firewall Engineer – Level II
role requires extensive Palo Alto and network experience, along with extensive networking experience. A Network Security Engineer is responsible for providing architectural, technical, and problem resolution support for the FDIC network and security infrastructure that promotes a secure and scalable environment that align to the security requirements of our customer.
A Security Firewall Engineer also focuses on both the short-term and the long-term strategy, recommends technology solutions and improvements to the network and security related environments and is also responsible for delivering clear, concise, timely communications that promote confidence in our team’s ability to deliver operational excellence. They also perform Tier III “Build and Run” activities across multiple network related security environments, and review and recommends configuration changes, as needed.
The day-to-day responsibilities include the design, implementation, operations, trouble shooting, and resolution activities across multiple domains. They may be required to participate in system upgrades, deployments, and enhancements, while focusing on delivery objectives, critical issues, and policy adherence. All Network Security Team members periodically work after hours to support systems outage and critical infrastructure upgrades. This position may also require an on-site presence one, or more, days per week.
QualificationsEducation:
BS Degree in Computer Science or Engineering, or equivalent work experience (required)
Experience:
10+ years of relevant technical Security Engineering or Network Engineering/Security Engineering experience (required)
Certifications: Desire two, or more, of the following: CCNP, CCDP, CCSP, CISSP, OSCP, PCNSE, PCNSA, ITIL, or other related certs
Required Skills:
Extensive experience with Palo Alto Firewall appliances (3000/3200/5200/5400) and VM-500 cloud deployments
Extensive experience with Palo Alto Panorama 10.x or 11.x
Extensive experience with troubleshooting from keyboard to cloud and from hardware/driver to layer 7 application issues
Extensive experience with maintaining and improving Operational Security
Fundamental understanding of SMTP and SMTP related security mechanisms
Fundamental understanding of threat/anti-virus/anti-spyware/URL-filtering/decryption profiles and fine tuning for .GOV’s
Fundamental understanding of networking from physical to dynamic routing protocols
Extensive experience with decryption/TLS/Security Profiles/PKI and deep understanding of PCAPS
Extensive experience with application-based traffic and designing solutions for Firewalling (Internal/Perimeter/External)
Experience with hybrid cloud environments and end to end application delivery and support
Extensive experience supporting multiple Data Centers and geographically dispersed offices
Continuous learner with a focus on the latest network security related developments in the field
Desired
Skills and Abilities:
Vendor hardware and software support, such as Cisco, Juniper, Palo Alto, Trellix/FireEye, and others
Data Center, Network, Firewall, and Email quarantine systems and support
Analysis and forensic tools, along with effectively troubleshooting ingress/egress and zoned traffic
Azure Infrastructure and understanding Azure VNET’s, Routing and Firewalling
Operating within and Supporting a FIPS environment
Developing security policies that incorporate data from identity systems, endpoints, and external management systems
Whitelisting IP space for various project teams to access external vendors and to ensure safe and secure connectivity
Creating Zones and Policies for various network segments and troubleshooting connectivity across Security Zones
Work with internal applications teams, design, and implementation teams on application level security
Develop documents that describe design, security controls, and operational manuals
Develop and participate in internal/external testing of applicable applications to ensure that sufficient security in in place
Effective time management and organizational skills and ability to translate technical issues for business users
Work independently as well as in a team environment with effective interpersonal communication skills
Analytical, communications, and problem solving skills
Support InfoSec Standards and Best Practices
Thrives in a fast-paced environment and looks for ways to do things more effectively (Current Mode/Future Mode)
Location: Arlington, VA
Physical Requirements:
N/A
US Citizenship Required
#LI-JS3
Employees are valued for their talents and contributions. We all take pride in helping our customers achieve their goals, which in turn contributes to the overall success of the company. The company does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans, and to treat qualified individuals without discrimination based on their physical or mental disability or veteran status. DMI is an Equal Opportunity Employer Minority/Female/Veterans/Disability. DMI maintains a drug-free workplace.
***************** No Agencies Please *****************
Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. US citizenship may be required for some positions.
About the OpportunityThe
Security Firewall Engineer – Level II
role requires extensive Palo Alto and network experience, along with extensive networking experience. A Network Security Engineer is responsible for providing architectural, technical, and problem resolution support for the FDIC network and security infrastructure that promotes a secure and scalable environment that align to the security requirements of our customer.
A Security Firewall Engineer also focuses on both the short-term and the long-term strategy, recommends technology solutions and improvements to the network and security related environments and is also responsible for delivering clear, concise, timely communications that promote confidence in our team’s ability to deliver operational excellence. They also perform Tier III “Build and Run” activities across multiple network related security environments, and review and recommends configuration changes, as needed.
The day-to-day responsibilities include the design, implementation, operations, trouble shooting, and resolution activities across multiple domains. They may be required to participate in system upgrades, deployments, and enhancements, while focusing on delivery objectives, critical issues, and policy adherence. All Network Security Team members periodically work after hours to support systems outage and critical infrastructure upgrades. This position may also require an on-site presence one, or more, days per week.
QualificationsEducation:
BS Degree in Computer Science or Engineering, or equivalent work experience (required)
Experience:
10+ years of relevant technical Security Engineering or Network Engineering/Security Engineering experience (required)
Certifications: Desire two, or more, of the following: CCNP, CCDP, CCSP, CISSP, OSCP, PCNSE, PCNSA, ITIL, or other related certs
Required Skills:
Extensive experience with Palo Alto Firewall appliances (3000/3200/5200/5400) and VM-500 cloud deployments
Extensive experience with Palo Alto Panorama 10.x or 11.x
Extensive experience with troubleshooting from keyboard to cloud and from hardware/driver to layer 7 application issues
Extensive experience with maintaining and improving Operational Security
Fundamental understanding of SMTP and SMTP related security mechanisms
Fundamental understanding of threat/anti-virus/anti-spyware/URL-filtering/decryption profiles and fine tuning for .GOV’s
Fundamental understanding of networking from physical to dynamic routing protocols
Extensive experience with decryption/TLS/Security Profiles/PKI and deep understanding of PCAPS
Extensive experience with application-based traffic and designing solutions for Firewalling (Internal/Perimeter/External)
Experience with hybrid cloud environments and end to end application delivery and support
Extensive experience supporting multiple Data Centers and geographically dispersed offices
Continuous learner with a focus on the latest network security related developments in the field
Desired
Skills and Abilities:
Vendor hardware and software support, such as Cisco, Juniper, Palo Alto, Trellix/FireEye, and others
Data Center, Network, Firewall, and Email quarantine systems and support
Analysis and forensic tools, along with effectively troubleshooting ingress/egress and zoned traffic
Azure Infrastructure and understanding Azure VNET’s, Routing and Firewalling
Operating within and Supporting a FIPS environment
Developing security policies that incorporate data from identity systems, endpoints, and external management systems
Whitelisting IP space for various project teams to access external vendors and to ensure safe and secure connectivity
Creating Zones and Policies for various network segments and troubleshooting connectivity across Security Zones
Work with internal applications teams, design, and implementation teams on application level security
Develop documents that describe design, security controls, and operational manuals
Develop and participate in internal/external testing of applicable applications to ensure that sufficient security in in place
Effective time management and organizational skills and ability to translate technical issues for business users
Work independently as well as in a team environment with effective interpersonal communication skills
Analytical, communications, and problem solving skills
Support InfoSec Standards and Best Practices
Thrives in a fast-paced environment and looks for ways to do things more effectively (Current Mode/Future Mode)
Location: Arlington, VA
Physical Requirements:
N/A
US Citizenship Required
#LI-JS3
Employees are valued for their talents and contributions. We all take pride in helping our customers achieve their goals, which in turn contributes to the overall success of the company. The company does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans, and to treat qualified individuals without discrimination based on their physical or mental disability or veteran status. DMI is an Equal Opportunity Employer Minority/Female/Veterans/Disability. DMI maintains a drug-free workplace.
***************** No Agencies Please *****************
Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. US citizenship may be required for some positions.