Firewall Engineer

Job Description

We are currently seeking a Firewall Engineer to join the Infrastructure Team within the Global Technology Services (GTS) group at RTI International. RTI International is an independent, nonprofit research institute dedicated to improving the human condition headquartered in Research Triangle Park, North Carolina. This role will report directly to the Manager of the Infrastructure Team. As a Firewall Engineer, you'll be responsible for the configuration, deployment, and management of RTI International's firewall solutions in a 24 x 7 x 365 environment. Additionally, you'll be responsible for monitoring, configuration changes, accounts, and software updates within the environment. This position is based in Durham, NC (RTP) and is for a day shift position. Responsibilities:

• Act as a subject matter expert for RTI International’s next generation firewall solution.
• Maintain overall firewall engineering, operations and overall documentation of the current and future environment.
• Be involved in the evaluation of products and/or procedures to enhance productivity and effectiveness.
• Provide direct support to the business and other GTS Staff for systems security related issues.
• Discuss business issues with stakeholders, gather and analyze business requirements, develop high-level technical specifications, participate in vendor discussions and obtain equipment quotes for budget development.
• Document evaluations and recommendations including pros/cons and pricing; review evaluations with stakeholders, peers and/or management.
• Translate high-level technical specifications into specific product/service details including project deliverables and fixed and recurring costs.
• Research products, perform reference checks, coordinate and conduct site visits and demonstrations, and respond to questions from vendors prior to proposal submittal.
• Choose products that best meets business needs based on selection criteria and leveraging extensive knowledge of available products.
• Recommend a solution with justification to stakeholders, peers and/or management.
• Install hardware and/or software in accordance with manufacturer’s recommendations, along with configuring equipment based on technical specifications.
• Implement solutions into the production environment after appropriate testing; approval and documentation of the as-built configuration. Handoff to production support when applicable at go live in accordance with Policies and SOPs.
• Conduct routine quality assurance testing to validate the installed configuration and operation against detailed, technical specifications.
• Develop test plans, document test results, and refine the configuration as needed.
• Document any system changes as well as baseline performance for comparison against future trends.
• Troubleshoot, escalate and resolve problems in response to alerts from monitoring tools and/or trouble reports from other GTS Staff.
• Perform meaningful tests on the solution to confirm problem resolution and ensure the absence of unintended side effects.
• Creation of technically detailed reports on firewall block lists, device status, change management, hardware/software upgrades, and other areas.
• Analyze and evaluate anomalous network and system activity.
• Assist in troubleshooting and problem solving a wide variety of client issues.
• Quickly understand and triage security issues, working alone or with other teams to resolve client issues in a live environment.

Required Education and Experience:

• Bachelor-level degree in information technology, computer science, or equivalent professional experience and/or qualifications plus six (6) years of relevant professional experience or the equivalent combination of education and experience.
• Minimum of six (6) years of experience with managing enterprise firewall solutions.
• Strong industry experience with TCP/UDP protocols, VPNs, TCP/IP networking including addressing, subnetting, routing, NAT, protocols, DNS, DHCP, and troubleshooting, with ability to understand and interpret packet level traffic and protocol handshakes.
• Strong industry experience with Juniper SRX hardware platform; SRX clustering and Junos Space Security Director management platform.
• Strong industry experience with Palo Alto; PA clustering and Panorama management platform strongly preferred.
• Strong industry experience with IDS/ IPS, SIEM with the familiarity of threat management and threat intelligence feeds, and next generation features with firewall technologies.

Required Knowledge, Skills and Abilities:

• Ability to quickly understand and triage security issues, working alone or with other teams to resolve client issues in a live environment.
• Superior interpersonal, collaboration, customer service and decision-making skills, with ability to manage multiple simultaneous projects and priorities in a fast-paced environment while demonstrating accountability.
• Highly organized, with strong attention to detail and troubleshooting skills and the ability to quickly adapt to change.
• Self-directed and motivated, with a proven track record showing the ability to work independently, as well as collaboratively in a team environment.
• Strong organizational, time management and project management skills.
• Ability to demonstrate analytical end to end troubleshooting and problem-solving skills.
• Ability to demonstrate the initiative to re-assess and leverage new or existing functionality of technologies.
• Excellent oral and written communication skills.

Preferred Knowledge, Skills and Experience:

• Knowledge of SANS and NIST 800-53 critical security controls, with a focus on network devices.
• Network+, Security+ and any firewall vendor certifications a plus.
• Knowledge and/or experience with Azure with firewall implementation and managing, along with a good understanding of Azure networking/security a plus.
• Knowledge of Firemon and Solarwinds management platforms a plus.
• Experience with change control policy and procedures a plus.
• Knowledge of Windows Server, VMWare and Linux platforms.
• Knowledge of RADIUS, 2-Factor, TACACS, Cisco ISE and Pulse Secure SSL/VPN a plus.
• Knowledge of Windows Active Directory and LDAP directory services.

#LI-EP1