Travel Required? No
Citizenship: Must be U.S. Citizen
Clearance Required: Secret
Education: HS Diploma or GED
Certifications Required: Must meet DoD 8570 Baseline Certifications IAT Level II (CCNA Security, or CySA+ or GICSP or GSEC or Security+ CE or SSCP)
Looking for an experienced and knowledgeable Enterprise Network Engineer to analyze the existing Computer Network Defense (CND) infrastructure and design and strategically plan for moving forward to a more efficient, cost effective and secure next generation CND Environment. The Enterprise Network Engineer will be responsible for full lifecycle management of CND solutions and enterprise security posturing for the Coast Guard to include but not limited to Intrusion Detection and Prevention (IDPS), Data loss Prevention (DLP) Firewall, and Log management/reporting solutions.
Responsibilities include, but are not limited to:
The ideal candidate is very detail oriented with strong technical knowledge, superior writing skills, and excellent customer relationship management skills. He or she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage of the project life cycle. As a result, a strong understanding of standards and requirements outlined by Department of Defense (DoD) Security Technical implementation Guidelines (STIG) is highly desirable.
The Enterprise Network Engineer will be actively engaged in identifying unique system characteristics; interviewing key organizational personnel (technical, administrative, and executive); working with business systems to compose requisite documentation (security categorizations, risk assessments, contingency planning, etc.); and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. The Enterprise Network Engineer will provide ongoing gap analysis of current CND products, designs, policies, practices, and
procedures as they relate to established guidelines outlined by DoD STIG, work face-to-face with multiple stakeholders through interviewing, planning, or participating in a team effort to bring multiple projects to fruition; conduct in-depth technical reviews of new technologies.
STONGLY DESIRED Knowledge, Skills and Abilities:
● Minimum of 3 years of enterprise of network CND engineer, or DoD IT security services or DoD Joint Regional Security Stack (JRSS) experience
● Strong system administration skill set with an understanding of lifecycle management.
● Practical experience supporting Cisco Firepower/ ASA / TippingPoint.
● Practical experience supporting Data Loss Prevention systems; Symantec or Fidelis.
● Practical experience supporting RSA two-factor authentication.
● Practical experience supporting AAA services (ISE, Radius, TACACS+).
● Practical experience supporting system log management solutions like ArcSight and ArcSight logger.
● Experience with deploying solutions in an enterprise environment.
● Knowledge of network operations and security best practices preferred.
● Basic understanding of Public Key Infrastructure (PKI).
● Must have excellent verbal, written and organization skills.
● Ability to work with minimal supervision, set priorities, and give attention to detail and quality, flexible, strong organizational and time management skills, ability to multi-task, ability to work individually and with a team, positive attitude, self-motivated, reliable, trustworthy, strong interpersonal skills, diplomacy, and ability to handle stress in professional manner.
● Excellent interpersonal skills, and effective in interfacing with internal and external customers fostering collaboration and establishing strong partnerships and relationships.
DESIRED Knowledge, Skills and Abilities:
● Experience with Cisco, Palo Alto, and Fortigate firewalls
● Experience with monitoring solutions such as SolarWinds; Netcool, Infovista.
● Network and Application forensics using tools like Riverbed, Solera, NIKSUN, and WireShark.
● Knowledge of DoD Joint Regional Security Stack (JRSS) is a major plus
● Experience with performing and analyzing vulnerability scans
● Knowledge of various operating systems and hardware (Linux, Windows,).
● Desired Certifications: ITILv3, technical certification on Cisco Fire Power or ArcSight.