Network Security Engineer

Our client is one of the world's leading financial services seeking an NETWORK SECURITY ENGINEER/INFORMATION SECURITY SPECIALIST to work within a network security assurance team to identify and review deficiencies in network rules, architecture, and application flows while providing solutions to found issues as necessary.

This is an oversight role of all Firewalls, tools, and network data sources to provide accurate and detailed threat landscape in internal and external networks. Ability to take the initiative in both a team environment and as an individual is a must.

As a member of Information Security Division, you will provide technical global support of network security with input into requirements and good observation skills to identify gaps for correction. Coordinate with other departments and teams to evolve Global Information Security alignment with company goals and objectives. Support automation and enhancements around existing GIS tools and processes ensuring innovation and advancement in the area of Security Oversight. Responsible for maintaining a secure network posture through review of Firewall rule validation tools, network policies, and as appropriate, enhanced processes for department, division and corporate-wide information security controls, procedures and requirements.

RESPONSIBILITIES

- Design, develop or recommend security solutions and processes to protect proprietary/confidential data and systems through validation and enforcement of proper network controls.
- Assist with compliance objectives; provide guidance and direction for the logical protection of information systems assets to other functional units.
- Prepare reports regarding effectiveness of information security adherence and make recommendations for the adoption of new policies and procedures.
- Validate placement of IDS/IPS and other non-Firewall network controls as needed. Perform small and large environment top down reviews of potential access violations and network device configuration issues affecting security posture.
- Evaluate automated testing tools for deficiencies and policy issues.
- Evaluate information sources for accuracy.
- Work with multiple teams to address gaps found.
- Review results of Network and Application Ethical Hacks in order to determine if remediation and mitigation can be performed on network access control level.
- Conduct new requested rule reviews and reviews of all existing deployed Firewall rules. Identify larger risks from trends across multiple reviews.
- Perform all-manual reviews of small networks from Firewall controls to network segmentation/zoning
- Identify areas where additional rules can help offset potential security issues.
- Provide accurate and timely reporting of findings and proposed remediation and mitigations.
- Provide technical support to Business Leader/Chief Specialist in identifying and streamlining new/existing processes and tools in the area of Network Security Assurance.
- Technical support could include, but not limited to the following: (1) Audit support & remediation, (2) Process Improvement, (3) Analysiswrite and speak effectively with impact
- Experience of project planning/reporting and management concepts, methodologies, tools, standards and procedures
- Experience working on large scale cloud based services (including SaaS, PaaS, IaaS)
- Experience with enterprise level networks
- Experience working with large scale Cisco (Cisco Routers and Cisco Unified Computing System experience required) or Checkpoint based networks in a role of a systems engineer
- Good understanding of Ethernet, switched LAN and WAN environment and detailed understanding of layer 3 and layer 4 specifications, including IP, TCP, TCP/IP routing protocols and management of ACLs; IPv6 is major plus
- Knowledge of logical/physical access control methods, connections alternatives using private, public and wireless solutions, IDS/IPS proper placement and review, and basic Scripting/automation as required
- Working knowledge/experience of at least one of the following products: AlgoSec's Firewall Analyzer, RedSeal's Network Advisor and Vulnerability Advisor, Secure Passage's FireMon, Skybox's View Assure and View Secure and/or Tufin's SecureTrack
- Working knowledge of common ports and protocols
- Ability to develop or recommend network security measures, such as Firewalls, network security audits, or automated security probes
- Complete mastery of at least one network technology domain and solid working knowledge of at least common Firewall rule types and formats
- Exposure to and understanding of the business and its integration with technology domains
- May be involved in design phases (security architecture input to the security architecture team) of projects
- May have professional certifications or affiliations
- Assignments require time management and organizational skills
- Ability to work at an intermediate level when executing and improving work processes to ensure achievement of business goals.
- Position is subject to same controls of employees: laptop hard drive encryption, virus scanning, analysis of outbound communications, periodic background checks
- Required to operate within guidelines provided within current HR and Finance policies and procedures and Corporate Key Controls
- Periodic functional and process related audits of individual activities
- Startup environment background preferred; experience working in multiple disciplines also preferred

Duration of assignment: 12 months with possible extension and/or conversion.