Zero Day Network Defense Engineer

Description

Zero Day Network Defense Engineer Responsibilities

• Design and model network devices or functions to support a networked applications or services
• Identify malicious attachments and links in Enterprise Email Security Gateway (EEMSG)
• Provide assistance and FireEye subject matter expertise for the configuration and maintenance of the FireEye in support of Zero Day
• System administration duties for the sustainment of Zero-Day Network Defense
• Implementing and configuring of hardware or software devices and network functions to support new services and applications
• The sustainment of services, applications, network devices, network functions and hardware or software
• Create and maintain documentation and diagrams to ensure network system and service hygiene
• Responsible for all lifecycle components’ compliance with security controls, including, but not strictly limited to, providing confidentiality, integrity, and availability as well as government compliance with Security Technical Implementation Guidelines (STIG), Zero Trust and Defense in depth.
• Use Government owned data to perform and provide change request audits, develop metrics, and trend analysis to understand change implementation management workload, effectiveness, efficiency, and service target performance
• Maintain the current dashboard and implement necessary changes to report up to date metrics and analyses
• Build, implement, and document network enabled applications taking into consideration various factors such as but not limited to infrastructure requirements or limitations, security, and application performance needs and best practices
• Must have an understanding of data communication needs, gather requirements, and develop the best solution to meet the requirements of workloads following government policies and processes
• Maintain accurate configuration and documentation of complex network services

Requirements

• Must have an active SECRET or higher security clearance.
• 5+ years of relevant experience including in identifying malicious attachments and links in Enterprise Email Security Gateway (EEMSG) emails coming from the public internet to DoD users and enabling improved detection, analysis, and mitigation
• 5+ years of experience providing system administration duties for the sustainment of Zero-Day Network Defense
• 5+ years of experience providing assistance and FireEye subject matter expertise for the configuration and maintenance of the FireEye in support of Zero Day
• DoD 8570.01-M/8140.01 IAT Level II Certification (Security+, CySA+, etc.)
• Relevant secondary certification (i.e. Cisco, F5, Juniper, Palo Alto, Cloud, etc.)
• Excellent verbal and written communication skills

Preferred Skills

• IT bachelor’s degree or Vendor Network Certification (Professional or higher)
• CCNP, Fireye (Helix, Network Security and Forensics, Email/Endpoint Security)
• Strong and extensive knowledge of datacenter-based network methods, protocols and technologies to include:

o Switching [RSTP, VLAN, VXLAN, LLDP, VPC, LACP, LAG]

o TCP/IP, IPv4, IPv6, UDP, Layer 1 through Layer 7, IPSEC, HAIPE

o Firewalls [VPN, ACLs, Whitelisting]

o Load balancing [APM, ASM, LTM, GTM]

o SDN/ NFV/ IAC [ACI, Service Insertion, Ansible]

o Identity and Access Management with RBAC [AAA/RADIUS/TACACS/ LDAP]

o Network management and analysis (Performance Manager (PM), Juniper Space, Cisco ISE, Splunk]

o Structured cabling and installation standards

o Application of network security and design practices

o Cloud management [AWS/AZURE]

• Proficiency in FireEye configuration and maintenance
• Experience in providing system administration duties for the sustainment of Zero-Day Network Defense
• Ability to identify malicious attachments and links in Enterprise Email Security Gateway (EEMSG)
• Proficiency in use of government systems to track ops and management of systems and performance including but not limited to ITSM, GTMS, Hewlett Packard Operations Orchestration (HPOO), ServiceNow, Microsoft 365