Network Security Engineer
New York, NY 10017 US
We are hiring for a long term Network Security Engineer consultancy.
In a very hands-on capacity you will responsible for the engineering, support and administration of several core network security tools... interesting projects, very professional and high-end environment working at a firm in midtown Manhattan.
Information Assurance tasks:
- Manage firewall policy and configuration review processes.
- Manage vulnerability management program.
- Manage threat hunting program using Carbon Black Response to track and contain suspicious activity on the network.
- Oversee external penetration testing and perform internal tests.
- Manage incident response program, incident playbooks and various procedures and workflow for incident and crisis management.
- Deliver executive reports on security posture and emerging industry threats to senior management.
- Work with team on day-to-day incident response tasks.
- Client VPN and Multi-Factor Authentication, and IP space administration
- Manage different perimeter security solutions consisting of Palo-Alto and Cisco Nexgen firewalls.
- Performed policy modification of file integrity solution Carbon Black Protect (Bit9).
- Maintain and improve monitoring solution – LogRhythm SIEM; implemented new AI Engine rules and tune existing ones.
- Support identity access management solutions – Cisco ACS, ISE.
- Work as an escalation point for tier 1 and 2 SOC.
- Respond to internal and external audits.
- Review compliance for various government regulations (FFIEC, SWIFT CSP, OCC,…).
- Participated in internal investigations and preparation of executive summaries for management.
- 3+ years of work experience supporting enterprise security solutions including experience with next generation firewalls such as Palo Alto and Cisco FireSIGHT/FirePOWER
- Must have in-depth knowledge of network security best practices and various tools (Cisco VPN, Palo Alto VPN, Cisco ACS, Cisco ISE, NGFW, Solarwinds, IP Management tools, WireShark,...).
- Palo Alto Minemeld, Demisto, Snort, Security Onion, Tenable, Nessus, Cuckoo, LogRhythm, Carbon Black/Bit9
- Strong understanding of routing protocols (OSPF, BGP, EIGRP,...).
- Ability to create accurate system diagrams and documentation for design and planning network security systems.
- Knowledge of application transport and network infrastructure protocols.
- Scripting, penetration testing, and vulnerability management tools is preferred but is not required.
- CCNP Security and/or CISSP preferred
- Completed Bachelor’s degree with Computer Science or related (math, engineering,...) course of study