Illumio Network Security Engineer

Vaco is currently seeking an Illumio Network Security Engineer for a 6M Contract opportunity that is remote. The Illumino Network Security Engineer will support a key client in a large-scale migration from OnPrem VMware to Google Cloud VMware Engine (GCVE). The Illumio Network Security Engineer is directly involved in client-facing and must possess a strong, hands-on doer mentality while simultaneously owning the design, implementation, and operations across data center and GCP cloud environments.

• Network Security Transformation - Migrating from Traditional Firewalls to Illumio Host-Based Micro-Segmentation
• Load Balancer Modernization - Transitioning From NetScaler / Citrix ADC to F5 for Application Delivery
• Cloud Firewall Operations - Supporting Palo Alto Networks Firewalls Deployed within GCP Environments
• Network / Security Architecture - Leading Design / Implementation / Optimization of Enterprise Network / Security Architecture Across OnPrem / GCP Environments
• Micro-Segmentation / Policy Management - Owning Full Lifecycle of Illumio Policy Creation / Maintenance (Allow/Deny Rules / Segmentation Strategy / Testing / Change Management)
• Firewall Engineering - Engineering / Deploying / Supporting Palo Alto Networks Firewalls / Panorama (Security Policy / NAT / VPN / Content Security Services)
• Load Balancing / ADC - Designing / Operating / Troubleshooting F5/NetScaler / Citrix ADC Solutions for Application Delivery
• Cloud Migration / Transformation - Supporting Lift-and-Shift Migration from OnPrem VMware to GCVE (Firewall / Load Balancer Transitions, etc.)
• Network Troubleshooting - Diagnosing Complex L2-L7 Issues | Packet Captures / Logs / Flow Data Across Network / Firewall / Application Layers
• Monitoring / Incident Prevention - Proactively Monitoring Network / Security Platforms to Identify Risks / Performance Issues / Drive Remediation
• Automation / Scripting - Developing Scripts / Tooling to Automate Tasks / Validate Configurations / Remediate Network Issues
• Infrastructure as Code - Contributing to IaC / Automation Efforts Using Terraform and Related Tooling
• Cross-Functional Collaboration - Partnering with Security / Cloud / Application Teams to Translate Requirements into Resilient Network Designs
• Documentation / Knowledge Sharing - Creating / Maintaining Technical Documentation / Runbooks / Architecture Diagrams, Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.
• California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
• Virginia residents may access our state specific policies here.
• Residents of all other states may access our policies here.
• Canadian residents may access our policies in English here and in French here.
• Residents of countries governed by GDPR may access our policies here.

• Illumio / Micro-Segmentation - Designing / Implementing Allow/Deny Policies / Micro-Segmentation Strategies / Associated Workflows
• Network Engineering (fundamentals) - Applying Strong Enterprise Routing / Switching Knowledge (BGP / OSPF / VLANs / VRFs / High Availability / QoS)
• Firewall / Security Platforms (deep experience) - Leveraging Palo Alto Firewalls / Panorama in Enterprise Environments
• Load Balancing / ADC - Utilizing F5 / NetScaler / Citrix ADC for L4-L7 Load Balancing / Application Delivery
• Troubleshooting / Problem Solving - Diagnosing Ambiguous / Cross-Domain Issues / Strong Critical Thinking Under Pressure
• Automation / Scripting - Building Repeatable Workflows using Python / PowerShell / Bash and Network / Security APIs
• Infrastructure as Code - Managing Network / Security Infrastructure using Terraform Across OnPrem / GCP
• Network Automation (applying concepts) - Templating / Idempotency / Configuration Validation / Automated Testing
• GCP Networking - Designing / Supporting GCP Networking (VPCs / Subnets / Firewalls / Cloud Router / VPN / Interconnect / Load Balancers / Hybrid Connectivity)
• Communication - Effectively Communicating Technical Designs / Tradeoffs / Troubleshooting Findings Clearly to Technical / Non-Technical Stakeholders

PREFERRED (not required)

• Certifications - PCNSE / CCNP / CCIE / F5 / GCP Professional Network Engineer, etc.
• Public Cloud / Modern Networking - Additional Public Clouds / SD-WAN / Zero Trust Network Architectures