Senior Network Security Engineer

Technuf, LLC
Rockville, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Rockville, United States of America

Tech stack

Microsoft Windows
Amazon Web Services (AWS)
Application Firewall
User Authentication
Azure
Backup Devices
Border Gateway Protocol
Cisco PIX
Cloud Computing
CompTIA Security+
System Configuration
Dynamic Host Configuration Protocol
Network Address Translation
DNS
Multi-Factor Authentication
Monitoring of Systems
Intrusion Detection and Prevention
Virtual Private Networks (VPN)
Network Security
Log Analysis
Network Architecture
Network Diagnostics
Routing
Packet Analyzer
Remote Access Technology
Zero Trust Network Access
RSA (Cryptosystem)
Runbook
Web Application Security
Server Administration
Security Information and Event Management
TCP/IP
Software Vulnerability Management
Wide Area Networks
Data Logging
Transport Layer Security
Identity Services Engine
System Availability
HybridCloud
Firewalls (Computer Science)
Web Filtering
Cisco Firewalls
Palo Alto Networks
Cloudflare
RSA SecurID
Firepower
Network Server
Cisco networks
Plan of Action and Milestones

Job description

  • Firewall operations: hands-on Cisco and Palo Alto firewall administration, rule changes, NAT, troubleshooting, policy cleanup, upgrades, backups, logging, and production support.
  • VPN / remote access: support for remote-access VPN, site-to-site VPN, user connectivity issues, certificates, authentication flows, and after-hours troubleshooting.
  • RSA / MFA administration: RSA SecurID or equivalent MFA operations, token support, server administration, user troubleshooting, VPN integration, certificates, patching, backups, logs, and monitoring.
  • Day-to-day operations: ticket resolution, monitoring alerts, health checks, change requests, incident support, maintenance windows, operational reporting, and customer support.
  • Configuration and administration: installing, configuring, maintaining, patching, upgrading, backing up, validating, and troubleshooting assigned security platforms.
  • Production troubleshooting: strong TCP/IP, DNS, routing, firewall logs, packet captures, VPN authentication, certificate, and connectivity troubleshooting.
  • Documentation and process discipline: SOPs, runbooks, diagrams, change records, rollback plans, evidence collection, knowledge transfer, and formal change management.
  • Federal/customer environment maturity: Public Trust eligibility, regulated-environment documentation, customer support, cross-team coordination, and comfort working with government stakeholders.

The best candidate can credibly say: "I have operated enterprise Cisco and Palo Alto firewalls in production, handled firewall rule changes and troubleshooting, supported VPN users and site-to-site tunnels, administered or supported RSA/MFA tied to VPN access, followed formal change-management processes, maintained documentation and backups, and can step into daily operational support with minimal ramp-up."

· Scope and Role Boundaries

· Primary platforms include Cisco ASA/Firepower/FTD/FMC, Palo Alto NGFW/Panorama/GlobalProtect, remote-access and site-to-site VPN, RSA SecurID Authentication Manager or comparable MFA, monitoring/logging/SIEM integrations, and related network security controls.

· Coordinate with SOC/NOC, cloud, identity/directory, wireless/LAN, server, endpoint, system owner, application, governance, and vendor teams during changes, incidents, troubleshooting, compliance, and audit support.

· Cloudflare, Cisco ISE/NAC, secure web/email gateways, packet visibility tools, SD-WAN/SASE/ZTNA, AWS/Azure security, and F5/application-delivery awareness are useful where they intersect with assigned operational support, but the core need is firewall, VPN, RSA/MFA, and production operations.

· Key Responsibilities

· Provide daily, weekly, monthly, and annual operational support for assigned security systems, including tickets, alerts, health checks, email/phone support, metrics, status reporting, and operational validation.

· Administer and troubleshoot enterprise firewalls, including rule bases, NAT, segmentation, high availability, threat prevention, VPN integration, logging, secure baselines, rule reviews, recertification, cleanup, and decommissioning.

· Install, configure, maintain, patch, upgrade, back up, and validate firewall, VPN, MFA, and related network security systems in production environments.

· Support remote-access VPN, site-to-site VPN, partner connectivity, cloud connectivity, mobile/remote users, certificates, authentication policies, availability, utilization, and user access issues.

· Maintain and troubleshoot RSA SecurID Authentication Manager or equivalent MFA services, including servers/appliances, agents, certificates, HA, backups, logs, monitoring, directory integration, VPN authentication, and token lifecycle support.

· Respond to incidents, vulnerability notices, urgent requests, vendor advisories, PSIRT notices, system alerts, and emergency troubleshooting while minimizing service disruption.

· Use firewall logs, VPN logs, packet captures, SIEM data, monitoring tools, DNS/routing checks, and standard diagnostics to resolve complex connectivity, authentication, TLS/certificate, and application-flow issues.

· Create and maintain topology diagrams, equipment inventories, configurations, SOPs, runbooks, implementation plans, rollback plans, build/upgrade procedures, troubleshooting notes, and knowledge articles.

· Follow approved change, release, incident, problem, and configuration-management processes; prepare change records, peer-review materials, validation evidence, root-cause analysis, metrics, and audit artifacts.

· Support vulnerability remediation, POA&M tracking, continuous monitoring, compliance reviews, audit evidence collection, and coordination with ISSO, system owner, and security governance teams., * Enterprise firewall engineering and policy lifecycle management

  • VPN, remote access, RSA/MFA, and token lifecycle operations
  • Cloudflare, edge security, secure access, and Zero Trust support
  • Content filtering, secure web/email gateway, and NAC operations
  • Hybrid-cloud network security and secure connectivity
  • Monitoring, logging, SIEM integration, and incident response support
  • Security visibility, packet analysis, and advanced troubleshooting
  • Vulnerability remediation, compliance evidence, and POA&M support
  • Change management, documentation, reporting, and operational metrics
  • Technical leadership, customer support, and cross-team collaboration

Requirements

  • 7+ years of experience in network security engineering, network infrastructure, cybersecurity infrastructure, or a closely related role.
  • 5+ years of hands-on experience administering, maintaining, and troubleshooting enterprise firewall platforms in production environments.
  • Hands-on experience with Cisco security technologies such as Cisco ASA, Firepower, FTD, FMC, AnyConnect/Secure Client, or equivalent Cisco firewall/VPN platforms.
  • Hands-on experience with Palo Alto Networks technologies such as NGFW, Panorama, GlobalProtect, security profiles, App-ID/User-ID, logging, and policy optimization.
  • Experience administering or supporting RSA SecurID Authentication Manager or comparable enterprise MFA/two-factor authentication platforms, including token support, server operations, patching/upgrades, backups, certificates, monitoring, and directory/VPN integration.
  • Strong knowledge of firewall policy, NAT, VPNs, routing, DNS, DHCP, BGP, TLS/certificates, packet captures, log analysis, segmentation, high availability, and common network diagnostic tools.
  • Experience with enterprise monitoring, logging, SIEM, alerting, vulnerability management, incident response, formal change management, and regulated-environment documentation.
  • Ability to create clear technical documentation, support customers and stakeholders, prioritize operational work, communicate clearly, and coordinate across technical teams.
  • Ability to obtain and maintain a Public Trust background investigation.

Desired Certifications

  • Relevant certifications are helpful but should not replace demonstrated hands-on experience. Examples include CCNP Security, CCIE Security, PCNSE, PCCSE, CISSP, CCSP, AWS Certified Security - Specialty, AWS Advanced Networking - Specialty, Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Azure Network Engineer Associate, CompTIA Security+, CompTIA CySA+, GIAC certifications, or equivalent vendor/cloud certifications., Bachelor's degree from an accredited college or university.

Benefits & conditions

Pulled from the full job description

  • 401(k)
  • Health insurance
  • Paid time off
  • Vision insurance
  • Dental insurance
  • Life insurance, * 401(k)
  • Dental insurance
  • Health insurance
  • Life insurance
  • Paid time off
  • Vision insurance

About the company

Technuf, LLC is a Maryland based SBA certified 8(a) small business company providing leading-edge and proven technologies, industry vertical domain expertise and highly skilled and motivated professionals to achieve our customers' mission critical business needs.

Apply for this position