SCOPE OF SERVICES:
Required to support the Information Security Infrastructure Program. Professional services through ITCS is tasked with following: Advise on technology infrastructure design and architecture model; generate conceptual, logical, and physical network architectures, test plans, simulate security policies and validate the policies prior to implementation, update security policies as specified by applications, configure and implement interface control to ensure the design and delivery over CityNet WAN as well as inside DMZ architectures that conforms to application and user requirements; substantiate network connectivity for all network elements; validate end-to-end connectivity with users in direct connections, ISP-agency connections, extranets, VPN connections, application specific connections, general purpose remote access, client server connection and government extranet connections; work on assisting ISE implementation by validating, configuring and implementing RADIUS/TACAS for all CityNet internetworking assets as well as testing in-band and out of band access to the assets; provide network expertise in successful migration of business critical DDI.
• At least 12 years of Information Security Firewall Architecture experience
• Hands on experience with Juniper, Cisco, and Check Point, Palo Alto firewalls
• Proven ability to maintain firewalls and stay updated on any released security vulnerabilities and how they affect network
• Perform on-going optimization of the network security devices to ensure adequate capacity, availability and scalability
• Participate in the Change Management process to include; creating new change request, reviewing submitted change forms, verify submitted change request information is complete, stage, and/or implement changes to security devices and update design documentation as required.
• Preferred Cisco Certifications and/or Palo Alto Certifications
• Expertise in modifying firewall rule sets, troubleshooting issues by studying network traffic flows, lock down an application, troubleshooting firewall problems in a service provider environment under short time constraints involving complex network application flows between multiple hosts spanning multiple firewalls and different geographic locations
• Extensive hands on troubleshooting with firewalls, routers, and switches
• In-depth knowledge of Layer 4-7 app aware firewalls
• Palo Alto Networks (AV, Threat Protection, URL Blocking, and Global Protect), Cisco routers and switches (ISR, Catalyst – 4500, 2960), Aruba (Airwave and Instant AP), Cisco Wireless, Extreme Wireless, and Extreme EXOS switch experience is essential