Senior Network Security Engineer

CCDS is searching for a skilled Senior Network Security Engineer to join our dynamic cybersecurity team. In this crucial role, you will be instrumental in safeguarding our network systems by designing and implementing advanced security protocols. Your expertise will help us identify vulnerabilities, conduct thorough risk assessments, and develop strategies to maintain a secure networking environment. As a leader in this area, you will also mentor junior engineers and collaborate with cross-functional teams to ensure proactive security measures are in place.

Role Summary

Own the design, administration, and monitoring of perimeter and application security controls: next-gen firewalls, web application firewalls, email security (spam gateway & cloud app security), and secure remote access (SMA/VPN). You’ll implement changes, run periodic reviews, investigate incidents, and deliver compliance-grade reporting on the agreed schedule.

Key Responsibilities:

1) Network Firewalls

Administration

• Install and commission new firewalls as required (HA, routing/NAT, policies, logging).
• Apply and verify vendor patches/updates as released; plan maintenance windows and rollback.
• Optimize rulesets (least-privilege, object hygiene, app-ID/URL/IPS profiles).

Monitoring

• Conduct quarterly configuration reviews (policy hygiene, unused/overly broad rules, profiles, logging, HA health).
• Maintain dashboards/alerts; track capacity and performance.
• Produce quarterly reports covering changes, incidents, KPIs, and remediation status.

2) Web Application Firewall (WAF)

Administration

• Configure WAF policies and virtual services as needed (positive security model, signatures, bot/DoS, TLS, headers).
• Lead investigations for application-layer events and false-positive tuning.

Monitoring

• Perform quarterly configuration reviews (policy coverage, signature currency, bypasses/exclusions).
• Deliver monthly, quarterly, and annual reports (threat trends, blocked attacks, tuning actions, availability).

3) Email Security

Spam Gateway

• Monitoring: health, queues, block/allow lists, DMARC/DKIM/SPF alignment; respond to user submissions.
• Administration: configure policies, DLP/ATP/URL rewrite as needed; maintain routing and certificates.
• Quarterly configuration review and quarterly reporting (volumes, catch rate, false positives, major changes).

Cloud Application Security (CAS)

• Monitoring: app discovery, risky OAuth grants, data sharing, malware/links, user behavior anomalies.
• Administration: configure policies/integrations as needed; enforce conditional access and session controls.
• Quarterly configuration review, as-needed investigations, and monthly reporting (events, policy hits, actions taken).

4) Secure Remote Access – SMA/VPN

Monitoring

• Quarterly access-policy review (groups, posture, MFA, split-tunnel, portal entitlements).
• Quarterly VPN user review (joiners/leavers, stale accounts, privilege right-sizing).
• Quarterly reporting (usage, auth failures, anomalies, capacity, changes).

Requirements

Required Qualifications

• 4–7+ years in network/security engineering or equivalent impact.
• Hands-on with at least one major vendor in each domain:
• • Firewalls: Palo Alto / Fortinet / Check Point / Cisco
  • WAF/ADC: F5 / Citrix / Cloud WAF (e.g., Cloudflare/Akamai/AWS WAF)
  • Email Security: Proofpoint / Mimecast / Microsoft Defender for Office 365
  • SMA/VPN: GlobalProtect / AnyConnect / FortiClient / Pulse/SonicWall SMA
• Strong TCP/IP, TLS, DNS, SMTP, HTTP/S, and identity/MFA fundamentals.
• Proficient with packet capture and log analysis; able to produce clear reports.

Certifications

Certifications: PCNSE, NSE 4–7, CCNP Security, F5, MS-500, ZCCP (or equivalent).

Benefits

• Medical Insurance
• Paid Time Off
• Working Remotely
• Training & Development
• Performance Bonus