Leidos is looking to improve and advance our organization. Our program is focused on the delivery of data center services to our CMS customers and is structured around both current and legacy platforms in a consumption-based services model. We are looking to add skilled, energetic leaders and technologist who believe in cross functional teams, exhibit broad-based skills, maintain a customer-focused mindset, and have a willingness to step out of their work stream to get the job done.
With a "no downtime, zero outages" vision and mantra, we support a range of data center needs ranging from self-service to managed services, all of which are based on our customer's required level of support. Our organization is comprised of teams supporting PMO, Security, Quality, Intake, Service Delivery, Engineering, and Service Operations. With these teams access resources from our functional teams supporting Network, Security, Firewall, z/OS and z/VM operations, Unix Operations, Change Management, Monitoring, Capacity Management, x86 Operations, Storage Operations and Cloud Management. Part of everyone's responsibility is to help drive the new consumption-based services oriented model.
Now to you - your mission, if you choose to accept it as a Firewall Engineer, will require you to coordinate closely with senior leadership to help establish clear objectives and effectively communicate program needs, management program logs, interact with contract management, and establish effective, bi-directional, collaborative communication within our Program Team. Ultimately, these activities will be extended in communication to the customer. You will interact daily with technical resource which are fulfilling technical requirements for the customer. Your goal will be to work with all stakeholders to help Leidos ensure delivery of high-quality, robust and scalable solutions with minimal business impact.
The current work environment is on-site at Leidos in Winsor Mill / Woodlawn, Maryland with potential for on-site work at CMS (in the same location). Telecommute opportunities are currently being evaluated and may become available based upon teams supported, work hours, and work performance.
The successful candidate will work directly with leadership and project management to deliver solutions for our CMS business partners. This individual will be responsible for the design, implementation and maintenance of security standards/policies/procedures. Participate in security zone architecture and on-going design changes to ensure adequate security protections while enabling business value and outcomes. Implement designed solutions including device configurations while following a change management process. The candidate must be a self-starter, disciplined worker and have a professional reputation for integrity. Ability to adhere to the highest standards of ethics and professional conduct is a must.
- Management of core firewalls in a highly available configuration
- Responsible for performing all project related activities related to firewall, VPN and proxy technologies
- Maintain traditional and Next Generation firewalls to include Palo Alto and Cisco Firepower
- Responsible for creating and managing VPN tunnels as required by the customer
- Ensure that all Firewalls and Proxies are upgraded and replaced according to manufacturer's end of life announcements
- Participate in technical review board and customer presentations as needed
- Troubleshoot high level technical issues and implement fixes following the prescribed change management processes
- Responsible for creating architectural diagrams as well as process and procedure documents
- Perform technical reviews of all Firewall Operation's changes
- Configure, upgrade and maintain firewall devices to the latest approved releases
- Perform regular asset inventory to ensure all devices are properly tracked and managed
- Collaborate with solution architects develop infrastructure solutions to meet the business requirements
- Provide knowledge transfer and mentoring of the less experienced team members
- Participate in an on-call rotation
- BS or Master's degree preferred however, additional experience may be substituted in lieu of degree
- At least 8 years of experience in Information Technology
- At least 5 years of experience of managing firewalls, Palo Alto or Cisco ASA preferred
- At least 5 years of experience of managing VPN tunnels
- Hands-on experience managing Palo Alto and Cisco Firepower NGFW features
- Working knowledge of Palo Alto Panorama for centralized configuration management
- Must have the ability to analyze information from multiple sources and apply it to the operational environment in developing and maintaining the security posture of the network
- Experience with IPSEC, VPN, and SSL
- Must have the ability to work independently on multiple tasks
- Must have an in-depth understanding of computer/network security concepts, VPNs, proxies, and networking.
- Experience designing, deploying, and maintaining boundary security solutions and exposure to enterprise network architecture.
- Experience analyzing network traffic, using a variety of network tools to assess security-related events to assist in rapid identification and isolation of issues during incidents and outages.
- Strong troubleshooting skills specific to network security and ability to effectively work in cross functional teams as needed to resolve issues
- Experience configuring/administrating various firewall technologies including: Palo Alto, Firepower, Fortinet.
- Strong communication skills (both written and verbal), customer service and teaming skills and strong attention to detail.
- Experience creating architectural diagrams and process and procedure documents is a must
- Industry Security Certifications desired (PCNSE, CSIAC, CCNP, GSEC, GCIA, GCFW, or other security certifications)
- Experience Managing Symantec Bluecoat desired
- Experience managing PIX, Juniper, Fortinet, XML Gateway and Checkpoint a plus
All candidates supporting the CMS programs must have lived in the United States at least three (3) out of the last five (5) years prior in order to be considered.