Infrastructure Senior Engineer - Network

About The Position

Requirements

• Degree in technical (STEM) field and four years’ experience in technical role preferred, or equivalent combination of education and experience
• Expertise in firewall technologies and network security
• Strong understanding of network protocols including TCP/IP, UDP, MPLS, BGP, OSPF, and TLS
• Experience with design and implementation of security through IP subnets and routing
• Experience as an SME with in multiple key technologies/platforms within the network technology domain with a solid understanding of system security implications
• Periodically attends technical training relating to current and future network technology support duties
• Demonstrated design and integration of external network redundancy and high availability technologies, advanced network edge security and firewall integration initiatives, and optimization of workflow regarding security and network event warnings and errors, resource management, and network availability in both external and internal environments
• Design and implementation of secure network integration, including WAN, LAN, SD-WAN, tunneling, and Wi-Fi, with integration of Public Key Infrastructure (PKI), certificate authority management, and TLS security protocols.
• Protocol familiarity with, but not limited to TCP, IP, UDP, HTTP, DHCP, DNS, and various Wi-Fi protocols with skills integrating and improving security systems such as firewalls, gateways, tunnels, certificate management, and cloud/on-prem API security integration and management preferred
• Experience designing and managing security event workflows and tools, including design and implementation of internal and external security layer tools from the end point, through network isolation and monitoring, to ingress/egress of data and communications preferred

Nice To Haves

• Networking certifications including CCNP (Data Center/Enterprise) and CCDE preferred
• Demonstrated design and implementation of applicable network devices, firewalls, wireless access points, WAN services, and security design and integration with other systems preferred

Responsibilities

• Protect our network perimeter by filtering incoming and outgoing traffic, ensuring only authorized access is granted, while monitoring for potential security threats and implementing necessary security policies
• Design, implement, manage, integrate, and maintain the organizations network including on-prem and in the cloud
• Experience with network security including Intrusion Detection, Protection, and tunneling
• Management of Certificate Authority and certificate issuance
• This position is an SME for firewalls and networking responsible for designing, integrating, implementing, maintaining, testing, monitoring, and assessing system technology across the organization.
• Leads efforts in network security and traffic flow management, primarily responsible for planning, implementing, and integrating disparate network software and hardware solutions.
• Mentors, coaches, and guides other Engineers and Administrators to address complex networking solutions that require proactive strategies and in-depth evaluation.
• Leads technical projects and delivers short- and long-term technological networking solutions.
• Subject Matter Expert in perimeter network domain including WAN-LAN integrations, security, redundancy, design, implementation, support, and vendor interaction are required
• Ability to support other staff working Level 3 calls, immediately recognizing solutions without relying on vendor support, occasionally research, resolve, and document unknown root cause solutions
• Oversee and manage firewall systems, design multiple tool integrations to support vulnerability reduction while supporting Administrators and Engineers working on specific vulnerability and security risks
• Research and develop mitigations for security related network vulnerabilities, act as SME for specific security tools within PERA’s networking domain, and evaluate and review configurations and actions ensuring all changes improve the infrastructure security posture at PERA
• Design, implement, and mentor other staff in firewall management and participate in disaster recovery testing with a focus on communications in a DR test/event, ensuring documentation is written, diagrammed, up to date, tested, and improved for system recovery and operation
• Expert comprehension of multiple PERA systems, projects, project specifications, and DevSecOps initiatives that require a firewall/network SME contributor
• Identify and evaluate opportunity to improve confidentiality, integrity, and availability in multiple areas of SME expertise, design and lead various network and encryption solution implementations, identify and evaluate new tools and integrations to help Infrastructure staff accomplish the mission of CIA
• Design, plan, and implement significant projects, network enhancements, and network integrations including assisting in planning and responsibility assignments to accomplish those initiatives, ensuring documentation of details and review for completeness of ITSM processes
• Utilizing multiple network SME skills to design, review, and approve vendor SOW projects, participate in vendor discussions to resolve significant issues, regularly act as a senior resource for staff on existing security appliance operation in the domain, rarely utilize or rely on vendor services and support, evaluate licensing and initiate and review quotes for significant new services or tools
• Applies different and creative techniques to analyze, test, and implement ad-hoc solutions in a prudent and swift manner, foreseeing and avoiding potential impacts on end user computing environments and colleagues by focusing on network availability and stability, and leads peers to an understanding of complex networking topics
• Adept at making decisions and optimizing future work utilizing planning, testing, and proof of concepts
• Provides written communication that is concise, clear, and updated, on both small and large initiatives and reviews ITSM processes to ensure continued process improvement
• Collaborates effectively with teammates and vendors with empathy, adeptly uses feedback and audience specific language to explain and resolve issues, and manages vendor relationships
• Provides technical and task leadership, coaching, training, and direction to develop team depth, proactively on moderate to large size projects with minimal supervision required from senior staff and management
• Perform other duties as assigned

Benefits

• PERA invests in our employees’ growth through training and leadership opportunities.
• To promote wellbeing, we offer hybrid or flexible working options for most roles and a total rewards and benefit program including health, dental and vision coverage - eligibility starts the first day of the month following the date of hire for most plans; generous paid time off and volunteer hours; pension and retirement plans, including PERA’s defined benefit plan, 457 defined contribution plan, and 401(k) employer match, as applicable; tuition assistance; free, convenient on-site parking or RTD subsidy; free on-site fitness center to stay active; employee assistance program; training, leadership and mentoring programs and more.
• PERA is a Public Service Loan Forgiveness qualifying employer.