Cybersecurity IT Solutions Engineer, Senior

Position Summary

The Cybersecurity IT Solutions Engineer, Senior is a highly organized, thorough, security-minded problem solver focused on the protection of PG&E information system assets against compromise and cyber-attacks. The successful candidate is responsible for planning, implementing, deploying, and maintenance of security solutions to ensure the stability and security of PG&E infrastructure for both on premise data centers and cloud deployments. They will have extensive knowledge and broad functional experience with IDS/IPS, WAF, ADC, firewall, VPN across a wide range of complex architectures, platforms and mediums. This position will help in the secure deployment of network systems and help in the administration of same in a mission-critical, 24/7 environment.

 

The successful candidate must be able to implement high-level designs, provide constructive feedback and input to architects and update operations documentation for any new configurations or procedures resulting from changes to production environments. They must also document all work for metrics and billing reporting using a designated change management or request system.  They Expert Specialist also participate in audits from outside vendors and government regulators (NERC, WECC, etc.)

Job Responsibilities

  • Install, configure, and maintain network security hardware, software, devices and appliances in support of PG&E on premise data centers and cloud deployments.
  • Prepare network or infrastructure Visio topology diagrams, write Standard Operating Procedures and maintenance plans, and provide status reports as required.
  • Participate in data calls and other operational and maintenance tasks.
  • Assist with technical issues, project management, design, analysis, and implementation of network security solutions as needed.
  • Develop and execute mitigation plans for technical issues.
  • Prepare periodic maintenance plans and comply with change management procedures.
  • Maintain detailed knowledge of company network and technology standards.
  • Work closely with other IT groups to ensure systems are maintained in an efficient manner, and communicate all issues, changes, outages, and maintenance in accordance with processes, procedures, and policies.
  • Responsible for technical support and administration of critical infrastructure network components (e.g., firewalls, wireless controllers, VPN, etc).

Qualifications

Minimum Education Level: Bachelor's

Minimum:

  • 5 years of IT engineering design and/or technical implementation, network, or IT operations experience
  • BA or BS degree in Computer Science, Engineering, Business or related discipline or equivalent experience

Desired:

  • 10 years of IT product experience
  • Experience with creating, running and maintaining cloud (AWS, Google Cloud, and Azure) network and security stack
  • Familiar with DevOps agile methodologies and container technologies such as Docker
  • Experience with developing, testing and maintaining REST based services and APIs
  • CISSP or other industry standard network or security certification
  • Experience with encryption protocols such as SSL or SSH
  • Experience with VPN using IPSec or SSL VPN
  • Experience with firewall rule automation tools such as Tufin or AlgoSec
  • Experience with monitoring or syslog collection/analysis tools
  • Experience in the Utility Industry and meeting audit requirements for NERC and WECC
  • Experience with VMWare NSX firewalls
  • Experience with Cloud-based solutions
  • Experience with IDS/IPS
  • Experience with Wireshark, OpNet, ANUE/IXIA
  • Experience with Application Delivery Controllers (A10, F5, NetScaler)
  • Experience or knowledge of DNS or DHCP
  • Experience with web, middleware, or database servers
  • Experience with Cyclades or other serial console terminal servers

Knowledge, Skills, and Abilities:

  • Demonstrated team player with strong and effective customer care skills
  • Experience with Cisco FWSM/ASA and/or Palo Alto Firewalls in highly available and hybrid cloud environments
  • Experience with F5 Big-IP, Access Policy Manager (APM), Application Security Module (ASM), and Local Traffic Manager (LTM) including tmsh, writing/reading/modifying configurations, route domains, and vCMP on Viprion
  • Understanding of network security concepts, including segmentation and defense-in-depth strategies
  • Experience with automation using scripting languages (Python, Perl, Powershell, or similar)
  • Ability to create VLANs, routes and configure network interfaces on switches, routers, and firewalls to facilitate the building of DMZs and create network segmentation
  • Ability to troubleshoot, diagnose, and repair firewall issues
  • Ability to troubleshoot and pinpoint network issues outside of firewalls
  • Understanding of network concepts from layer 2 through 7 including NAT/PAT and application identification (Cisco inspect/fixup or Palo Alto AppID)
  • Experience patching and maintaining firewalls in highly available network environments with minimal down time
  • Ability to perform work while maintaining integrity and stability of network
  • Ability to work with Architects, Solutions Engineers, and Project Managers to meet aggressive project deadlines.
  • Familiar with network monitoring tools such as NetMRI, Netflow, and provide metrics in this area
  • Available for 24×7 on call rotation
Posted: February 11, 2019
<< Back to Job-Board