The Senior Security Network Engineer will collaborate with cross-functional and multi-cultural global teams to prevent, detect, and respond to threats to the organization's critical information assets. .
Responsibilities
-
Analyze existing network security controls and strengthen the controls that could make vulnerability exploitation more likely - such as Data Loss Protection, technical debt, etc.
-
Design and implement a global NAC solution (e.g. Cisco ISE) to control and authenticate network access including port-based network access control 802.1X.
-
Research and propose new VPN, ZTNA, and VPN-less access solutions to provide secure remote access for authorized users and site-to-site remote access.
-
Design, architect, and deploy Zscaler cloud-based solution infrastructure across SDWAN-based sites.
-
Manage implementation plans and operations supervision of Zscaler solutions (ZIA, ZPA, ZDX, etc.).
-
Proactively monitor reporting and consumption information along with policy configurations of Zscaler technologies and make ongoing recommendations to improve the overall experience.
-
Review and architecture restricted access to contractors and third-party employees to ensure security and reliability in a self-service environment.
-
Develop and automate tools and techniques to scale and accelerate network offensive emulation, anomaly detection, and vulnerability discovery using AI technology. Collaborate with teams to influence implementation, measurement, and mitigation of these vulnerabilities.
-
Develop, improve, and communicate a compelling strategy and roadmap for network vulnerability and data leak prevention management.
-
Design, implement, maintain, monitor, and support company-wide network security best practices. Draft and share network services configuration hardening standards.
-
Build relationships with cyber security teams, network operations, digital assets support, and business areas in support of the global data protection initiative.
-
Measure, report, and automate the network security team's performance against objectives, policy compliance targets, and network security goals (e.g., SLAs, KPIs, KRIs, OKRs)
-
Install security measures and operate software to protect systems and information infrastructure, including assisting with firewalls security rules, and data security implementation. Regularly review and request updates of firewall rules and configurations to address emerging security risks.
-
Collaborate with analysis and responses to alerts generated by IDPS tools.
-
Conduct regular security audits of network infrastructure and devices.
-
Understand secured web traffic flow standards and custom application-based traffic and design firewall and proxy services.
-
Expect to assist as L3 SME for critical business impact P0/P1 network security escalations during operational and non-operational hours.
-
Provide data and root cause analysis of network security incidents with corrective actions for improvement. Fix detected vulnerabilities.
-
Closely working with compliance and internal audit departments to ensure network security standards are in place, enforced, and maintained, and provide evidence samples according to the requirement.
-
Research upcoming trends in information technology and security, stay updated on potential threats and attacks, and come up with preventive roadmaps.
-
Help develop and maintain network security content in the internal Knowledge Base.
-
Develop and provide network-related Cyber Security Training and improve network Cyber Security Awareness around the global network teams.
Qualifications
-
Demonstrable experience in defining, reviewing, analyzing, and creating cybersecurity documentation, including actionable security standards, implementation procedures, cyber risk assessments, cyber security audits, remediation plans, and cyber control guidelines.
-
Solid grasp of security controls in Physical (network, platforms) and Cloud environments (i.e., IaaS, PaaS, SaaS, multi-cloud).
-
Familiarity with Cloud Security Alliance (CSA) guidelines.
-
Extensive experience in the development and delivery of security-level agreements and metrics via real-time reporting and alerting dashboards (SharePoint, Power BI, SQL, Office 365, Microsoft Teams).
-
Proficient with a broad array of security software applications and data leak protection tools with an emphasis on Zscaler and Cisco security technologies.
-
Detailed understanding of network-related modern systems including firewalls, encryption, network access control, wireless and wired secure access, SD-WAN, SD-Access, secure remote network access, and password protection and authentication.
-
Understanding of cyber security frameworks for the OT environment including Industrial control systems (ICS) the devices, controls, and networks that handle different industrial processes , supervisory control and data acquisition (SCADA) systems, and distributed control systems (DCS).
-
Solid understanding of cyber-security technologies like AV, Sandbox, IPS, IDS, NGFW, and WAF.
-
Very solid background with vulnerability discovery and demonstration of exploitations.
-
Ability to see through bad actors' eyes and find ways to break open the cyber security protocols and technologies embraced within the organization.
-
A data-driven, problem-solving, curious candidate with strong analytical skills and who is not afraid to challenge the status quo.
-
A self-starter with a goal-oriented, can-do attitude who is comfortable communicating cyber concepts, and risk management to all levels of personnel.
-
Ability to influence other IT professionals, including network engineers, digital support, application owners, project managers, and system managers, to integrate security network controls into existing systems and processes.
-
Proven ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts in clear, concise, and understandable terms.
Preferred Qualifications
- Bachelor's degree required in technology, information security or related fields or equivalent work experience.
- Demonstrated ability in computer systems with some specialization in computer security highly preferred.
- Knowledge of foundational security controls and how they protect an enterprise environment.
- Relevant certifications (e.g., Certified Information Systems Security Professional - CISSP, Certified Information Security Manager - CISM).
- Very strong capacity to create new exploits or craft existing exploits to identify security loopholes in the network control cyber security plane.
- Experience with PowerShell and SQL query creation and modification.
- Scripting - Working knowledge of computer programming language.
- This is a remote position; however, we require that the candidate be located close to one of the AES locations.
- Some travel required (~15-20%)
AES Corporation
4300 Wilson Blvd
Arlington
Virginia United States
www.aes.com
