The Firewall Network Engineer assists with the information technology needs of the U.S. Department of Health & Human Services (HHS) Indian Health Services (IHS) by managing, supporting, and optimizing network security to ensure the integrity and availability of systems, authentication, and authorization. This position helps support the running of system scans using Nessus Tenable Security Center and other related tools. Additionally, the Network Engineer works within a team that monitors, analyzes and responds to computer security threats.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.
Performs quarterly vulnerability scans and analysis of scans of FBI FISMA enterprise systems and applications.
Supports quarterly vulnerability scans and analysis of scans of FISMA non-enterprise systems and applications.
Conducts non-scheduled vulnerability scans in support of operational matters.
Provides support for vulnerability and/or compliance assessments.
Supports all information systems compliance measures, and follows C & A processes for ensuring applications are accredited.
Supports Risk Vision Team in integrating automated capability through government furnished Risk Vision Connectors in order to capture vulnerability scan results.
Maintains the inventory and software baseline of laptops used to scan non-enterprise information systems and applications, including software upgrades and the planning of technical refresh.
Performs training and provides training guides related to the scanning of laptops, the use of vulnerability scanning applications (i.e., Nessus, etc.), and the interpretation of scanning results.
Actively contributes to inter-departmental and cross-functional working groups.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output. Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.
Associate’s degree in Information Technology, Computer Science, Cybersecurity or a related field of study that provides substantial knowledge useful in administering large, complex networks and a minimum of two (2) years relevant experience with current and emerging technologies.
Four (4) years relevant security experience in: 1) systems security analysis and implementation, design assurance and testing; 2) implementing, administering, performing tests and analyzing all elements of network systems; 3) experience with current and emerging technologies may be substituted in lieu of specified degree; or equivalent combination of education / experience.
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Knowledge and understanding of OMB, FISMA, FIPS, HIPPA and other federal regulations and requirements associated with Information Security
Knowledge and understanding of two factor authentication and shared token
Working knowledge in network security L1, L2, L3, L4 and L7 troubleshooting support, with ability to stay abreast of developments
Skilled proficiency and working knowledge related to WAN Routing and Switching: EIGRP, OSPF, RIP, BGP, route redistribution, IP Routing, HDLC, VPN, PPP, Multilink, QoS, Vlan, VTP, STP, Ether channel, HSRP, ACL, NAT, 802.1x, Port Security
Operational knowledge and understanding of TCP/IP, network protocols, firewall theory, and packet analysis, principles and techniques applied in securing operating systems and LAN/WAN networks, standard and nonstandard port use and overt channel connectivity
Understanding of enterprise network security technologies such as encryption, VPN, firewalls, access control, and remote access
Excellent written and verbal communications skills with ability to prepare quality reports, presentations, summaries and analyses
Ability to read, analyze, develop and interpret common information systems security documents
Excellent customer service and collaboration skills with ability to effectively interact and communicate with all levels of authority
Detail-oriented with proven analytical and problem-solving skills
Ability to prioritize tasks and to be self-motivated
Ability to effectively work both individually and in a team environment
CERTIFICATES, LICENSES, REGISTRATION
Professional certifications preferred but not required (e.g., Cisco Security, CISSP, SANS GIAC, Security+, Network+, Linux+, MCSE, CCNA , SSCP)
Ability to read, analyze and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference and volume. Ability to apply concepts of basic algebra and geometry.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.