Palo Alto Security Firewall Engineer

About DMI

DMI is a leading global provider of digital services working at the intersection of public and private sectors. With broad capabilities across IT managed services, cybersecurity, cloud migration and application development, DMI provides on-site and remote support to clients within governments, healthcare, financial services, transportation, manufacturing, and other critical infrastructure sectors. DMI has grown to over 2,100+ employees globally and has been continually recognized as a Top Workplace in both regional and national categories.

About the Opportunity

The Security Firewall Engineer - Level II role requires extensive Palo Alto and network experience, along with extensive networking experience. A Network Security Engineer is responsible for providing architectural, technical, and problem resolution support for the FDIC network and security infrastructure that promotes a secure and scalable environment that align to the security requirements of our customer.

A Security Firewall Engineer also focuses on both the short-term and the long-term strategy, recommends technology solutions and improvements to the network and security related environments and is also responsible for delivering clear, concise, timely communications that promote confidence in our team's ability to deliver operational excellence. They also perform Tier III "Build and Run" activities across multiple network related security environments, and review and recommends configuration changes, as needed.

The day-to-day responsibilities include the design, implementation, operations, trouble shooting, and resolution activities across multiple domains. They may be required to participate in system upgrades, deployments, and enhancements, while focusing on delivery objectives, critical issues, and policy adherence. All Network Security Team members periodically work after hours to support systems outage and critical infrastructure upgrades. This position may also require an on-site presence one, or more, days per week.

Qualifications

Education:

• BS Degree in Computer Science or Engineering, or equivalent work experience (required)

Experience:

• 10+ years of relevant technical Security Engineering or Network Engineering/Security Engineering experience (required)
• Certifications: Desire two, or more, of the following: CCNP, CCDP, CCSP, CISSP, OSCP, PCNSE, PCNSA, ITIL, or other related certs

Required Skills:

• Extensive experience with Palo Alto Firewall appliances (3000/3200/5200/5400) and VM-500 cloud deployments
• Extensive experience with Palo Alto Panorama 10.x or 11.x
• Extensive experience with troubleshooting from keyboard to cloud and from hardware/driver to layer 7 application issues
• Extensive experience with maintaining and improving Operational Security
• Fundamental understanding of SMTP and SMTP related security mechanisms
• Fundamental understanding of threat/anti-viranti-spyware/URL-filtering/decryption profiles and fine tuning for .GOV's
• Fundamental understanding of networking from physical to dynamic routing protocols
• Extensive experience with decryption/TLS/Security Profiles/PKI and deep understanding of PCAPS
• Extensive experience with application-based traffic and designing solutions for Firewalling (Internal/Perimeter/External)
• Experience with hybrid cloud environments and end to end application delivery and support
• Extensive experience supporting multiple Data Centers and geographically dispersed offices
• Continuous learner with a focus on the latest network security related developments in the field

Desired Skills and Abilities:

• Vendor hardware and software support, such as Cisco, Juniper, Palo Alto, Trellix/FireEye, and others
• Data Center, Network, Firewall, and Email quarantine systems and support
• Analysis and forensic tools, along with effectively troubleshooting ingress/egress and zoned traffic
• Azure Infrastructure and understanding Azure VNET's, Routing and Firewalling
• Operating within and Supporting a FIPS environment
• Developing security policies that incorporate data from identity systems, endpoints, and external management systems
• listing IP space for various project teams to access external vendors and to ensure safe and secure connectivity
• Creating Zones and Policies for various network segments and troubleshooting connectivity across Security Zones
• Work with internal applications teams, design, and implementation teams on application level security
• Develop documents that describe design, security controls, and operational manuals
• Develop and participate in internal/external testing of applicable applications to ensure that sufficient security in in place
• Effective time management and organizational skills and ability to translate technical issues for business users
• Work independently as well as in a team environment with effective interpersonal communication skills
• Analytical, communications, and problem solving skills
• Support InfoSec Standards and Best Practices
• Thrives in a fast-paced environment and looks for ways to do things more effectively (Current Mode/Future Mode)

Location: Arlington, VA

Physical Requirements: N/A

ship Required

#LI-JS3

Employees are valued for their talents and contributions. We all take pride in helping our customers achieve their goals, which in turn contributes to the overall success of the company. The company does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans, and to treat qualified individuals without discrimination based on their physical or mental disability or veteran status. DMI is an Equal Opportunity Employer Minority/Female/Veterans/Disability. DMI maintains a drug-free workplace.

***************** No Agencies Please *****************

Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. ship may be required for some positions.