- Design, implement and maintain the organization's network security operations. Work with Information Assurance Officer (IAO) and Security and Network Administrators to determine areas of weakness in the security architecture, and specify and implement solutions for controlling those weaknesses with the use of ACL's, Firewalls, NAC and IDS.
- Attend system and site surveys and assess the system's impact on the security of the network architecture.
- Ensure the Security equipment is running software capable of providing required technologies and features, while complying with security requirements as stated in regularly released IAVAs.
- Ensure early identification of problems for security equipment and systems, through existing, or newly purchased network monitoring systems.
- Develop and apply advanced network design methods and theories and provide documentation of the network topography using design applications such as Visio and AutoCAD software.
- Plan, conduct and technically direct projects.
- Coordinate the efforts of network design and maintenance efforts of network and network security personnel.
- Provide technical consultation to the outside departments concerning network architecture and security prior to the purchase of new equipment.
- Conduct investigations and tests of considerable complexity.
- Review literature standards and current practices relevant to the solution of assigned projects.
- Develop and perform network security modifications including, but not limited to: network architectural and configuration changes; network performance analyses, hardware/software enhancements to the network infrastructure.
- Provide technical consultation to the organization, work leadership, lower level employees, and peers.
- Proficient with the following network management software and network testing equipment for maintenance, real-time monitoring, baseline trending, and troubleshooting: Cisco Works 2000, HP OpenView, Fluke Optiview Protocol Expert (sniffer), WhatsUp Gold, InfoVista Runtime, Fluke Optiview Console, Waverunner, and Fluke OneTouch.
- Configure and maintain Layer 2 encryption devices.
- Configure and maintain content filter (Ironport).
- Configure and maintain the SSL VPN for remote users connecting back to the hospital network infrastructure.
- Analyze IDS, content filter and firewall logs for possible network security.
- Possess and maintain the most current certification for a Cisco Firewall Specialist Certification (CCFS with 7 years of professional experience in the industry.
- Must have prior experience as the primary technical lead designing, implementing, and maintaining network security systems in a critical environment.
- Experience with Wireshark Protocol Analyzer and interpretation of Cisco Firewall logs and various network devices for forensic and troubleshooting analysis.
- Expertise in working with and understanding the various protocols in the TCP/IP suite of protocols is required.
-Experience in researching and analyzing any protocols in the TCP/IP suite of protocols to provide network centric services for business needs while maintaining security and to support forensic analysis.
- Experience with the Ironport Secure Web Gateway, Cisco Firewall Services Module (or similar Cisco firewalls), and Juniper SA4000 VPN appliance, and be able to maintain these devices to work together to provide a defense in depth security solution.
- Experience with current network equipment, such as, Cisco Catalyst switches (3750, 4500, and 6500 series), Cisco Nexus 7000 series.
- Experience with network security equipment, such as, NAC, Firewalls, IDS’, and Cache Engines. The contractor shall have experience or ability to perform network lifecycle evaluations and recommend solutions.
- Experience with network test and troubleshooting tools to include packet analyzers, Fluke network tester (OneTouch, Optiview, Waverunner) and with network management systems (i.e. CiscoWorks, Solarwinds Orion, and Hewlett Packard (HP) OpenView).
- Must have at least one of the following: GIAC Security Essentials Certification (GSEC); Security Certified Network Professional (SCNP) Security +; Systems Security Certified Practitioner (SSCP).
- Cisco Certified Security Professional Certification (CCSP) would be desirable.