Security Network & Firewall Architect

Title: Security Network & Firewall Architect    
Company: Tampa Electric Company
Location: Ybor Data Center    
State and City: Florida    -  Ybor City
Shift: 8 Hr. X 5 Days  

Hiring Manager: Mayda Gonzalez   

Recruiter: Mark E Koener    

 

 

TITLE:    Security Network & Firewall Architect, Progression
PERFORMANCE COACH:     Manager Enterprise Security
COMPANY:    Tampa Electric
DEPARTMENT:    High Performance Computing & BP Support

POSITION CONCEPT

This position will be responsible for our Firewall Architecture and Configuration requirements and provide the direction and design for Segmentation and Zero Trust.  
 
Focus Areas: 
1.    Enterprise firewall technologies such as Palo Alto Networks, Cisco Firepower, Check Point, Fortinet, or similar.
2.    Network protocols, including TCP/IP, DNS, DHCP, and routing protocols (e.g., OSPF, BGP).
3.    Firewall rule management and optimization.
4.    SD-WAN, VPNs, and cloud-based firewall solutions (e.g., Azure Firewall, AWS Security Groups).

 

The Network & Systems Security Analyst is responsible for planning/designing, implementing, and supporting new and existing network, server, storage infrastructure. This role is also responsible for ensuring all network security controls (i.e., firewalls, web application firewalls [WAF], proxies, network segmentation, NAC, ACLs, etc.) are implemented and managed per corporate information security standards. Additionally, responsibilities include assessing enterprise assets and critical assets for secure configurations and maintaining and enforcing regulations and standards such as NERC Critical Infrastructure Protection (CIP), Sarbanes-Oxley (SOX), and Payment Card Industry (PCI).

Responsible for the design, planning, operation, maintenance, and support of the TECO and NMGC network infrastructure. This includes primary accountability for network technologies such as route/switch, on-premise LAN/WAN, IPAM, Wi-Fi, ISP management, site-to-site VPNs, proxies (forward and reverse), perimeter firewall management, DNS, Azure cloud environments, automation, NAC/user access, hyperconverged infrastructure, and overall network security. Partners with the Telecommunication teams on establishing/upgrading existing circuits/communication links. Responsible for the NERC Cyber Infrastructure Protection and disaster recovery plans.

Responsible for VoIP, SIP, DHCP, DNS, TCP/IP routing and routing protocols such as OSPF and BGP, binary mathematics, NAT, PAT, IPsec and SSL VPN technologies, GRE tunneling, route redistribution, traffic shaping, port-level filtering, SD-WAN, MPLS and other communications related technologies. Responsible for the installation, configuration, and maintenance of all WAN and LAN connectivity which includes core and campus switches, routers, firewalls, wireless access points, WAN scalers and load balancer technologies. Responsible for the design, installation, configuration, and maintenance of DNP over IP and serial SCADA communications between the primary and backup control centers, power plants, solar sites, and substations. Responsible for the configuration and maintenance of Smart GRID communication hardware switches and routers between the primary and backup control centers.

 

NETWORK & SYSTEMS SECURITY ARCHITECT (LEVEL 4)
In addition to the duties & responsibilities of the Level 3 Analyst, has increased responsibilities in consulting on small project design and plans. May serve as a project lead on larger projects, cross-train peers, and mentor all levels of Analysts. Works under general direction.

 

ADDITIONAL DUTIES AND RESPONSIBILITIES

1.    Monitors, troubleshoots, diagnoses, and remedies server, network, DDoS protection, NetScaler load balancers, and security controls related problems and failures. (10%)

2.    Installs and configures server and network related hardware/software which meet the company’s security standards. (10%)

3.    Design and planning required for small and large projects. (40%)

4.     Project leadership, consulting, or cross-train peers. (40%)

QUALIFICATIONS

EDUCATION  

Required:    High School Diploma or GED    

Preferred:     Bachelor’s degree in Computer Science, Engineering, Math, or equivalent IT discipline (MIS).

 

LICENSES/CERTIFICATIONS 

Required:     Has obtained at least three related network, system, operating system, or information security professional certifications: (e.g., Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Expert (MCSE), VMware Certified Professional (VCP), Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), Certified Ethical Hacker (CEH), GIAC Network Forensic Analyst (GNFA) or other GIAC Certifications, Certified Information Systems Security Professional (CISSP), Certified SCADA Security Architect (CSSA).

Preferred:    ITIL v3, CCNP, MCSE, VCP, GNFA, CISSP

 

EXPERIENCE  

Required:    Minimum ten (10) years of related hands-on experience implementing and maintaining Windows, VMware, firewall support, DDoS protection, proxies, WAFs, NetScaler load balancers, Storage Area Networks, or Cisco Networking. 
In lieu of some experience listed above, may consider eight (8) years of related experience with an Associate’s Degree or six (6) years of related experience with a Bachelor’s Degree in Computer Science, Engineering, Math, or equivalent IT discipline (e.g., MIS).

KNOWLEDGE/SKILLS/ABILITIES (KSA)

•    Expert knowledge of network, server, and security controls infrastructure regardless of the complexity
•    Thorough working knowledge for most of the following technologies and operational functions: switching, routing, DNS/DHCP, Windows Active Directory, VMware, Voice over IP, Storage Area Networking, firewall support, DDoS protection, proxy, WAF, NetScaler load balancing, network segmentation, NAC, IDS/IPS, antivirus support, cyber security best practices, and networking/hardware installation and maintenance
•    Thorough working knowledge with packet analysis and denial of service protection
•    Strong critical thinking, analytical, problem solving, and risk assessment skills as well as strong listening and communication skills (oral and written)
•    Ability to present issues and topics of a complex technical nature to non-technical audiences
•    Excellent interpersonal, mentoring, consulting, and organizational skills
•    Thorough working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX, and PCI

 

LEAD NETWORK & SYSTEMS SECURITY ANALYST (PERFORMANCE COACH)
In addition to the duties & responsibilities of the Level 3 Analyst, has increased responsibilities in leading and managing Level 1 through 3 Analyst. May serve as a project lead on larger projects, cross-train peers, and mentor all levels of Analyst. Works under general direction.

ADDITIONAL DUTIES AND RESPONSIBILITIES

1.    Monitors, troubleshoots, diagnoses, and remedies server, network, DDoS protection, NetScaler load balancers, and security controls related problems and failures. (10%)

2.    Installs and configures server and network related hardware/software which meet the company’s security standards. (10%)

3.    Design and planning required for small and large projects. (25%)

4.     Project leadership, consulting, or cross-train peers. (25%)

5.    Lead and manage the network analyst (Level 1, 2, and 3) team (30%)

 

QUALIFICATIONS

LICENSES/CERTIFICATIONS 

Required:     Has obtained at least three or two, with the condition to obtain a third certification within one year of hire for this position, related network, system, operating system, or information security professional certifications: (e.g., Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Expert (MCSE), VMware Certified Professional (VCP), Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), Certified Ethical Hacker (CEH), GIAC Network Forensic Analyst (GNFA) or other GIAC Certifications, Certified Information Systems Security Professional (CISSP), Certified SCADA Security Architect (CSSA). Leadership/management certifications/certificates may be considered in lieu of professional certifications.

Preferred:    ITIL v3, CCNP, MCSE, VCP, GNFA, CISSP

 

EDUCATION  

Required:    High School Diploma or GED    

Preferred:     Bachelor’s degree in Computer Science, Engineering, Math, or equivalent IT discipline (MIS).

 

EXPERIENCE  

Required:    Minimum ten (10) years of related hands-on experience implementing and maintaining Windows, VMware, firewall support, DDoS protection, proxies, WAFs, NetScaler load balancers, Storage Area Networks, or Cisco Networking. 
In lieu of some experience listed above, may consider eight (8) years of related experience with an Associate’s Degree or six (6) years of related experience with a Bachelor’s Degree in Computer Science, Engineering, Math, or equivalent IT discipline (e.g., MIS).

 

KNOWLEDGE/SKILLS/ABILITIES (KSA)

•    Expert knowledge of network, server, and security controls infrastructure regardless of the complexity
•    Thorough working knowledge for most of the following technologies and operational functions: switching, routing, DNS/DHCP, Windows Active Directory, VMware, Voice over IP, Storage Area Networking, firewall support, DDoS protection, proxy, WAF, NetScaler load balancing, network segmentation, NAC, IDS/IPS, antivirus support, cyber security best practices, and networking/hardware installation and maintenance
•    Thorough working knowledge with packet analysis and denial of service protection
•    Strong critical thinking, analytical, problem solving, and risk assessment skills as well as strong listening and communication skills (oral and written)
•    Ability to present issues and topics of a complex technical nature to non-technical audiences
•    Excellent interpersonal, mentoring, coaching, and organizational skills
•    Thorough working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX, and PCI

 

TECO offers a competitive Benefits package!!

 

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!

#LI-SC1