Sr. Boundary Firewall Engineer

Overview

The AFINC II contract supporting the 26th Network Operations Squadron (26NOS) is seeking qualified Firewall Network Engineers. The Boundary Protection team oversees an enterprise DoD environment supporting the USAF that requires a unique and dynamic skill set. They are expected to complete associated training programs and/or actively pursue professional development/cross-training opportunities. If you are seeking a challenging and fast paced workplace, please review the list of responsibilities and qualifications. Candidates that do not meet all qualifications, are still considered on their relevant experience in similar environments.

As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.

SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 40 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.

Submit your resume today!

Responsibilities

Responsibilities:

• Serve as a Boundary Protection Team Operator for the 26 Network Operations Squadron (26 NOS) at Maxwell Air force Base-Gunter Annex, Alabama.
• Oversees intrusion detection, intrusion prevention, boundary protection and vulnerability assessment operations to defend the Air Force Network (AFNet). 
• Identifies unknown or unauthorized sources which attempt to access the AFNet and, when such attempts occur, notifies the appropriate AF agencies. 
• Monitors, operates, and maintains intrusion detection/prevention systems, firewalls, load balancers, and web proxies to protect AFNet resources from both internal and external threat.

    Network Operations:

• Manage all network security devices across the WAN, to include enterprise-wide functions for firewall, proxies, load balancers, IDS/IPS, VPNs, and malicious code response.
• Assist on-site LAN engineers with troubleshooting support of network equipment and installation of new hardware
• Perform minor and major operating system upgrades on all network security devices.

   Enterprise network troubleshooting:

• Must work with all corresponding technical support teams as required to resolve network traffic concerns.
• Utilize monitoring tools and log collectors to provide in-depth analysis on traffic anomalies and issues.
• Work network issues to resolution for customers via trouble tickets, change requests, and phone calls, in direct support with base-level, NOSC-level, and DISA counterparts.
• Receive inbound calls from enterprise customers and work with other external NOCs to troubleshoot and resolve policy configuration issues.

    Perform packet capture analysis as required.

    Device Management:

• Experience configuring and managing IDS, Firewalls and other network security platforms.
• Familiarity and experience with Palo Alto firewalls, F5 appliances, and CISCO ASAs is preferred.

    Device and traffic monitoring:

• Performs daily health checks to acknowledge system level faults and begin the process of resolution.
• Utilizes monitoring tools and log collectors to begin initial analysis on network traffic, including (but not limited to) Splunk, Schnozz, ELK, InfoVista, and NIKSUN.

    Flexible schedule as needed:

• This position requires rotating weekends, 24x7 shift support, and periodic on call duties.
• It may be required to come in earlier than normal, stay later than normal, or work off shifts to meet contract requirements or to support network changes during off peak maintenance windows.

Qualifications

Technical degree, Associates or, bachelor’s degree in computer science/information systems, Science/Engineering/Math or 5-7 years’ relevant experience in Information Technology preferably within system or application administration is acceptable.

Requires a DoD 8570.01-M Information Assurance Technical (IAT) Level II certification:

• CompTIA Security+ CE (Continuing Education)
• CompTIA Cybersecurity Analyst (CySA+) CE (Continuing Education)
• (ISC)² Systems Security Certified Practitioner (SSCP)
• GIAC Global Industrial Cyber Security Professional (GICSP)
• GIAC Security Essentials Certification (GSEC)
• (ISC)² Systems Security Certified Practitioner (SSCP)

Requires at least one or more Computing Environment/Operating System (CE/OS) Defense Cyberspace Workforce Certification (DCWF) requirement(s):

• Palo Alto Networks Certified Security Automation Engineer (PCSAE);
• Palo Alto Networks Prisma Certified Cloud Security Engineer (PCSAE);
• or F5 Security Certified Solution Expert

Clearance: 

• Active DoD Secret or higher required, or ability to obtain one

SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. 

SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.