Sr Network Firewall Administrator

* Must reside in the state of CO on start date. Relocation assistance is not provided*

**This is a hybrid position requiring 2 days a week in office and remaining remote work must be from CO**

***FirstBank does not sponsor work visas***

Salary Range

$120K - $150K

Founded in 1963, FirstBank is Colorado's largest locally owned holding company and we are still growing, serving customers in Colorado, California, and Arizona. Our growth can be attributed to one simple philosophy: do right by customers, communities, and employees, which is at the center of the company’s “banking for good” mantra. FirstBank believes that diversity, equity, and inclusion are part of everything we do, both within and outside our company, and we take pride in hiring and training a diverse and talented group. We strive to not only maintain a diverse workforce, but also ensure our employee experience garners a sense of belonging, is inclusive and equitable. FirstBank believes that a company is nothing without the people that comprise it. By joining the FirstBank team you will experience our great team culture with ample opportunity for growth. There’s an opportunity for everyone with positions across the company, from Personal Banker and Call Center to Technology and Lending. Apply today to learn more and join the team!

A Brief Overview

Responsibilities include evaluation, design, installation, configuration, operation, and maintenance of enterprise-level next-generation Firewall technologies such as Cisco ASA, Firepower and Identity Service Engine (ISE) technologies, Intrusion Prevention Systems (IPS), and Virtual Private Networks (VPN) in an enterprise 24x7 environment. Participate and lead technical research, documentation and projects with a primary focus on Data Center, Cloud, Campus, and Branch network security. Must be able to participate in after-hours work as required for on-call and system implementations.

What you will do

• Provide technical leadership in the administration and implementation of enterprise-level firewall and intrusion prevention solutions, and virtual private networks, specializing in Cisco ASA and Firepower next-generation firewall technologies.
• Maintain a functional  understanding of  all aspects of network infrastructure, including Cloud, Data Center, Campus, Wireless (WLAN) and Wide Area Networks (WAN).
• Analyze, maintain and troubleshoot Cisco ISE RADIUS Network Access Control (NAC) environment with a functional understanding of EAP-TLS, and certificate Public Key Infrastructure (PKI), supporting wired 802.1x and MAB device authentication.
• Works on projects/systems/issues of high complexity surrounding network segmentation, intrusion detection and prevention, configuration and optimization.
• Regularly audit firewall configurations for all segments of the network including Data Center, Campus, Wireless and Wide Area Networks.
• Manage implementation projects involving existing and new technical solutions; responsibilities include planning, scheduling, and coordinating all aspects of the project.
• Establish, maintain, and troubleshoot virtual private network connections to 3rd party external entities. Provide escalation support for firewall configuration and troubleshooting with the Branch WAN and Campus networks; provide guidance to assist the network admins in resolving problems.
• Make decisions and recommendations to Management as necessary to keep projects on schedule.
• Identify and research emerging technologies, recommend evaluation of network security technologies that would benefit all aspects of the network including private and public Cloud infrastructure.
• Perform other duties and projects as assigned.
• Understand and comply with all provisions of the Security in the Workplace policy.

Minimum Requirements

• Typically requires a bachelor's degree in related field and a minimum of 5 years of related experience.
• A combination of post-high school education, job related certification and related experience equivalent to 7 years may be considered in lieu of minimum requirements

Preferred Requirements

• Bachelor’s Degree in Computer Science or other technical field
• Experience in administering enterprise-level next-generation Firepower firewall technology with a medium to large organization
• Experience in administering Cisco ISE as a wired Network Access Control environment
• Cisco Certified Network Professional Security (CCNP) certification or equivalent
• Network Security administration experience in an enterprise 24x7 environment including wireless networking

Knowledge, Skills, and Abilities

• Strong organizational skills with the ability to balance multiple projects and multiple tasks while meeting agreed upon objectives
• Strong proficiency in scripting languages such as Python and YAML
• Experience using automation tools such as Ansible and Terraform; familiarity with RESTful API integrations and version control systems
• Possess the ability to quickly identify, diagnose and provide solutions to complex problems, requirements and integration of various technologies
• Detailed experience in the principles, design and implementation of TCP/IP networks including OSI model, routing, VLAN’s, QoS tuning and capacity management
• Functional knowledge with layer 2 and layer 3 technologies with a focus on Cisco networking equipment such as firewalls, routers, switches, and network load balancers
• Detailed experience with routing protocols including Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP)
• Detailed experience with Data Center and Campus Core firewall design, traffic flow analysis, segmentation, and Implementation
• Functional knowledge of Software Defined Networking concepts including Software Defined Data Center and Software Defined Wide Area Networks (SDWAN)
• Able to recommend, implement and maintain security measures on various network devices
• Working knowledge of virtual servers and operating systems
• Working knowledge of encryption technologies, web services and database systems
• Strong customer service skills; experience required

Working Conditions and Physical Requirements

• Frequently remains stationary throughout a typical business day
• Frequently operates a computer and other office machinery, such as a calculator, copy machine, and computer printer
• Occasionally moves about inside the office to access file cabinets, office machinery, and other rooms
• Occasionally positions self to access drawers and shelves of various heights
• Frequently reaches for and handles paperwork and files
• Constantly communicates with customers, coworkers, and management in-person and on the phone
• Must be able to exchange accurate information
• FirstBank does not currently offer fully remote positions, except as required by law. The actual number of in-office days that may be required will vary by business unit, role, and business need.

Statement of Benefits

FirstBank offers a suite of benefits that support our employees’ professional, financial, physical, emotional and spiritual well-being. Benefits currently offered with our positions include: Paid Time Off/paid leave programs, 401K/Employee Stock Ownership, United Healthcare medical, MetLife dental, VSP vision, Employee tuition reimbursement, Volunteer Time Off, Short-Term Disability, Long-Term Disability, and Group Life Insurance/AD&D


EOE/Affirmative Action

FirstBank is an EOE/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other legally protected characteristic. FirstBank does not permit pay inequities. Anyone who believes they have been subject to pay inequity should immediately report their concerns to the Human Resource Department.

Colorado Job Application Fairness Act

Under Colorado’s Job Application Fairness Act, you have the right to redact from any documents that you submit in connection with your application information that identifies your age, date of birth, or dates of attendance at or graduation from an educational institution. Should you wish to exercise your right to redact such information, please redact it prior to submitting the documentation

*This job opportunity is expected to close on 3/21/24*