Senior Network Security Engineer

We do the right things, right now.  We do them in a way that is relevant to our clients.  Become a part of our history as it continues to be written! 

If you are interested and qualified for this role, we invite you to apply.

Network Security Engineers provide technical and project management leadership for the planning, design, and implementation of information system security solutions, procedures, and policies that help First Financial Bank achieve its information security goals and objectives.
Network Security Engineers provide knowledge and experience within the Information Systems (IT) Network Security discipline. Emphasis will be placed on the design, operation, and management of network intrusion detection and prevention systems, endpoint security solutions, and security monitoring systems. They should also have knowledge of enterprise IT security best practices, TCP/IP networks, and network security architectures. A working knowledge of network firewalls, VPN solutions, endpoint security solutions, and wireless LAN (802.11) security protocols is also required.
Network Security Engineers maintain and regularly update their knowledge of emerging information security solutions and will work with the company’s external and internal business partners to properly secure their systems and applications.
Network Security Engineers will be tasked with a large number of projects and programs. The team must have the ability to manage priorities and multitask while engaged on multiple projects. The ability to complete projects on schedule is also essential.
Network Security Engineers will be expected to innovate by developing new and better ways to address security challenges in a continuously evolving field of technology.

Essential Functions/Responsibilities

• Configuration, administration, and operation of network security systems (90%)
  • Cisco ASA 5000 Series
  • Cisco Firepower sensors, NGFW/NGIPS, and Firesight Management Center consoles
  • Network Access Control using dot1x and Cisco ISE
  • Certificate based authentication
  • Virtual Private networks
  • PCAP analysis
  • Manage security engineering projects
  • Train and mentor junior team members
• Secondary duties as assigned (10%)
  • Malware and antivirus detection and removal systems
  • Media and data encryption applications and systems
  • Web content filtering and data inspection systems
  • Email spam filters and content inspection systems
  • Security event logging and monitoring systems
  • Security incident response and resolution: Investigations and reports, including the use and support of computer
  • Forensics tools (e.g., Encase)
  • Vulnerability management and testing systems
  • Evaluation, implementation and operation of new security solutions
• May act as a team lead. Provide leadership to the Security Engineering team members. Work closely with the team manager to monitor the work queue and identify areas for process improvement. Provide training/mentoring and development to other team members.

Minimum Knowledge, Skills, and Abilities Needed to Perform Essential Functions of the Job

• Must have an expert level knowledge of Cisco ASA configuration, administration, and troubleshooting. This includes expert command line knowledge. Knowledge of access-lists, NAT/PAT, inspection, object groups, and stateful failover should be at an expert level.
• Knowledge of Cisco SSL VPN technology including AnyConnect 4.x should be at an expert level.
• Must have expert knowledge of Cisco Firepower 5.x or 6.x. This includes expert knowledge of intrusion policies, access control policies, signature tuning, and event review.
• Experience remediating security issues, patching and upgrading network security systems, and performing major upgrades to network security systems.
• Experience responding to security incidents and conducting network forensics.
• Expert knowledge regarding TACACS, RADIUS, dot1x, and certificate based authentication. Management of Cisco ISE is required.
• Expert knowledge of Netflow
• Expert knowledge of data networking including TCP/IP, packet analysis, routing, switching, etc.
• Strong ability to mentor junior members of the team. Serve as an escalation point to resolve operational issues. Serve as a subject matter expert for numerous systems.
• Strong ability to learn new skills

Preferred Knowledge and Skills

Level of Complexity and Scope

• Manage a highly complex environment of network security controls.
• Tightly integrate network security systems with leading edge networking devices (routers and switches) managed by the Network Services team.
• Detail oriented approach to project management and implementation
• Work closely with the Director of Information Security Technology to architect network security solutions

Degree of Independence and Decision-Making

• Must be able to work independently to design and improve processes in the Security Engineering team.
• Must be a self-starter, seek opportunities to make improvements, and recommend solutions to management.

Required Supervisory Responsibilities

• May serve as a team lead if appointed by the Director of Information Security Technology

Physical Requirements

Compliance Statement

The associate is responsible for meeting all compliance requirements imposed on First Financial Bank by State and Federal law and regulation, as well as all related First Financial Bank policies and procedures. This includes all Bank Secrecy Act, Anti-Money Laundering, OFAC and Suspicious Activity reporting requirements, as well as all other lending and deposit compliance requirements.

Development and Training

Benefits

We have relevant, thoughtful benefits and programs that support every aspect of our associates' holistic wellbeing. Please review our Benefits Guide. 

Incentive Eligibility

All roles are incentive eligible with the exception of Co-Op, Intern, or Student positions.

It is our policy to not discriminate against any individual in violation of federal, state, and local laws as it relates to age, race, color, religion, national origin, sex, marital status, pregnancy, gender identity, disability, sexual orientation, genetic information, veteran/military service, or any other characteristic protected by law.

We are an E-Verify Employer.