The Network Security Engineer Lead ensures the security, stability, and integrity of all internal and external firewalls. This is achieved by planning, designing, developing, and managing firewall rules that comply with company security requirements and risk acceptance. In addition, the Network Security Engineer Lead participates in the design, installation, monitoring, maintenance, refresh, support, and optimization of all network firewall hardware and software.
Manage firewalls that protect our complex and diverse network; includes design, installation, monitoring, administration, and maintenance.
Respond to the evolving threat landscape and our changing business needs by developing and maintaining efficient and secure firewall policies and configurations.
Complete requests for updates to firewall policies that often require critical thinking and careful analysis.
Troubleshoot user-reported issues, either updating firewalls to resolve, or directing people to an alternate solution.
Investigate and help resolve network events and issues discovered by other infoSecOps teams.
Adhere to processes and procedures for change management and trouble ticket resolution, and maintain documentation as changes are made.
Lead architecture designs for network security platforms, including remote access and site-to-site VPN, and network growth that requires additional firewalls.
Develop, maintain, and organize documentation for SME platforms and internal processes.
Teach, train, and guide other team members to improve their skills.
Model strong adaptability and the ability to readily expand knowledge and expertise as new opportunities arise.
Maintain awareness of developing trends and best pracices in security, and continue to deepen established skills with ongoing personal development.
Maintain a netflow collection and analysis platform, and ensure that relevant data and events are forwarded to our SEIM.
Ensure that firewall and system logs for our platforms are forwarded to our SEIM.
Collaborate with Network and Systems teams to ensure that appropriate monitoring and alerting is done for our platofrms and that events are resolved.
Attend interdepartmental and project meetings and serve as team representative.
Provide high-level support to others in general problem resolution.
Participate in team on call rotation as required.
Perform other duties as assigned
Bachelor's degree in related discipline such as Computer Science, Business, Mathematics, Statistics, Science or Engineering
Master's Degree (preferred).
and 4 - 5 years of related experience, preferably at least 2 years in a supervisory capacity
(or an equivalent combination of education and experience)
Required Technical Skills:
Knowledge of computer networking concepts and protocols, and network security methodologies; knowledge of cyber threats and vulnerabilities; knowledge of encryption.
Skill at managing systems in a disciplined IT environment.
Skill at troubleshooting issues and critical thinking.
Knowledge of and familiarity with physical and virtual network devices (hubs, switches, routers, firewalls, etc.)
Skill in understanding the configuration of diverse firewall features, including packet filtering, routing, NAT, threat protection / IDS, IPSec and SSL VPN, etc. Skill in general firewall administration, with emphasis on Palo Alto or Cisco firewalls preferred.
Skill in assessing, testing, and evaluating tools (current and proposed) to identify areas for improvement.
Skill in technical writing and presentation.
Skill in analyzing and reporting on team performance and ways to improve.
Required Business Skills:
Ability to succeed at customer satisfaction and appropriate follow-through in all interactions coupled with a sense of urgency when needed, while working under pressure and handling multiple, competing priorities.
Ability to understand and model organizational mission, vision and values.
Ability to re-prioritize projects for self and others as unplanned events occur to ensure immediate urgent tasks are completed and larger important goals are still ultimately met.
Ability to communicate complex information, concepts, or ideas clearly in a confident and well-organized manner through verbal, written, and / or visual means.
Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment.
The University of Rochester is committed to fostering, cultivating, and preserving a culture of equity, diversity, and inclusion to advance the University’s mission to Learn, Discover, Heal, Create – and Make the World Ever Better. In support of our values and those of our society, the University is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion/creed, sex, sexual orientation, citizenship status, or any other status protected by law. This commitment extends to the administration of our policies, admissions, employment, access, and recruitment of candidates from underrepresented populations, veterans, and persons with disabilities consistent with these values and government contractor Affirmative Action obligations.
How To Apply
All applicants must apply online.
EOE Minorities/Females/Protected Veterans/Disabled
Location: Central Administration
Full/Part Time: Full-Time
Opening: Full Time 40 hours Grade 055 University IT / IS
Schedule: 8 AM-5 PM