The final salary or hourly wage, as applicable, paid to each candidate/applicant for this position is ultimately dependent on a variety of factors, including, but not limited to, the candidate’s/applicant’s qualifications, skills, and level of experience as well as the geographical location of the position.

Applicants must be legally authorized to work in the United States. Sponsorship not available.

Our client is seeking a Palo Alto Engineer x 2 in Vienna, VA.

Role Description

Network Security Engineering services to Navy Federal is to validate existing firewall rulesets in place and approve new firewall requests for Navy Federal’s on-premise and cloud firewalls. The project requires that all firewall rules be reviewed and optimized, removing legacy rules, and validating business owners for existing production rules to meet Automated Cybersecurity Evaluation Toolbox (ACET) evolving private banking audit requirements. Additionally, the project requires security engineering services support the integration of FireMon and ServiceNow ticketing to automate the quarterly and annual firewall rules compliances reviews.

Network Security Services
• Firewall Rule analysis across various vendor devices (over 30,000 firewall rules & 11,000 servers)
• Ensure new firewall rule requests align with Navy Federal’s security and compliance policies
• Recommendation of Firewall Rule security and design improvements
• Validation of rules to disable
• In depth troubleshooting of infrastructure as applicable
• Establish and maintain system documentation
• Integration support between FireMon and ServiceNow
• Integration support between Firemon and Illumio
• Tracking of Firewall Rule status and their metrics
• Ability to provide OnCall coverage and work after-hour changes as needed to support project/KTLO efforts

Firewall Rule Configuration and Audit Consulting:
• Review existing FireMon rule audit reports and findings with Navy Federal’s team (hit counts, unused rules, etc.)
• Determine process for rule owner identification and cleanup
• Review of firewall rules – Cisco and Check Point virtual firewalls
• For each rule, determine current asset owner and document
• For each rule, validate if the firewall rule is still required for all assets covered by rule (consult Navy Federal rule owners)
• For each rule, if rules contain assets that are no longer in production or policy that is no longer required document finding and schedule change control to remove/clean up rule from existing firewall policy.
• Leverage existing firewall management tools for discovery and maintenance/cleanup:
• Adaptive Security Device Manager (ASDM)/Cisco Defense Orchestrator and FireMon Security Manager
• Determine and document process for validating rules with Navy Federal team members
• Monitor ServiceNow ticket queue to avoid SLA delay for client tickets

Skills & Requirements

• Bachelor's Degree in Computer or Electrical Engineering, Computer Science or related field or equivalent work experience
• 7 – 10 years advance hands on experience and knowledge
• General understanding of Cisco CDO for legacy NFCU Cisco ASAs
• Knowledge of Palo Alto SCM for NFCU NGFW (Next Gen Firewall) migration and level of effort
• Checkpoint experience needed
• FireMon experience needed
• Azure Cloud experience a plus
• Palo Alto experience a plus
• Splunk experience needed
• Cisco CCNA cert **OR CompTia Security+ (Plus) Certification**
• Worked in a larger company environment (preferably financial institution)
• Cross functional communication
• 76+ years experience
• Cisco CDO & Cisco ASA
• Palo Alto SCM
• Checkpoint
• Firemon & Splunk
• Experience working for a large company before with a lot of firewalls
• Azure cloud
• A Cyber Security Engineer protects the organization's computer systems and networks for cyber threats by implementing security measures, monitoring systems, and responding to incidents
• Expertise in executing security measures for protection of data, systems, and networks
• Proficiency in firewalls, VPNs, IDS/IPS, web proxies, etc.
• Strong attention to detail and problem-solving skills

Benefits/Other Compensation

This position is a contract/temporary role where Hays offers you the opportunity to enroll in full medical benefits, dental benefits, vision benefits, 401K and Life Insurance ($20,000 benefit).

Why Hays?

You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there’s a position you really want, you’re fully prepared to get it.

Nervous about an upcoming interview? Unsure how to write a new resume?

Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.

Hays is committed to building a thriving culture of diversity that embraces people with different backgrounds, perspectives, and experiences. We believe that the more inclusive we are, the better we serve our candidates, clients, and employees. We are an equal employment opportunity employer, and we comply with all applicable laws prohibiting discrimination based on race, color, creed, sex (including pregnancy, sexual orientation, or gender identity), age, national origin or ancestry, physical or mental disability, veteran status, marital status, genetic information, HIV-positive status, as well as any other characteristic protected by federal, state, or local law. One of Hays’ guiding principles is ‘do the right thing’.
We also believe that actions speak louder than words.
In that regard, we train our staff on ensuring inclusivity throughout the entire recruitment process and counsel our clients on these principles. If you have any questions about Hays or any of our processes, please contact us.

In accordance with applicable federal, state, and local law protecting qualified individuals with known disabilities, Hays will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text 813.336.5570.

Drug testing may be required; please contact a recruiter for more information.

#LI-DNI