Job Description

Overview

WAN Security Engineers support Enterprise-class network security technologies, which includes network firewalls, web proxy appliances, and Network Access Control solutions for the RCC-SWA. The WAN Security Engineers are responsible for the operations and maintenance (O&M) of the enterprise-class network security technologies, to include, troubleshooting, optimization, administration, change management and technical documentation. The core network technologies include Cisco ASA Firewalls, Cisco DMZ Switches, Broadcom BlueCoat, VPN Concentrators, and Cisco Secure Access Control System. The engineer will work on site alongside the Security Operations team to become thoroughly familiar with unique processes and requirements relative to the Department of Defense (DoD) specific configurations and challenges.

This position offers company-paid housing and transportation, a completion bonus and tuition reimbursement program!

You must satisfy all host country requirements to legally work in the host country in order to be qualified for this position.

Responsibilities

+ Provide enterprise-level customer support for all request to modify network firewall access-list.

+ Manage access control to all network devices in the theater

+ Troubleshoot and resolve web browsing issues

+ Support request for services hosted in the demilitarized zones (DMZ)

+ Assist with identifying malicious web activity.

+ Ensure that all technologies that are managed are compliant with all current DISA Security Technical Implementation Guides (STIGs).

+ Perform regular system maintenance in support of IAVA vulnerabilities and CCRI Compliance.

+ Provides network security policy recommendations, project planning, change control, firewall management, and access control list (ACL) management.

+ Extensive knowledge in certificate-based authentication for VPN Concentrators to allow Virtual Private Network (VPN) connections.

+ Create and maintain BlueCoat ProxySG web filtering policy, BlueCoat Reporter database, and BlueCoat Content Analysis System (CAS) scanning definitions.

+ Working knowledge of HTTP/S proxy servers and security (Web Cache Communication Protocol, browser interaction, and filtering / authentication.

+ Proven ability to troubleshoot TCP/IP layer issues via PCAP and SSL/TLS issues via Policy-Trace on the Bluecoat and/or PCAP software such as WireShark.

+ Support authentication, authorization, accounting (AAA) & auditing for all network devices and maintain records for accounts in Cisco ACS.

+ Knowledge and ability to troubleshoot routing protocols: EIGRP, RIP, OSPF, BGP, and MPLS.

+ Ability to implement standard and extended access-lists.

+ Ability to make accurate and independent decisions under pressure.

+ Experience with a customer service-oriented company.

+ Excellent organizational, interpersonal, written, and verbal communication skills.

+ Ability to perform comfortably in a fast-paced, deadline-oriented work environment.

+ Ability to successfully execute many complex tasks simultaneously.

+ The work environment will be 95% indoor and 5% outdoor.

+ Perform additional duties as assigned.

Qualifications

+ This position requires candidates to adhere to DoDD 8140.01. All candidates are required to maintain at least one (1) baseline certification and one (1) computing environment (CE) certification. Baseline certifications cannot also be used as a Computing Environment (CE) certification. The authorized certifications for this job title are listed as follows:

+ IAT Level: IAT III

+ BASELINE:

+ Cisco: CCNP Security (Cannot be used as a dual qualifier)

+ CompTIA: CASP+ ce: Advanced Security Practitioner

+ GIAC: GCED: Certified Enterprise Defender

+ GIAC: GCIH: Certified Incident Handler

+ ISACA: CISA: Certified Information Systems Auditor

+ ISC2: CISSP (or Associate): Certified Information Systems Security Professional

+ COMPUTING ENVIRONMENT (CE):

+ Microsoft: 365 Certified: Enterprise Administrator Expert

+ Blue Coat: BCCPP: Certified Proxy Professional

+ Cisco: CCIE: (Any)

+ Cisco: CCNP Security (Cannot be used as a dual qualifier)

+ Cisco: CCNP: (Any)

+ Microsoft: Certified: Azure Database Administrator Associate

+ Microsoft: Certified: Azure Security Engineer Associate

+ Microsoft: Certified: Azure Solutions Architect Expert

+ Microsoft: MCSA: Windows Server 2016

+ Microsoft: MCSE: CloudPlatform and Infrastructure

+ Microsoft: MCSE: Core Infrastructure

+ Microsoft: MCSE: Data Management and Analytics

+ Microsoft: MCSE: Productivity Solutions Expert

We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.