Network Security Engineer - Pelham Berkeley Search

We are hiring for a long term Network Security Engineer consultancy.

In a very hands-on capacity you will responsible for the engineering, support and administration of several core network security tools... interesting projects, very professional and high-end environment working at a firm in midtown Manhattan.

Information Assurance tasks:

• Manage firewall policy and configuration review processes.
• Manage vulnerability management program.
• Manage threat hunting program using Carbon Black Response to track and contain suspicious activity on the network.
• Oversee external penetration testing and perform internal tests.
• Manage incident response program, incident playbooks and various procedures and workflow for incident and crisis management.
• Deliver executive reports on security posture and emerging industry threats to senior management.

Operations tasks:

• Work with team on day-to-day incident response tasks.
• Client VPN and Multi-Factor Authentication, and IP space administration
• Manage different perimeter security solutions consisting of Palo-Alto and Cisco Nexgen firewalls.
• Performed policy modification of file integrity solution Carbon Black Protect (Bit9).
• Maintain and improve monitoring solution – LogRhythm SIEM; implemented new AI Engine rules and tune existing ones.
• Support identity access management solutions – Cisco ACS, ISE.
• Work as an escalation point for tier 1 and 2 SOC.

Audit tasks:

• Respond to internal and external audits.
• Review compliance for various government regulations (FFIEC, SWIFT CSP, OCC,…).
• Participated in internal investigations and preparation of executive summaries for management.

Requirements include:

• 3+ years of work experience supporting enterprise security solutions including experience with next generation firewalls such as Palo Alto and Cisco FireSIGHT/FirePOWER
• Must have in-depth knowledge of network security best practices and various tools (Cisco VPN, Palo Alto VPN, Cisco ACS, Cisco ISE, NGFW, Solarwinds, IP Management tools, WireShark,...). 
• Palo Alto Minemeld, Demisto, Snort, Security Onion, Tenable, Nessus, Cuckoo, LogRhythm, Carbon Black/Bit9
• Strong understanding of routing protocols (OSPF, BGP, EIGRP,...).
• Ability to create accurate system diagrams and documentation for design and planning network security systems.
• Knowledge of application transport and network infrastructure protocols.
• Scripting, penetration testing, and vulnerability management tools is preferred but is not required.
• CCNP Security and/or CISSP preferred
• Completed Bachelor’s degree with Computer Science or related (math, engineering,...) course of study