The selected candidate will support LANL's firewall devices as a member of the Network Security Operations Center team (NSOC). Selected candidates will primarily be responsible for security engineering functions related to either the network firewalls (i.e. Palo Alto) or the web application firewalls/application delivery controllers (i.e. F5 BIG-IP) based upon their qualifications. In addition, firewall engineers may supplement support for additional security devices owned and managed by the NSOC or the incident handling functions of the NSOC team through cyber security event monitoring, triage, and response.
- Engineering solutions to support the modernization of LANL's security infrastructure
- Mid-to-top tier support for LANL's F5 local traffic manager or the Palo Alto Firewall
- Development and tuning of firewall zones and security policy rules
- Support for firewall migration efforts from old configurations to new
- Translate customer requirements into technical implementations
Minimum Job Requirements:
- A deep understanding of the cyber security environment including network and/or application security issues, concepts, compliance, and certification
- Demonstrated experience deploying, configuring, and administering the full suite of services provided by F5 BIG-IP or Palo Alto firewalls
- Advanced knowledge of system architectures, computer networks, and software.
- Strong analytical, documentation, communication, and teaming skills.
- Experience leading or mentoring junior engineers focused on technical and soft skill sets
Education/Experience: Cybersecurity Technical Staff 3 typically requires a bachelor's degree and a minimum of 8 years of related experience, or an equivalent combination of education and experience.
- Linux system administration experience.
- F5 BIG-IQ or Palo Alto Panorama experience
- DevOps, CI/CD, agile practices (e.g. Scrum, Kanban, Scaled Agile Framework) experience
Location: This position will be located in Los Alamos, NM with the potential for a hybrid work arrangement (partially onsite/partially offsite) from a location within 2 hours ground commute of this location. Reporting onsite will be periodically required. Hybrid is at the discretion of management and can change at any time with appropriate notice.