Job Posting Title: Palo Alto Security Technical Lead/Manager

Clearance: Top Secret\ Tier 5(T5)-Single Scope Background Investigation (SSBI)

Start Date: Contingent upon contract award

IndraSoft, Inc. is seeking a highly qualified Senior to SME level Security Engineer with an active Top Secret clearance to support our DoD client, located in Seaside, CA. The selected, highly motivated candidate will implement, configure, manage, and monitor IDS/IPS solutions for a geographically dispersed, high-availability enterprise. The successful candidate will leverage demonstrated experience in network engineering, threat management, and vulnerability management, coupled with proven subject matter expertise in Palo Alto and Cisco suites of products, to support DoD cybersecurity requirements and objectives.

Qualifications Required:

• Must be a US citizen, possess a DoD Top Secret clearance: Minimum vetting Tier 5(T5)-Single Scope Background Investigation (SSBI)

• Active DoD 8570 IAT Level 3 certification for compliance, including at least one of the following certifications in good standing: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH

• Computing Environment Certification

• Bachelor's degree and 10+ years of Information Technology or Cybersecurity related experience

• 5+ years of experience with operations and management of Palo Alto Hardware and products to include Next generation Firewalls, Panorama, SSL Decrypt, Threat Prevention, URL Filter, and Wildfire

• Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
• Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
• Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
• Knowledge of DoD cybersecurity policies, practices, and requirements

Desired Qualifications:

• Experience in an enterprise environment (1500 servers plus 2500 workstations)
• Experience configuring disaster recovery (DR) environments
• Experience with Cisco routers/switches and Palo Alto firewall solutions, including the integration of Active Directory with Palo Alto
• IT/Network monitoring and modeling experience, preferably utilizing SolarWinds and RedSeal
• Knowledge of F5 local traffic manager (LTM) and Web Application Firewall (WAF)

Job Description:

The successful candidate will be responsible for deploying, configuring, and monitoring Palo Alto solutions across the enterprise both on premise and cloud environments, including oversight of the Palo Alto Panorama solution, and integration with existing infrastructure and security controls. Once operational, be responsible for the day-to-day analysis, engineering and maintenance of the IPS/IDS solution both on-site and in the cloud.

Key Responsibilities:

• Serve as the Technical Lead for IPS/IDS Proxy Break and Inspect products/systems
• Serve as a Line Manager for staff supporting cybersecurity network activities (RedSeal, IDS/IPS) ranging from a staff of 1 to 5 staff members over the life of the contract
• Lead and manage the deployment, design and day to day system administration and analyst functions for both DMDC & DHRA on premise and cloud infrastructures
• Build and configure IPS/IDS break and inspect devices according to DISA STIGs and Security Requirements Guides (SRG)
• Work with the Network Team to implement, configure, and troubleshoot Palo Alto firewall solutions
• Implement Palo Alto Firewall features such as URL filtering, User-ID, App-ID, Content-ID on both inbound and outbound traffic
• Facilitate the implementation of SSL decryption (break and inspect) for full visibility of network traffic
• Create correlation policies, customized rules, responses and violations based on threats.
• Configure the system to a series of responses to a policy violation
• Perform event analysis to reduce false positive alerts and optimize the performance and effectiveness of IPS to protect network assets by tuning the decoders, preprocessors and rules to optimize the performance and effectiveness.
• Automate responses and reporting
• Ensure system backup and restore procedures are in place and operating
• Troubleshoot any connectivity or operational issues
• Access
  • Manage access control lists and audit logs settings, dashboard settings and database event limits
  • Configure and create access control policy. Configure what network traffic to pass through the appliances and what type of detection to perform on the traffic
  • Manage user accounts and roles
  • Identify users and hosts that should be removed from the network
• Metrics/Reporting
  • Create dashboards to monitor significant events, traffic and data collection
  • Provide weekly Scanning and Monitoring reports
  • Create IDS/IPS metrics detailing security posture
  • Create and maintain the IDS/IPS Break and Inspect topology diagram
  • Create weekly, monthly and in-progress review presentations, as needed
• Create and maintain Standard Operating Procedures (SOP)
• Provide direct support for ports, protocols, and services management (PPSM)
• Support other cybersecurity objectives as required, including patch and vulnerability management, network monitoring, intrusion detection, intrusion prevention, and log analysis
• Facilitate vendor support, as needed

Physical Demands:

While performing duties of the job, the successful candidate will be exposed to normal demands of an office environment, including:

Sitting and working on a computer for long, continuous periods each day; effective communications by telephone, email, and face-to-face; standing, walking, and sitting; handling and feeling objects or controls; reaching; talking and hearing; lifting and/or moving up to 20 pounds; and specific vision abilities including close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust and focus.

Work Environment: The noise level in the work environment is usually moderate.