Network security engineer, firewall expert

- Design, implement, and uphold extensive network security protocols aligned with NIST SP 800-171 and CMMC Level 2 - Work closely with architects to integrate security measures within every design, focusing on the segmentation of CUI assets - Create, validate, and manage network-level controls for Identification & Authentication (IA) and System & Communications Protection (SC) - Contribute technical details to the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and compliance documentation - Ensure configuration management and established change-control processes are maintained for compliance - Conduct security impact assessments for proposed changes ensuring CMMC requirements are met - Plan and implement a centralized LDAP for directory services and user authentication - Deploy and manage TACACS+ for access control across network devices - Set up and oversee Multi-Factor Authentication (MFA) for privileged and remote accounts - Guarantee unique identification and authentication for all users and devices - Integrate IAM systems with centralized logging and SIEM tools for audit support - Design and deploy Remote Access VPNs and IPSec tunnels for secure connectivity - Configure and administer Next-Generation Firewalls (NGFWs) to enforce traffic control policies - Implement and fine-tune Intrusion Prevention Systems (IPS) to identify and block malicious activities - Conduct regular vulnerability assessments and penetration tests prioritizing compliance issues - Integrate security logs with centralized SIEM systems and perform Root Cause Analysis for incidents - Serve as a point of escalation for the Security Operations Center (SOC) - Ensure CUI is encrypted in transit and at rest according to standards - Implement network segmentation and access-controlled zones to protect CUI - Securely configure syslog, NTP, SNMPv3, and TLS for audit and event tracking - Enforce least-privilege access to CUI repositories and verify logging for privileged actions - Perform periodic configuration audits to support CMMC compliance - Maintain configuration baselines and run compliance checks on network devices - Automate log collection and validation of configuration integrity - Keep detailed network documentation, change management records, and segmentation diagrams - Support field deployments, system improvements, and on-site security hardening - Participate in incident response exercises and contribute to after-action reviews - Collaborate with engineering teams to embed security in radio network designs - Mentor junior engineers during security and compliance training sessions - Ensure servers, databases, and applications conform to hardened configurations - Drive ongoing improvements within the Security Program Initiative - Recommend tools and solutions to enhance operational efficiency