Applies advanced professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Determines methods, techniques, and evaluation criteria to obtain results.
As a Network Security Engineer, this role has significant impact and influence on implementation of organizational policy and programs in the area of UCSF’s IT network security infrastructure. This role is responsible for the following:
- Provide professional level technical network security implementation skill set for enterprise and Data Center environments of UCSF.
- Configure/Install and manage various network security devices, features, and technologies including, but not limited to firewalls, Intrusion Detection/Prevention systems, Network Access Control solutions, Web filtering solutions, Network packet brokers, network traffic visibility solutions, DDI (DNS, DHCP and IP Address Management), VPN, SASE, Load Balancers, CASE and CASB solutions.
- Assist in the development of network device hardening standards.
- Apply advanced professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues.
- Determine methods, techniques and evaluation criteria to obtain results.
- Research and evaluate alternative technologies and architectures in relation to UCSF’s network security infrastructure needs.
- Interface with management, IT-Security and vendors to develop and implement new solutions to meet business requirements.
- Act as an escalation for resolving problems in the enterprise network and its network security systems.
- Participate in on-call duties and work some evenings, weekends, and holidays as required to support UCSF initiatives.
- Work collaboratively in a cross-functional environment with UCSF’s IT Security and systems engineering teams to identify network security risks and issues and create plans to mitigate and resolve them.
- Assist IT network architects in developing capacity planning and risk management reports.
The final salary and offer components are subject to additional approvals based on UC policy.
To see the salary range for this position (we recommend that you make a note of the job code and use that to look up): TCS Non-Academic Titles Search (ucop.edu)
Please note: An offer will take into consideration the experience of the final candidate AND the current salary level of individuals working at UCSF in a similar role.
For roles covered by a bargaining unit agreement, there will be specific rules about where a new hire would be placed on the range.
To learn more about the benefits of working at UCSF, including total compensation, please visit: https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html
- Cisco Certified Network Professional (CCNP) and / or equivalent experience/training
- Palo Alto Networks Certified Security Network Security Engineer
- Certified Information Systems Security Professional (CISSP)
- AWS Solution Architect or AWS Cloud Practitioner Certification
- Advanced knowledge of security architectures in private and public cloud environments
- Advanced knowledge, skills, and experience with Juniper Routing and Switching products
- Thorough knowledge of structured cabling systems, network facilities, electrical, UPS, etc.
- Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, load balancing, packet capture, and/or data loss prevention. Experience designing and implementing network services within public cloud environments (e.g., AWS, Azure). Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention. Experience performing packet and flow analysis with various toolsets including in-line taps, firewall/IPS appliances, network routers, and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools. Experience designing and working with firewall, DDI services, VPN, load balancing, and intrusion prevention systems. Ability to generate reports, create presentations, and present to appropriate stakeholders. Experience working in project-based environments, able to effectively collaborate and communicate with individuals and teams across an organization. Ability to contribute expertise to design discussions and support the development of network solutions.
- Bachelor's degree in a related area and/ or equivalent experience/training.
- 5+ years of relevant progressive experience
- Advanced knowledge of various network security devices, features, and technologies like firewalls, Intrusion Detection/Prevention systems, Network Access control solutions, Web filtering solutions, Network packet brokers, load balancing, DDI (DNS, DHCP, and IP Address Management), VPN and network traffic visibility solutions
- Demonstrated knowledge of various VPN technologies
- Advanced knowledge of network security protocols, technologies, standards, and tools
- Advanced knowledge of various authentication protocols and solutions
- Advanced understanding of modern enterprise TCP/IP data networks using standards and technologies including but not limited to OSPF, STP, RSTP, 802.1Q, Multicast, Quality of Service, and tunneling protocols
- Advanced knowledge, skills, and experience with Cisco Routing and Switching products
- Demonstrated knowledge and experience with network device management tools, technologies, and products like SASE, CASE, and CASB solutions
- Understands implications of work on other areas of IT and Business.
- Self-motivated and works independently and as part of a team with minimal supervision. Participate in Network on-call rotation supporting a 24/7 environment.
- Clearly understands the communications and network needs of the organization and has the skills needed to address those needs
- Demonstrated ability to gather, organize, and analyze data in the completion of a variety of functional assignments