15168 Security - 15168 IT Security Operations | NYC, New York, United States

Job Description: *UPDATED 3/24/23: Dear Vendors, the manager has an urgent need to fill this position. We've updated the job description and tier. A vendor call will be scheduled to discuss. (Please note the technical qualifications and the 'hands-on' experience needed. Thank you, Sylvia
-------------------------------------------------------------------------------------------

*PLEASE NOTE THIS POSITION MAY ALLOW CONSULTANT TO WORK ON A HYBRID REMOTE SCHEDULE (3 DAYS ONSITE/ 2 DAYS REMOTE) UPON START

JOB SUMMARY:

MTA is looking to onboard a Forescout Administrator to assist in maintaining, upgrade, and new deployment of appliances in all its agencies. Security Operations team needs an experienced engineer to join their team. Qualified Consultant will be responsible for all aspect of Forescout deployment such as design, architecture, implementation, policy development, security, integration, and troubleshooting. The candidate should monitor the system and remediate issues in a timely manner.

JOB RESPONSIBILITIES:

• Provide Forescout Subject Matter Expertise services to customers including, product deployment, configuration, health checks, optimization, training, and troubleshooting.
• Implement, install, and troubleshoot Forescout, including the development of custom content, monitoring system health, performing upgrades/updates, and ensuring proper operation of physical & virtual appliances.
• Assist Security Engineers in the proper application of vulnerability scanning technologies across a network environment
• Work with Engineers to troubleshoot network connectivity issues including running WireShark, interfacing with various operation organizations to isolate faults and submitting/verifying firewall change requests
• Document the network configurations of solution elements including creating drawings and text descriptions
• Proactively identify and prioritize issues on behalf of the customer, communicate and explain issues to customer verbally or in writing, develop plans to address issues, get approval for plans, and drive plans to successful completion.
• Assist customer business units with implementation plans and network designs.
• Assist Firewall and VPN team in upgrade and deployment of security equipment
• Coordinate and lead meetings and provide written summaries.
• Collabo*** with customer regarding deployment techniques, feature requests, and product issues.
• Provide regular progress reports on deployment, performance, open issues internally and with vendors integrating with customer Forescout installation

TECHNICAL QUALIFICATIONS:

• Experience with design and configuration of Forescout products
• Understanding of enterprise computing environments, distributed applications, and strong knowledge and understanding of TCP/IP networks to include Cisco ASA, Palo Alto firewalls, and Avaya/Nortel switches
• Knowledge of TCP/IP and enterprise network protocols (LDAP, DNS, SMTP, SNMP, DHCP, and authentication protocols)
• Hands-on experience in both Windows and Linux, Mac OSX platforms with a solid understanding of networking principals and security best practices
• Understanding of the system hardening processes, tools, guidelines, and benchmarks
• Computer Networking Systems Administrator’s level Knowledge of all protocol layers
• Expertise in debugging and root-cause analysis in complex systems and large environments
• Understating of programming languages: Java, and Perl
• Strong experience in network troubleshooting and configuration (tcpdump, Wireshark, etc.)
• Knowledge of Network equipment configuration (Switch, Router, Firewall)
• Linux O/S installation, security configuration, and management
• Hands-on experience with Forescout solutions (preferred).
• Working knowledge of Linux/UNIX, and Windows operating systems.
• Virtualization environments for both desktop and server deployments
• Ability to gather, analyze, and interpret data in order to efficiently and effectively take action
• Working knowledge of industry security standards, procedures and technologies.
• Demonstrated excellent oral and written communications, including presentation skills for audiences of varying levels of technical understanding.
• Ability to constructively handle and address customer concerns through explanation or management escalation.
• A self-motivated individual with a ‘can do’ attitude.
• Ability to work independently in a mix of workplace environments including large enterprise, commercial, and military / government agency customers.
• Network security analysis and/or ICS networking experience
• Experience in network security principles and standards
• Experience in enterprise-level customer interaction with a strong customer support attitude
• Strong knowledge and experience working in a geographically distributed team-based engineering environment
• Bachelor’s degree in Computer Science, Engineering, or equivalent industry experience

MUST HAVE HANDS-ON TECHNICAL EXPERIENCE:

• Fine-tune Forescout, CounterACT Policies, and module integrations for scalability, and performance improvements.
• Integ*** and troubleshoot several technologies which included, but not limited to Linux, Layer 2 & Layer 3 network devices, Mobile and WiFi solutions, Enterprise Antivirus solutions, SNMP versions 1, 2, & 3, and 802.1x
• Configure and design networks capable of network traffic replication to NAC, IDS/IPS systems using port mirroring (Cisco SPAN), VLANs, ACLs, and network taps
• Build SQL queries, and LDAP queries to integ*** with CounterACT.
• Build Domain Controllers, SQL servers, NPS servers, DNS Servers, DHCP servers, and File Servers.
• Design and implement automated access control-based policies on trusted VS non trusted devices, compliance level, and endpoint device type using dynamic access lists, VLAN changes, and virtual firewall
• Facilitate knowledge transfers to potential customers, and influenced CounterAct implementation expansions.
• Provide real-time reports which included device inventories and compliance status
• Work with Project Managers, Security Engineers, Network Engineers, Systems Administrators, and Compliance team to implement the CounterAct NAC appliance to enterprise environments to ensure network compliance.
Additional Sills:

*Either skills or additional skills are required

Skills:

Category	Name	Required	Importance	Experience
Areas of Expertise	Networking	Yes	1	4 - 6 Years
Software Skills	Red Hat Linux	Yes	1	2 - 4 Years
Software Skills	Windows 10	Yes	1	2 - 4 Years
Technical Skills	Transmission Control Prototype/Internet Protocol (TCPIP)	Yes	1	4 - 6 Years