Network Operations (Firewall/Cyberattack Response Engineer)
We are actively seeking highly creative and intellectually curious Technology Professionals who are passionate about network security to join our team! This is an opportunity to display knowledge of your craft by having a hand in designing and building large scale firewall environments, honing our cyberattack response efforts and showcasing your expert level troubleshooting skills. Our firewall environment and cyberattack response efforts play a major role in protecting both our company and our customers, so ensuring optimal performance of the environment is critical. You will be an integral part in advancing the culture of technical excellence within Capital One, and helping our associates create experiences that will delight millions of customers!
On any given day you will:
- Tenaciously manage environment to ensure it is operating at optimal levels through proactive monitoring/tuning.
- Drive incident and problem resolution as a Tier 3 escalation resource – leveraging strengths of other associates as needed to identify actions which will lead to resolution of operational issues and problems.
- Consult with other technology support groups as part of problem resolution efforts
- Analyze firewall policies and configurations; identify/implement needed firewall policy changes
- Implement new platforms, code versions, and features to meet lifecycle management and business requirements
- Assess security vulnerabilities, identify mitigation plans and successfully implement them
- Contribute to enterprise strategy development/design standard development efforts
- Create and/or maintain standards documentation, design documentation/templates/ topology diagrams and workflow documents
- Participate in technology integration efforts with other engineering and support teams
- Ensure compliance with departmental and enterprise security configuration standards
- Serve as mentor and technical resource to more junior associates; train other associates through one-on-one or group technical discussions.
- Manage and govern relationships with technology vendors
- Provide direct support of audit and ad hoc consulting engagements
Successful candidates will possess:
- Strong to advanced knowledge of large scale Checkpoint firewall environment design, including MLM, CLM, CMA, MDS components in addition to gateways
- Strong knowledge of Distributed Denial of Service (DDoS) protection measures that can be implemented on network security devices
- Understanding of Interior Gateway Routing protocols (e.g., OSPF, EIGRP), Border Gateway Protocol (BGP) configuration, BGP peering, BGP route advertisements, prefix-lists and route-maps
- High level understanding of multi-tiered application traffic flow, server load balancing, global load balancing, and routing
- Operational experience with firewall technologies, including hardware refresh, software testing, software upgrades, and complex troubleshooting techniques
- Experience with Checkpoint firewalls, including advanced rule base design, rule base optimization, global objects, and DDoS protection measures (IPS)
- Strong knowledge of incident management, problem management, and change management best-practices
- A solid understanding of what comprises a scalable, robust, supportable design
- Strong verbal and written communication skills due to the need to communicate extensively with remote team members and vendors
- Experience using network management tools and packet captures to resolve operational issues - Automation skills. You know how to script and automate.
- A belief that standardization and automation is the path to happiness
- A bias toward action, along with an internal drive for continuous improvement
- Curiosity. You ask why, you explore, you’re not afraid to blurt out your crazy idea. It didn’t really kill the cat.
- No fear. Big, undefined problems and operational issues don’t frighten you. You can work at a tiny crack until you’ve broken open the whole nut and then clearly explain the issue in a manner that people who aren’t as knowledgeable in your area of expertise can understand.
- A passion for teamwork
- Working knowledge of current scripting languages
- Ability to work in a flexible work environment and multiple locations as needed
This position is an operational role. As such, periodic late night maintenance work and participation in an on-call rotation will be required.
- High school diploma, GED, equivalent certification or military experience
- At least 2 years’ experience in technical leadership of IT projects involving network security or at least 2 years’ experience supporting a large enterprise network infrastructure
- At least 4 years’ operational experience with firewall technologies
- At least 4 years’ experience with Checkpoint firewalls
- Bachelor’s degree
- CCSA (Check Point Certified Security Administrator) Certification,
- CCSE (Check Point Certified Security Expert) Certification
- CCSM (Check Point Security Master) Certification
- 4 years’ experience in technical leadership of IT projects involving network security or 4 years’ experience supporting a large enterprise network infrastructure
- 6 years’ operational experience with firewall technologies
- 6 years’ experience with Checkpoint firewalls
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.