Hampton Roads Transit is looking for dynamic, customer service oriented, and energetic people to become part of a committed team providing excellent and effective public transportation to the Hampton Roads region. In addition to rewarding careers and professional development opportunities, we offer unmatched benefits and competitive wages in a stimulating environment that will provide you with the flexibility and training tools to grow.
The Network Security Engineer brings strong virtual and physical network security expertise to enterprise security architecture and team-oriented security operations. Taking the lead as subject matter expert for network security investigations, training, and team designed network architecture the Network Security Engineer performs network level incident response while maturing HRT’s network security design. Using traditional security tools, and providing support for systems level investigations, and vulnerability management the Network Security Engineer supports device and system communications security across security boundaries. Providing both configuration audit and implementation services the network security engineer improves agency investigation and IT network risk management capabilities through application careful researched and measured network access management principals.
Working in conjunction with IT security team members, cross discipline IT security team members, and stakeholders under IT security management, the Network Security Engineer provides consultation and hands on development of network security integrations and boundary architecture. The network security engineer serves to advance agency cloud platform initiatives application and infrastructure team members to secure virtual, cloud, and physical network topologies.
Essential Job Functions and Responsibilities:
Assists IT security management in promoting security culture, policies, and standards excellence.
Serves as an example of IT security stewardship and practice excellence.
Serves as a trainer of IT security principles, threats, and standards to HRT employees, and technical staff.
Collaborates with management, cross-discipline engineer, technician, and non-IT staff for evaluation and implementation projects.
Follows formal and informal management established processes including change management, configuration management, and other organizational structures.
Develops and maintains system design documentation, tailored procedure documents, and training and socialization materials as required.
Fosters and maintains a safe and team uplifting collaborative working environment.
Communicates effectively orally and in writing.
Maintains a high level of professionalism and discretion handling sensitive data and security topics.
Demonstrates an excellent work ethic in support of IT security initiatives to support agency initiatives and the maturity of its IT security Program.
Demonstrates ability to multitask and prioritize to achieve on-time delivery of expected work product.
Fosters and facilities a safe and team oriented working environment.
Day to Day Operations
Takes a lead role in staying up to date on network and cloud infrastructure level threat intelligence and global security event impacts to agency.
Maintains reviews and responds to security alerts for AV and EDR platforms.
Monitors and responds to inquiries and work requests through ticketing, call number, and email systems.
Monitors network security system, log analytics, and other log sources to interpret for unusual or suspicious activity.
Monitors, assesses and enforces vulnerability management system detections and remediation strategies.
Develops and maintains system documentation including inventory, system design documents, as-builts, system security/disaster recovery plans, and incident response plans.
Provides recommendations and implements mitigations for network level threats as SME.
Deploys, manages, and maintains Network security appliances and physical and virtual node architecture.
Develops and communicates awareness of network security threats.
Reviews, designs, and implements network firewall security access requests and security architecture.
Develops and implements network node and topology security tool and logic improvements to enhance WAN/LAN security.
Reviews, develops, and maintains system design documentation, tailored procedure documents, and training and socialization materials as required.
Performs direct network implementations operations as need to support security implementations.
Performs ongoing network infrastructure security configuration tasks for all IT and OT networks including switching, routing, and firewall administration.
Assesses and performs vulnerability management activities for systems that may impact network security.
Monitors, audits, and recommends security implementations for network and network hardware and specialized software dedicated to the operation of ICS systems.
Audits, monitors, and resolves technical security implementation issues for established and new real-time and ICS networks.
Installs monitors and maintains physical security network nodes including camera and access control equipment along the Light Rail alignment and general facilities.
Performs preventative maintenance in accordance with HRT’s established state of good repair guidelines.
Provide structured or ad hoc user training as required to help customers effectively utilize HRT computerized systems.
Monitors email system security tickets and responses, performs mitigation implementations for phishing and other attacks.
Participate in Incident Response activities as per established HRT guidelines and as needed to support IT Security.
Coordinate network security activity with team members. Maintain cyber security awareness, support Endpoint Protection, respond to cyber security incidents in accordance with established policies and procedures.
Ensure adherence to HRT minimum hardware/software requirements; participate in cyber security reviews, assessments, and audits.
Performs other duties as assigned (including but not limited to):
Provide network node configuration assistance and troubleshooting.
Provide solution evaluation research and evaluation of new network architecture and products.
Perform technology records and inventory records management in accordance with agency’s policy and procedures.
Documents all work activities in a work order management system; participate in Change Management process as per established guidelines
Designs and implements cross team approved network and system security design.
Manages records created and received in compliance with the Hampton Roads Transit Records Management Policy and Procedures.
Maintaining a general awareness of HRT’s EMS functionality and provides connectivity and monitoring assistance for networked nodes.
Handles job responsibilities in accordance with HRT’s Environmental Policy, relevant EMS Standard Operating Procedures, and Emergency Management Plan.
Develops and provides system metrics as required to IT Security management.
Provides rotating and on-call security support for incident management.
Leads Network forensic root cause analysis and threat mitigation response.
Develops detailed incident reports, root cause analysis, and remediation steps for IT Management.
Required Knowledge, Abilities and Skills essential to Job Functions:
Operational Abilities, Knowledge and Skills:
Ability to stay current on and translate emerging network threats and mitigating solutions into real world implementations.
Ability to research, assess, and implement security products and features that will effectively address potential threats to the HRT network environment.
Demonstrates collaborative planning, training, and implementation skills working with firewalls, alteration or intrusion prevention and detection systems, anti-virus software, data encryption, and other industry-standard security solutions.
Ability to create thorough and concise documentation including network As-builts, network access rule validation and diagrams for system support and cross training.
Demonstrates proficiency in effective oral and written English communication skills.
Ability to review packet capture data for network forensics and troubleshooting.
Ability to translate real world scenarios into managed
Demonstrates Strong knowledge and proficiency in:
NIST & NIST CSF, ISO standards.
PCI DSS Compliance Standards and necessary control implementation.
Radio Technology security protections including configurations for encryption, and high availability design.
Demonstrates Expert knowledge and proficiency in:
Vulnerability Management systems and mitigations.
Network Security Architecture concepts
Network segmentation application stages, implementation, and troubleshooting.
Zones of Trust/Zero Trust concept application in design and implementation.
DMZ Configuration integration security and monitoring.
Network Node Management:
Configuration Backup and Monitoring systems.
SNMP, NetFlow, and data extraction/translation.
Network File Transfer architecture, systems, and Protocols (i.e., SFTP, SMB/SAMBA, MFT)
System Interface security (API presentation, Clientless VPN.
Network Authentication Systems - Radius, Kerberos, PKI.
Designing, heat map testing, planning, and implementing of 802.11 architecture and necessary channel and authentication security.
PKI Infrastructure Management.
Reviewing WAN, LAN architecture and protocols.
Designs and improves technical capture and analytical systems for Network level UEBA.
Technical Abilities, Knowledge and Skills
Proficiency and experience in listed Technologies are essential for adequate performance to complete job duties. Efficient use of listed technologies is critical for advanced analysis and issue resolution associated with the listed hardware, software, and services used to perform job responsibilities.
Demonstrates Functional knowledge of and some technical ability in:
Web Application front end security protection including reverse proxy and Database safeguards.
Securing wireless security for Radio shortwave and commercial, NFC and Bluetooth technologies.
Securing PaaS Containerized and “serverless” resource delivery
Network level implementation and monitoring of Electronic Security Systems including Badge Reader and Surveillance Systems.
Demonstrates proficiency and strong technical ability in:
Windows and Linux OS Host Based Firewall management.
Network Access Control Systems and Technologies such as NAC, 802.1x.
SAML and OAuth provider integrations.
Microsoft Office Email, compliance, and security tools.
Microsoft Azure Networking, and IT Security Architecture including AIP.
Demonstrates Expert level proficiency and technical ability in:
Implementing, network node inventory status configuration and event data systems including SNMP Traps/monitors, Syslog/Syslog NG message.
Implementing auditing, scoping, and implementing noise reduction techniques for Network Log/Log Analytics Systems.
SolarWinds Orion Console management and node monitoring.
ACL Management of network devices.
Palo Alto Firewall Configuration for IPS, UEBA, VPN.
Network Tap Hardware Management.
Authentication and Authorization services integration and configuration including Microsoft Network Policy Server, Radius Server, AD FS, and Azure AD.
Public and Private DNS and DNS Security auditing and management including management within Microsoft and Palo Alto platforms.
DHCP and IPAM Security system implementation and management.
PKI Certificate infrastructure management auditing automation and maintenance.
VPN Security Configurations.
Certificate and Identity authentication methods.
VPN Gateway Configuration.
Network and Device Policy Restrictions.
Client/Clientless VPN user connectivity security and experiences.
Site to Site VPN access.
Design assessment and implementation and 802.11x architecture and wireless security including access control and coverage mapping.
SMTP and Email Protocol and System management/integrations and security.
AV & EDR systems management.
Vulnerability Management systems and remediation research and implementation.
Design assessment and implementation of Azure Virtual Networking components including Load Balancers, Firewall, Application Gateway, VNET and IP Space Management.
Palo Alto Network Security rule and system configuration implementation and administration including NAT, External Gateway Protocols, VPN (clientless, Site to Site, client portal)
Palo Alto security feature implementation, monitoring, and refinement.
Required Software Knowledge and Skills essential to Job Functions:
Proficiency in using computer systems and the listed software applications associated with performance of assigned work is essential. Basic problem-solving skills associated with software applications used is expected. Software usage relevant to job duties will be evaluated.
Palo Alto PAN-OS
Azure Information Protection
Azure Active Directory
Perform all job duties and responsibilities in a safe manner to protect one’s self, fellow employees, and the public from injury or harm. Promote safety awareness and follow safety procedures and policies. Take an active part in reporting unsafe conditions and any hazards within the workplace to their Supervisor, Manager and/or the Safety Department.
Training and/or Education:
Associates or bachelor’s degree in Computer Sciences, Information Technology, IT Security, IT Systems Engineering, or related field or relevant combination of experience.
5+ years of experience administering system/network security in Windows environments.
3+ Years working in Azure cloud environments.
5+ Years working administering cisco/palo alto network systems.
3+ Years working in as network administrator or network security role administering network security policies, software tools, and devices.
5+ years working hands on providing unassisted in-depth Network support (switching, routing, firewall, IPS)
3 years working to provide Incident Response investigative, containment, remediation, and recovery network services.
Heavy experience using Wireshark, Sys Internals, and other opensource tools.
Licenses or Certificates:
Virginia Driver’s License
At least one of Security+, SSCP, or CySA+ Certifications (Or Higher)
At least one of Network+, CCNA, Cisco Certified CyberOps Associate (Or Higher)
Palo Alto PCNSA (or Higher)
CySA+ (or Higher)
Microsoft (Azure: AA, ASEA)
This position is classified as essential personnel.
Must be able to pass federal government background screening process for local military installation access
On Call/After Hours support duties are expected per established policies and rotation schedule.
Incident Response may dictate availability for On Call/After Hours support.
Work requires high-speed operation of keyboard devices. Also requires lifting and transferring of computer and networking equipment as needed. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Work involves meeting multiple demands on a timely basis. Duties may require overtime for emergency scenarios.
Accessibility: If you need an accommodation as part of the employment process please contact Human Resources at Phone: 757-222-6000 Email: firstname.lastname@example.org
Equal Opportunity Employer, including disabled and veterans.
Hampton Roads Transit is looking for dynamic, customer service oriented, and energetic people to become part of a committed team providing excellent and effective public transportation to the Hampton Roads region. HRT is proud to be an Equal Opportunity Employer.