Description

Network Security Engineer

What you will do:

As part of JCI's ongoing and exciting digital transformation strategy, as a Network Security engineer you will work with the wider global network and IT teams, business partners and managed service vendors to manage and maintain the physical and logical Enterprise Security infrastructure (firewalls, remote access platforms, Cloud proxies, Cloud security & perimeter security devices etc.) portfolio in Johnson controls.

Our Network infrastructure consists of a large global footprint of more than one thousand sites supporting over one hundred thousand employees ranging from datacenters, manufacturing plants, sales branches, and customer contact centers with exposure to wide range of exciting network technologies and vendors such as Cisco, Fortinet, ZScaler, Silverpeak SDWAN, F5 Networks, Tufin, Microsoft Azure, Google GCP and many more partners.

The role will be working as part of a global high-performance team focused on continuous network security infrastructure delivery and upgrades, maintenance and operational activities, delivery of security configurations and services, incident and change management, network security design and compliance, equipment ordering, scheduling, security device life cycle management, operational handover, vendor management and network security infrastructure asset management.

How you will do it:

• Manage and implement network security infrastructure
  • Firewall configuration and rule management (Cisco/Fortinet/ZScaler/F5/Tufin)
  • Cloud proxies services
  • Network Access control
  • Employee and Partner remote access VPN services
  • IPS/IDS
  • Cloud based Web application firewall
• Design, build, operate and automate security solutions and processes to protect the integrity of the organization's networks, systems, applications and data.
• Work closely with Security team partners/Business Relationship Managers , Field IT leadership and managed service suppliers to ensure successful identification and timely delivery of network security services to the business.
• Participate and consult(in partnership with the Network lifecycle refresh team) the identification, selection and prioritization of security infrastructure refresh components to ensure alignment with risk avoidance, strategic goals and organizational priorities.
• Respond to security incidents, including data breaches, and coordinate with other IT teams to mitigate the impact of any security breaches.
• Conduct regular security audits to identify vulnerabilities in the network and implement measures to address them.
• Partner with IT audit to remediate security gaps in a timley manner.
• Drive and develop automation opportunities for the management of security infrastructure.
• Manage the global Network security infrastrucutre inventory in CMDB.
• Ensure timely quote turnaround for security infrastructure delivery.
• Ensure all network asset data is accurate and support contracts are in place.

What we look for:

Required

• Strong Network Infrastruture Security background in both on prem physical security components (firewalls, IDS/IPS , remote access and internet proxies) as well as cloud security services (Zscaler , Azure, GCP).
• Strong Knowledge in Cisco security hardware
• Strong Knowledge of NAC technologies (e.g ISE or clearpass or FortiNAC or forescout)
• Strong Knowledge in Fortinet security services suite – Fortigate, Fortimanager, FortiAnlayzer
• Experience of Tufin Firewall Orchestration suites (Securetrack and Securechange)
• Experience testing and implementing security related changes in a production environment.
• Experience working with 3rd party vendors and managed network service providers.
• Great organisational skills.
• Strong experience of working on SIEM tools like Splunk to analyze logs and correlate events.
• Solid understanding of industry standard Cybersecurity Frameworks and compliance requirements
• Experience in Enterprise level network security incidents and change Management process.
• Solid technical understanding of DMZs, security policies, secure application traffic flows, WAF, DDoS protection, SSL offloading and inspection.
• Familiarity with Zero Trust Network Architecture is desirable
• Experience with private and public cloud providers is a plus, (e.g., AWS, Azure, GCP, Nutanix, OCI, VMWare) particularly in connectivity, availability, resilience, and security.
• Familiarity with service now Ticketing and CMDB is desirable
• Demonstrated capability to take part as lead security engineer in multi-phase / multi-year network projects or programs, leading these projects to successful implementation.
• Strong technical troubleshooting skill.
• Strong vendor management experience.
• Excellent oral and written communication skills to provide clear messages to all levels.
• Demonstrated ability to effectively establish and maintain strategic working relationships with peers and constituents at all levels of the organization.
• Demonstrated analysis and problem solving skills using innovative thinking.
• Knowledge of ITIL based practices.
• Knowledge of Python and automation skills are desirable.

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Systems, or other applicable discipline.
• 5+ Years of proven Network security hands on experience at global Enterpirse organizations .
• Network security Professional level certification such as (Cisco , Zscaler , Fortinet , Tufin etc)
• CISSP, CEH, CISM or CISA certifications is a plus.