Network Security Engineer

Network Security Engineer

IT Data Network

Full Time

76372BR

Job Summary

Applies advanced professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Determines methods, techniques, and evaluation criteria to obtain results.

As a Network Security Engineer, this role has significant impact and influence on implementation of organizational policy and programs in the area of UCSF's IT network security infrastructure. This role is responsible for the following: Provide professional level technical network security implementation skill set for enterprise and Data Center environments of UCSF. Configure/Install and manage various network security devices, features, and technologies including, but not limited to firewalls, Intrusion Detection/Prevention systems, Network Access Control solutions, Web filtering solutions, Network packet brokers, network traffic visibility solutions, DDI (DNS, DHCP and IP Address Management), VPN, SASE, Load Balancers, CASE and CASB solutions. Assist in the development of network device hardening standards. Apply advanced professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues. Determine methods, techniques and evaluation criteria to obtain results. Research and evaluate alternative technologies and architectures in relation to UCSF's network security infrastructure needs. Interface with management, IT-Security and vendors to develop and implement new solutions to meet business requirements. Act as an escalation for resolving problems in the enterprise network and its network security systems. Participate in on-call duties and work some evenings, weekends, and holidays as required to support UCSF initiatives. Work collaboratively in a cross-functional environment with UCSF's IT Security and systems engineering teams to identify network security risks and issues and create plans to mitigate and resolve them. Assist IT network architects in developing capacity planning and risk management reports. The final salary and offer components are subject to additional approvals based on UC policy. To see the salary range for this position (we recommend that you make a note of the job code and use that to look up): TCS Non-Academic Titles Search Please note: An offer will take into consideration the experience of the final candidate AND the current salary level of individuals working at UCSF in a similar role. For roles covered by a bargaining unit agreement, there will be specific rules about where a new hire would be placed on the range. To learn more about the benefits of working at UCSF, including total compensation, please visit:

Department Description

The Network Security Engineer will report to the Manager, Network Security who serves as the network security technical leader for the network services team at UCSF.

The Network Security Engineer is responsible for the physical design, documentation, and implementation of all network security services under the network security portfolio.

Ensures IT meets both the current and future network service needs of a broad range of customers, partners, and key stakeholders in administrative and academic units. Guides a team of engineers to drive innovative solutions, ensuring the delivery of best-in-class service to UCSF. Directs strategic and operational planning to achieve business goals, prioritizing initiatives and coordinating the evaluation, deployment, and management of current and future IT systems across the organization. Ensures flexible, efficient, and reliable systems are able to adjust to future demands consistent with the health and campus growth and vision.

The IT Network Services department is comprised of Network Security, Network Field Services, Network Wired and Wireless Services, and Network Infrastructure Services.

We are one of a few organizations within the Academic Healthcare space with an IT Network Organization that supports clinical, research, and academic environments.

With an overall customer satisfaction rating of 95%, we take pride in our work and our community service, research, academic and healthcare missions.

Required Qualifications

Bachelor's degree in a related area and/ or equivalent experience/training. 5+ years of relevant progressive experience Advanced knowledge of various network security devices, features, and technologies like firewalls, Intrusion Detection/Prevention systems, Network Access control solutions, Web filtering solutions, Network packet brokers, load balancing, DDI (DNS, DHCP, and IP Address Management), VPN and network traffic visibility solutions Demonstrated knowledge of various VPN technologies Advanced knowledge of network security protocols, technologies, standards, and tools Advanced knowledge of various authentication protocols and solutions Advanced understanding of modern enterprise TCP/IP data networks using standards and technologies including but not limited to OSPF, STP, RSTP, 802.1Q, Multicast, Quality of Service, and tunneling protocols Advanced knowledge, skills, and experience with Cisco Routing and Switching products Demonstrated knowledge and experience with network device management tools, technologies, and products like SASE, CASE, and CASB solutions Understands implications of work on other areas of IT and Business. Self-motivated and works independently and as part of a team with minimal supervision.

Participate in Network on-call rotation supporting a 24/7 environment. Clearly understands the communications and network needs of the organization and has the skills needed to address those needs Demonstrated ability to gather, organize, and analyze data in the completion of a variety of functional assignments

Preferred Qualifications

Cisco Certified Network Professional (CCNP) and / or equivalent experience/training Palo Alto Networks Certified Security Network Security Engineer Certified Information Systems Security Professional (CISSP) AWS Solution Architect or AWS Cloud Practitioner Certification Advanced knowledge of security architectures in private and public cloud environments Advanced knowledge, skills, and experience with Juniper Routing and Switching products Thorough knowledge of structured cabling systems, network facilities, electrical, UPS, etc. Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, load balancing, packet capture, and/or data loss prevention. Experience designing and implementing network services within public cloud environments (e.g., AWS, Azure). Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention. Experience performing packet and flow analysis with various toolsets including in-line taps, firewall/IPS appliances, network routers, and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools. Experience designing and working with firewall, DDI services, VPN, load balancing, and intrusion prevention systems. Ability to generate reports, create presentations, and present to appropriate stakeholders. Experience working in project-based environments, able to effectively collaborate and communicate with individuals and teams across an organization. Ability to contribute expertise to design discussions and support the development of network solutions.

About UCSF

The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world's leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.

Pride Values

UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values.

In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce.

We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care.

Additional information about UCSF is available at

Join us to find a rewarding career contributing to improving healthcare worldwide.

Equal Employment Opportunity

The University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Organization

Campus

Job Code and Payroll Title

000545 COMM AND NETWORK TCHL ANL 4

Job Category

Clinical Systems / IT Professionals

Bargaining Unit

99 - Policy-Covered (No Bargaining Unit)

Employee Class

Career

Percentage

100%

Location

Mission Center Building (SF)

Shift

Days

Shift Length

8 Hours

Additional Shift Details

Mon-Fri, 8-5, after hours as required, On-Call

#J-18808-Ljbffr