Network Security Engineer

IT - Network Engineering

Full Time

86620BR

Job Summary
Certain terms and conditions of employment for this position, including the rate of pay, benefits, etc., are currently subject to negotiation with the appropriate union.
The Network Security Engineer within the University of California, San Francisco's (UCSF) Information Technology (IT) department will ensure the security and integrity of UCSF's network infrastructure. The Network Security Engineer supports the planning, design, optimization, implementation, audit, and troubleshooting of network security systems. The Engineer improves the overall security posture of UCSF and its assets. The Security Engineer will partner with other teams, including security operations, governance, and system administrators, to successfully design and deploy required solutions to harden UCSF platforms.

The Network Security Engineer will

• Configure/Install and manage various network security devices, features, and technologies, including, but not limited to Firewalls, DDI (DNS, DHCP and IP Address Management), VPN, Network Access Control solutions, Web Filtering solutions, CASB and SASE systems, Intrusion Detection/Prevention systems, Network Packet Brokers, and Network Traffic Visibility solutions
• Fulfill project requests and tasks for our clients (Firewall Policy, VPN tunnel creation, DDI, CASB Incident Response, applying web filter entries, etc.)
• Manage and mitigate vulnerabilities for the devices that are backed by the Network Security Team
• Resolve problems and break/fix incidents on the enterprise network and its network security systems.
• Provide an administrative-level technical network security implementation skill set for the enterprise and Data Center environments of UCSF
• Assist in the development of network device hardening standards
• Apply professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues.
• Establish methods, techniques, and evaluation criteria to obtain results.
• Interface with management, IT-Security, and vendors to develop and implement new solutions to meet business requirements
• Serve as an escalation point for junior staff

The final salary and offer components are subject to additional approvals based on UC policy.

Your placement within the salary range is dependent on a number of factors including your work experience and internal equity within this position classification at UCSF. For positions that are represented by a labor union, placement within the salary range will be guided by the rules in the collective bargaining agreement.

The salary range for this position is $136,000 - $204,000 (Annual Rate).

To learn more about the benefits of working at UCSF, including total compensation, please visit:

Department Description

University of California, San Francisco (UCSF) is distinguished as a leading academic healthcare organization, home to groundbreaking discoveries, world-class education, and exceptional healthcare services. Infrastructure Services (IS) is the backbone of the technological infrastructure, assuring the technical services that enable the academic, medical, and research missions of the organization. Beyond a focus on maintaining systems and resolving issues, we are committed to nurturing the potential of our team members and empowering them to excel. UCSF Infrastructure Services provides 24/7 support to the University community, upholding the highest level of responsiveness and reliability at all times for our customers. IS values innovation and excellence in ensuring secure and efficient IT services, regardless of the hour or complexity of the issue.

The Network Security Engineer will report to the Manager, Network Security, who serves as the network security technical leader for the network services team at UCSF. The Network Security Engineer is responsible for the physical design, documentation, and implementation of all network security services under the network security portfolio.

Ensures IT meets both the current and future network service needs of a broad range of customers, partners, and key stakeholders in administrative and academic units. Guides a team of engineers to drive innovative solutions, ensuring the delivery of best-in-class service to UCSF. Directs strategic and operational planning to achieve business goals, prioritizing initiatives and coordinating the evaluation, deployment, and management of current and future IT systems across the organization. Ensures flexible, efficient, and reliable systems able to adjust to future demands consistent with the health and campus growth and vision.

The IT Network Services department comprises Network Security, Network Field Services, Network Wired and Wireless Services, and Network Infrastructure Services. We are one of a few organizations within the Academic Healthcare space with an IT Network Organization that supports clinical, research, and academic environments. With an overall customer satisfaction rating of 95%, we take pride in our work, community service, research, academic, and healthcare missions.

Required Qualifications

• Bachelor's Degree, or equivalent combination of experience/training in one or more of the following fields: computer science, engineering, computer information systems, etc.
• 5-7 years of experience working in one or more of the following fields: network services, information technology, network security, or network operations.
• Cisco Certified Network Professional (CCNP) and/or equivalent experience/training
• Demonstrated advanced knowledge of various network security devices, features, and technologies like firewalls, intrusion detection and prevention systems, network access control solutions, web filtering solutions, network packet brokers, load balancing, DDI (DNS, DHCP, and IP Address management), VPN, and network traffic visibility solutions.
• Demonstrated advanced knowledge of various VPN technologies.
• Demonstrated advanced knowledge of network security protocols, technologies, standards, and tools.
• Demonstrated advanced knowledge of various authentication protocols and services.
• Demonstrated advanced understanding of modern enterprise TCP/IP data networks using standards and technologies including but not limited to: OSPF, STP, RSTP, 802.1Q, Multicast, Quality of Service and tunneling protocols.
• Demonstrated advanced knowledge of security architectures in private and public cloud environments. Experience designing and implementing network services within public cloud environments (e.g., AWS, Azure).
• Demonstrated advanced knowledge, skills, and experience with Cisco Routing and Switching products.
• Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, load balancing, packet capture, and/or data loss prevention.
• Understands implications of work on other areas of IT and business.
• Proven ability to learn effectively and meet deadlines. Self-motivated and works independently and as part of a team with minimal supervision. Participates in network on-call rotation supporting a 24/7 environment.
• Excellent communication skills with the ability to convey technical information to both technical and non-technical personnel. Ability to support the creation of presentation materials, generate reports, and lead presentations to stakeholders.
• Demonstrated advanced ability to gather, organize, and analyze data in the completion of a variety of functional assignments.
• Demonstrated advanced problem-solving skills. Ability to diagnose and resolve network connectivity issues, in a timely manner. Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention.
• Familiarity with network security best practices and the ability to implement and maintain firewall rules, access controls, and intrusion detection/prevention systems.
• Excellent interpersonal skills, with the ability to work effectively with colleagues and stakeholders across departments.

Preferred Qualifications

• Demonstrated advanced knowledge, skills, and experience with Juniper Routing and Switching products.
• Demonstrated advanced knowledge and experience with network device management tools, technologies, and products like SASE, CASE, and CASB solutions.
• Extensive knowledge of structured cabling systems, network facilities, electrical, UPS, etc.
• Experience performing packet and flow analysis with various toolsets, including in-line taps, firewall/IPS appliances, network routers, and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools.
• Palo Alto Networks Certified Network Security Engineer and/or equivalent experience/training
• Certified Information Systems Security Professional (CISSP)
• AWS Solutions Architect or AWS Cloud Practitioner Certification

License/Certification

• Cisco Certified Network Professional (CCNP) and/or equivalent experience/training

About UCSF
At UCSF Health, our mission of innovative patient care, advanced technology and pioneering research is redefining what's possible for the patients we serve - a promise we share with the professionals who make up our team.

Consistently ranked among the top 10 hospitals nationwide by U.S. News & World Report - UCSF Health is committed to providing the most rewarding work experience while delivering the best care available anywhere. In an environment that allows for continuous learning and opportunities for professional growth, UCSF Health offers the ideal atmosphere in which to best use your skills and talents.

Pride Values

UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values.

In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at

Join us to find a rewarding career contributing to improving healthcare worldwide.

Equal Employment Opportunity

The University of California is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected status under state or federal law.

Organization

Health

Job Code and Payroll Title

COMM AND NETWORK TCHL ANL 4

Job Category

Clinical Systems / IT Professionals

Bargaining Unit

University Professional Technical Employees - Technical Unit (UPTE-TX)

Employee Class

Career

Percentage

100%

Location

San Francisco, CA

Campus

Mission Center Building (SF)

Work Style

Flexible

Shift

Days

Shift Length

8 Hours

Additional Shift Details

Mon-Fri, 9-5, as required after hours support