Sr. Firewall Engineer Job



  Full Time   Employee

District of Columbia
United States

Sr. Firewall Engineer (Job Number:419734)


Job Description:

The Enterprise & Mission Solution Business Unit currently has an opening for an experienced senior Firewall Engineer to support a Department of State (DoS) Bureau of Information Resource Management (IRM) program. This program provides transparent, interconnected systems and security supporting the DoS in successfully carrying out its U.S. foreign policy mission. IRM provides enterprise architecture design, engineering, operations and maintenance support services for desktops, servers, networks, firewalls, and enterprise applications across the Department. Program is named "Vanguard" and is an IT consolidation consisting of the Department's servers, mainframes, network devices, network perimeter, anti-virus engineering, public key infrastructure (PKI)/biometrics/encryption, monitoring tools, telephony, mobile computing platform, virtual environment, and enclave design/security engineering. This is a master level position within the Vanguard Service Management Office (SMO), providing Tier II and Tier III monitoring, configuration, and support to multiple firewall and perimeter security systems. This position is for a senior Firewall Engineer with extensive direct experience in designing, configuring, and integrating Palo Alto and McAfee Stonegate firewalls into an enterprise wide perimeter architecture. The position directly supports the Perimeter Security Division (PSD) Firewall (FW) branch of DoS.

Description of Duties:

- Performs system-level design, configuration, integration and implementation of perimeter security products to include firewalls, email security appliances, proxy devices, switches, and routers.
- Works with an experienced team of network engineers in performing vulnerability and fault analysis on enterprise perimeter devices, and developing and implementing system remediation and recovery plans.
- Plans, documents, and implements hardware and software refresh
- Develops engineering orders and change requests for senior management decision that describe detailed configuration changes to the enterprise perimeter.
- Provides technical guidance for directing and monitoring information systems operations. Implements and maintains perimeter security systems.
- Collaborate with Cross-Bureaus and Agencies to implement network changes as it relates to perimeter security
- Support Diplomatic Security Computer Incident Response Team by implementing IP Address blocks as directed
- Troubleshoot perimeter security devices in conjunction with vendor provided support
- Attend weekly teleconferences, onsite meetings, and participates in working groups, as related to constant changing security environment.
- Provides technical guidance for directing and monitoring information systems operations.
- Directs compilation of records and reports concerning perimeter operations and maintenance. Troubleshoots perimeter performance issues.
- Manages the testing, installation, and support of perimeter security devices.
- Directs compilation of records and reports concerning network operations and maintenance. Troubleshoots network performance issues. Analyzes network traffic.
- Perform configuration, and installation of replacement perimeter devices


Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.

Required Qualifications:

- Direct and detailed experience in configuring and integrating Palo Alto and McAfee Stonegate firewalls into an enterprise network
- Direct and detailed experience in configuring, implementing, managing, and monitoring Palo Alto Virtual System (Vsys) firewalls using Panorama
- Direct experience in monitoring, configuring, and maintaining enterprise level perimeter security architectures
- Direct experience in configuring and maintaining one or more of the following perimeter security devices: Cisco IronPort Email Security Appliance (ESA), BlueCoat proxy servers, A10 devices.
- Basic Microsoft Windows Server 2003/2008 implementation and troubleshooting from a security/firewall perspective
- Basic knowledge in configuring Cisco switches
- Basic knowledge configuring CISCO networking devices
- Basic TCP/IP network implementation and troubleshooting
- Familiarity with network monitoring tools such as NeuralStar, Nagios, Zenoss, etc.
- Focus of experience should be on IT customer support (Tier II or Tier III)

Desired Qualifications:

- ITIL ® Foundation certification.
- CISSP certification.
- Certifications: StoneGate Firewall/VPN Architect Certification, StoneGate Management Client (SMC) Certification, Microsoft Certified Professional (MCP), Network+, Security+
- Excellent technical writing skills.
- Familiarity with DoS environment (data and voice networks, IT security systems, policies and procedures), Foreign Affairs Handbooks (FAHs), Foreign Affairs Manuals (FAMs) preferred.
- Interpersonal skills including the ability to collaborate effectively, self-awareness, and excellent written and oral communications.

Clearance Requirement:

- Must be a US Citizen and possess a US SECRET security clearance and have the ability to obtain a Top Secret security clearance


SAIC Overview:SAIC is a leading provider of technical, engineering and enterprise information technology services to the U.S. government. Our 13,000 employees deliver systems engineering and information technology offerings for large, complex government programs, as well as a broad range of higher-end, differentiated technology services. The company is headquartered in McLean, Va. For more information, visit

EOE AA M/F/Vet/Disability

Job Posting: Aug 2, 2016, 1:50:28 PM
Primary Location: United States-DC-WASHINGTON
Clearance Level Must Currently Possess: Secret
Clearance Level Must Be Able to Obtain: Top Secret
Potential for Teleworking: No
Travel: None
Shift: Day Job
Schedule: Full-time

To apply for this job, contact:
Jane Ormerod

Save This Job

Email This Job to a Friend