Senior Network Security Engineer
What will I be doing?
The Senior Network Security Engineer is responsible for network security solutions spanning areas such as: network traffic analysis and blocking technologies (e.g., security zone design, intrusion prevention, advanced threat defenses, netflow); network segmentation; firewalls and load balancing; multi-factor authentication; remote access; web content management; critical network infrastructure services such as DNS and DHCP. The Engineer is also chiefly responsible for identifying and recommending security hardening enhancements and instilling a security by design philosophy. The Engineer will lead in the creation and delivery of technical standards in working closely with the global IT organization and service providers to implement continuous improvements.
* Familiar with best practice and real-world secure configurations for Cisco routing, firewalling, wireless access, and intrusion prevention solutions, Juniper, FireEye, F5, Riverbed, BlueCoat, and SolarWinds technologies, as well as network configurations within virtualized and cloud hosted service offerings
* Network device secure configuration hardening and management practices, including deploying, enforcing, and measuring conformance / consistency
* Threat modeling network intrusion scenarios and designing monitoring / alerting mechanisms to detect abuse
* Analyze and control Internet egress, including web content filtering and host-level access control methods
* Demonstrate strong leadership skills, be able to work independently as well as be able to effectively work collaboratively and cross-functionally as a member of a team
* Approach complex situations strategically while also executing deliverables and managing time tactically, Strong oral and written communication skills are required
Hilton World Wide Inc. is acting as an Employment Agency in relation to this vacancy.
What are we looking for?
To fulfill this role successfully, you must possess the following minimum qualifications and experience:
- BA/BS/Bachelor's Degree or equivalent years of experience in lieu of a degree
- A minimum of eight (8) years of related experience
- Ability to travel 25% of the time
- Experience in best practice and real-world security hardening of large-scale data center, LAN, and WAN topologies. A strong understanding of general enterprise, system, and application security issues in a globally distributed environment
- Intimate knowledge of network / security protocols and services including: TCP/IP, MPLS, BGP, DNS, DHCP, TLS, WCCP, IPSec, RADIUS, 802.1x, client and site-to-site VPNs
- Experience with complex firewall ACL analysis and optimization; modeling traffic traversing multiple segments / firewalls to identify gaps in access policies. Familiar with methods for managing access policies across data center and remote site firewalls
- Experience designing and implementing DDoS mitigation measures
- Experience architecting, deploying, and troubleshooting in-line security solutions such as IPS and FireEye
- Ability to solve problems and / or automate network device and security management tasks with at least one scripting language (python, PERL, etc.)
- Experience implementing defense-in-depth design concepts using native and third-party tools
- Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as ISO 27001, CSA, NIST 800-53, and PCI DSS
- MS/MA/Master's Degree
- License or Certificate in CISSP, CCIE Security, SANA or GIAC
- Knowledge of hotel-based IT systems and applications
- Experience deploying micro-segmentation solutions within large enterprises
- Experience designing network security solutions for managing IoT device connectivity
- Experience designing, implementing, or managing AWS VPCs
- Experience tuning logging configurations to optimize SIEM performance and forensic investigations; experience defining and authoring custom alerts tailored to a specific environment
- Experience using network access methodologies to detect unauthorized configurations (e.g., access points, dual homing, connections to public networks)
Hilton is the leading global hospitality company, spanning the lodging sector from luxurious full-service hotels and resorts to extended-stay suites and mid-priced hotels. For nearly a century, Hilton has offered business and leisure travelers the finest in accommodations, service, amenities and value. Hilton is dedicated to continuing its tradition of providing exceptional guest experiences across its global brands. Our vision to fill the earth with the light and warmth of hospitality unites us as a team to create remarkable hospitality experiences around the world every day. And, our amazing Team Members are at the heart of it all!