We are looking for a Network Security Engineer to work with our Building Services Provider client across their Network and Infrastructure programme for an initial 6 months contract assignment. (The duration is very likely to extend & the role is OUTSIDE IR35)
The role can be carried out in a hybrid model of 2 days on site in Reading and the rest remote.
Some days in Reading will be required to meet with the team. Some EU travel most likely to Germany. Potentially some out of hours and weekend work for migrations, but not very often.
Their parent company released a Network Security Standards document and they need to bring their network security up to these standards across their DC's and manufacturing plants. The first trench of work will be to carry out a discovery and gap analysis against the document, then create and action a remediation plan. In the first instance, the focus is on their primary DC in Frankfurt.
The standards align to controls derived from the NIST Cyber Security Framework (CSF), CIS Critical Security Controls standards, and industry security best practices tailored to the client. The document includes items such as:
1. SD-WAN
2. SD-WAN Edge Gateway
3. SD-WAN Control Plane
4. SD-WAN Control Management Plane
5. Secure Service Layer
6. Firewall-as-a-Service (FWaaS)
7. Intrusion Prevention Services (IPS) with SSL Decryption
8. URL Filtering
9. Cloud Access Security Broker (CASB)
10. Data Loss Prevention (DLP)
11. Zero-trust Network Access (ZTNA)
12. DNS Security
13. Design Patterns for Specific Traffic Flows
14. Palo Alto Technical Configurations
15. SSL Decryption Categories
Here is a snapshot of technology used within BMI:
* LAN - Cisco
* FW - Palo Alto
* Secure Access - Palo Alto Prisma Access & Claroty Secure Access
* Wireless - HPE Aruba
#J-18808-Ljbffr