CH2M Senior IT Network Security Engineer - Denver, CO in Englewood, Colorado

Support our corporate enterprise information security and have a hand in transforming tomorrow

As a Senior Network Security Engineer you will be an in-house subject matter expert who diligently assists with the improvement of information security across the organization by understanding the threats it faces and working closely within the Global Information Security Operations team to set direction via policy and technology mechanisms. You will work closely and collaboratively with other members of the Global Operations team, including systems, database, and network personnel. Participate in network security design and process discussions. Implement new secure networks per design or refresh existing secure networks. Ensure that network security systems within environment comply with company security policies, standards, and procedures. Perform hands-on support for a wide range of security technologies including, but not limited to: HIDS/HIPS, VPN, malware analysis and antivirus protection, content filtering, logical access controls, encryption, data loss prevention (DLP), content filtering technologies, cloud security, log correlation/management, vulnerability scanners, LDAP, and security incident response. Assists with post-mortem analyses of information security breaches, violations and incidents to illuminate root cause and lessons learned. Work with 3rd party security firms to support audits, outside penetration testing and vulnerability management. Provide technical guidance and training to other staff members within the organization. Some operational tasks/tickets by Participating in on-call rotation with the Information Security Operations team and performs other duties as assigned. The Senior Network Engineer will have primary responsibility for developing and implementing robust configurations and rule sets as they pertain to enterprise firewall management, a solid foundation in network implementations, understands the role of network security operations and can participate in design discussions and best practices. He/she would engage directly with infrastructure engineering teams to gather technical requirements, understand process, and implement new. If you’re up for the challenge, we’ve been looking for someone just like you. Join our team and help us lay the foundation for human progress.

The minimum qualifications for this position are:

  • Minimum 5 years of progressively responsible IT experience with at least 3 years of security/infrastructure protection experience.

  • High School diploma or GED with some technical training

  • Strong experience with Palo Alto Firewall administration

  • Hands on experience with networking and security hardware i.e. Routers, Switches, stateful firewalls, Palo Alto Networks firewalls

  • Hands on experience with networking and security software i.e. virtual Routers, Switches, stateful firewalls, VMware NSX.

  • CCNP level of networking knowledge –LAN, WAN, Firewall, Wireless

  • Experience with Cisco data center

  • BGP and OSPF routing protocols

  • Experience with Windows and Linux operating systems.

  • Experience with programming or scripting languages.

  • Hands on experience with logging/correlation/SIEM technologies, IBM QRadar preferred.

  • Experience with security vulnerability investigation and remediation (including tools such as Nexpose, Metasploit)

  • Hands on experience with endpoint security technologies i.e. encryption, antivirus, DLP, HIPs, and malware

  • Experience with Security Program/Roadmap design, and creation of security policies, standards, guidelines, etc.

  • Ability to troubleshoot complex networks and design network security solutions

  • Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management

The ideal candidate will possess the following skills and experience:

  • 4-year degree in related field i.e. Computer Science, Information Systems or related field

  • Familiar with patch management solutions for security related updates.

  • Able to conduct risk assessments, diagnose internet/extranet security issues, intrusion attempts, cyber-crime response, assist in responses to external audits, penetration tests, and vulnerability assessments

  • CISSP, Security+, Palo Alto Networks, or other Information Security related certifications preferred.

  • Self-motivated, proactive, independent and responsive – requires little supervisory attention

  • Someone already local to Englewood, CO is highly preferred

At CH2M, the greatest challenges provide the biggest rewards. Each day, your drive and creative ideas will be providing solutions that help build a better tomorrow. Whether it is the pride that comes with accomplishment, personal growth or making a difference in the world, you will discover true success in a career that brings out the best in you at CH2M. Ready? Let’s get to work. Developing People through Challenging Projects Relocation assistance is not available for this position CH2M will not sponsor an employment visa (e.g., H-1B visa, etc) to fill this position. CH2M is an Equal Opportunity Employer

CH2M is an Equal Opportunity Employer - M/F/Veteran/Disability. Learn more about your rights under Federal EEO laws and supplemental language.