The Data Center Application Delivery team is looking for engineers that can help design, sustain and secure today’s infrastructure with an eye towards the future in network virtualization, programmability and application delivery. Integration within the team will allow the engineer to work in a collaborative environment focused on the standards and best practices defined with the following technology: Firewall, Web Application Firewall (WAF), Global Site Load Balancing (GSLB), and Server Load Balancing (SLB).
• Work with application developers to understand application fingerprints and data flows and to configure policy point devices to pass appropriate traffic and only appropriate traffic in concert with existing security policies
• Work with security policy point vendors to evaluate new and emerging products for relevance within Comcast security model
• Understand security zone concepts in the context of a large ISP
• Create layer three drawings for location of, type of, and number of network policy points including but not limited to Firewalls and ACL’s creating an appropriate number of trust zones, in concert with existing security policies
• Assist application developers to understand end to end traffic flows and to create and implement troubleshooting and test scripts
• Evaluation of firewall and router logs and traffic routing validating that appropriate traffic is being passed between application elements
• Enhance current security practices and participate in the review of security incidents to identify solutions that will prevent future occurrences.
• Design and refine security processes, and create documentation and training material hold training sessions as required
• Take lead role as assigned on various interdepartmental projects
• Provide advanced technical support for policy point device problems
• Follow Engineering design life cycle with proper documentation handoff to Operations and Implementation groups ensuring that all detailed designs adhere to established network standards
• Maintain consistent records and documentation of all detailed network designs and configuration data
• Keep the appropriate people informed and aware of the status and progress of work activities and business issues that affect the department
• Consistent exercise of independent judgment and discretion in matters of significance.
• Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) and overtime as necessary.
• Other duties and responsibilities as assigned.
• Experience in the design and comprehensive understanding of IP Security concepts including well-known services, ports, protocols and socket programming.
• Advanced experience with at least two firewall vendors such as F5, Fortinet, Palo Alto and Checkpoint
• Advanced experience with the following centralized firewall policy managers: F5 BiG-IQ, Fortinet FortiManager, Panorama and Checkpoint Provider-1
• Solid understanding of Web Application Firewall (WAF) functions and experience designing within a large data center environment: F5 ASM, Fortinet FortiWeb
• Understand well known network exploit techniques such as SYN flooding and IP fragmentation and relevant defense strategies against such attacks.
• Understand centralized authentication authorization and accounting services such as those provided by RADIUS servers and/or certificate authority servers and the integration of such servers into security posture for network elements such as servers, databases and routers.
• Advanced experience in working with the Python Programing Language and in the automation of routine tasks
• Will be cognizant of application to network interactions and impacts such as bandwidth, latency and security.
• Experience mapping business requirements to technology capabilities, identifying gaps and omissions, and designing end-to-end solutions.
• Creative, self-motivated team player willing to take the lead to develop cutting-edge solutions.
• Clear and effective verbal and written communications skills.
• Demonstrated initiative to initiate and build relationships both internally and externally with minimal supervision/direction from management.
• Proven ability to manage multiple tasks/projects as well as to lead small, directed projects.
– Bachelor's Degree or Equivalent– Engineering, Computer Science
– Generally requires 5-8 years related experience
Comcast is an EOE/Veterans/Disabled/LGBT employer and all qualified applicants will receive consideration for employment without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex or any other legally protected category.
To apply for this job please visit topspotjobs.com.