Network Security Engineer

The University of Southern California's (USC's) Information Technology Services is seeking a talented Network Security Engineer with an exceptional commitment to service excellence to join its team. As the Network Security Engineer, you will be an integral member of the Firewall Services team, collaborating with diverse and talented team members to help solve multidimensional information technology problems, improve customer experience, and generate value for our campus stakeholders across a broad base of departments and constituencies.

The Network Security Engineer will be tasked with supporting/assisting with tickets related to Firewalls, VPN Connectivity, Load Balancer Environments, Cloud engineering/guidance, and DNS requests.

These support requests include everything from the registration of computers on the wired network to the need for more extensive support for building out new and secure environments for researchers in the data centers and on campus.

Minimum Qualifications:

• The candidate for the position of Network Security Engineer must meet the following qualifications:

• Bachelor's degree in computer science, Computer Information Systems, related fields, or equivalent combination of education, training, and experience.

• Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, packet capture, and/or data loss prevention.

• Experience designing and implementing security measures within public cloud environments (e.g., AWS, Azure).

• Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention.

• Experience performing packet and flow analysis with various toolsets including in-line taps, firewall/IPS appliances, network routers and hosts.

• Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools.

• Experience designing and working with firewall and intrusion prevention systems.

• Experience working in project-based environments, able to effectively collaborate and communicate with individuals and teams across an organization.

• Ability to generate reports, create presentations, and present to appropriate stakeholders.

• Ability to contribute expertise to design discussions and support the development of network solutions.

• In addition, the successful candidate must also demonstrate, through ideas, words and actions, a strong commitment to USC's Unifying Values of integrity, excellence, diversity, equity and inclusion, well-being, open communication, and accountability

Preferred Qualifications:

The ideal candidate for the position of Network Security Engineer has the following qualifications:

• Bachelor's degree in a relevant field such as computer science, computer engineering, etc.

• More than four years of experience in information technology, network engineering, or network security.

• Experience designing and working with firewall and intrusion prevention systems with a focus on Fortinet and Palo Alto security platforms.

• Experience working with WAF and CDN providers.

• Experience working with Palo Alto & Fortinet security platforms to design firewalls and monitor intrusions.

• Experience working with Cisco VPN Solutions for Remote Access

• CCIE Security, CCNA Security, CCNP Security, Fortinet NSE4, OSCP, CISSP, and/or CEH certifications.

THE WORK YOU WILL DO

The Network Security Engineer supports planning, design, optimization, implementation, audit, and troubleshooting of network security systems, improve the overall posture of the university and its assets. Collaborates with other teams, including security operations, governance, and system administrators, to successfully design and deploy required solutions to harden university platforms. Demonstrates ITS values in action.

Job Accountabilities:

• Works collaboratively with key stakeholders within ITS and with other campus departments to deliver highly reliable and secure network services. Creates and maintains detailed written documentation. Shares experiences and subject matter expertise with other ITS staff through written and oral presentations. Provides timely communications to stakeholders, technical staff, and management as required. Communicates and reports network security incidents and issues to university and ITS leaders.

• Develops and implements solutions to protect the network infrastructure from external and internal threats. Ensures compliance with statutory and regulatory requirements regarding information access, security, and privacy. Plans and executes system upgrades, bug fixes, and other changes using service management software and methodologies.

• Actively engages with customers to resolve network issues. Acts as a consultant to campus departments to determine the suitability and capability of devices to connect to the campus network. Aligns activities to approved security policies.

• Properly secures university data by evaluating, recommending, and performing new firewall implementations, configuration changes, and other projects and solutions, including those requiring security operational support. Leverages the latest industry knowledge to identify opportunities for innovation and continuous improvement. Pursues information on new network engineering developments, reading journals and other pertinent publications, talking with vendors, and participating in professional organizations, meetings, conferences, seminars and training courses.

• Maintains network security systems, leveraging existing tools and leading-edge practices (e.g., upgrading and applying software updates and patches to network devices). Reviews and monitors security appliances, and enacts changes based on operational requirements. Builds network security infrastructures and responds to network-related incidents in a timely fashion. Configures and maintains network equipment and monitoring tools. Test systems for software and hardware weaknesses and assists incident response for breaches and intrusions.

• Actively participates in the identification of operational opportunities and gaps. Recommends and implements solutions that solve security challenges while meeting business objectives. Provides advice regarding assumed risk for any variances granted. Collaborates with experts and vendors to find, recommend, and implement industry leading, effective security practices.

• Aids the cultivation of an inclusive environment and a culture of trust and transparency, sharing information broadly, openly, and deliberately. Builds and maintains collaborative relationships with diverse team members, peers, and leaders. Actively embodies ITS values and behaviors (e.g., accountability, ethics, best-in-class customer service).

• Collaborates with team members and management, implementing effective network security solutions to support the network engineering team's vision. Maintains currency with new and emerging technology, standards, and best practices. Supports process improvement efforts within the team and across the ITS organization.

THE TEAM

ITS has embarked on a major digital transformation initiative to continually improve services for faculty, staff, and students in support of USC's ascent as a leading institution of higher education. The ITS vision aligns strategy, business, and services, affirms ITS cultural values, empowers cross-functional teamwork, embraces world-class best practices, and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university's mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.

We are looking for top talent to join us on our journey.

ITS CULTURE

USC's ITS organization represents a diverse and talented team committed to supporting a collaborative culture and delivering secure and innovative IT services, core to the mission of USC. ITS values accountability, excellence, and commitment to exceptional customer experience. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.

ABOUT USC

USC is the leading private research university in Los Angeles-a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles and various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family-the faculty, staff, students, and alumni who make USC a great workplace-you will enjoy excellent benefits, including various well-being programs designed to help individuals achieve work-life balance.

Join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence.

This position's annual base salary range is $130,000 - $135,000. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the position's scope and responsibilities, the candidate's work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, and external market and organizational considerations.

#LI-TV1

Minimum Education: Bachelor's degree
Combined experience/education as substitute for minimum education
Minimum Work Experience: 4 years
Combined experience/education as substitute for minimum work experience
Minimum Field of Expertise:
Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, packet capture, and/or data loss prevention. Experience designing and implementing security measures within public cloud environments (e.g., AWS, Azure). Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention. Experience performing packet and flow analysis with various toolsets including in-line taps, firewall/IPS appliances,
network routers and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools. Experience designing and working with firewall and intrusion prevention systems. Experience working in project-based environments, able to effectively collaborate and communicate with individuals and teams across an organization. Ability to generate reports, create presentations, and present to appropriate stakeholders. Ability to contribute expertise to design discussions and support the development of network solutions.