The Perimeter Security Specialist for Security Operations Services (SOS) provides a level of advanced technical support for execution of the daily management, administration and maintenance activities aligned to protecting Information Technology (IT) global perimeter security infrastructure. The role responds to internal and external security threats or unauthorized access intrusions to the infrastructure that are identified via IT staff and end-user incidents including Firewall, the Demilitarized Zone (DMZ) or perimeter network, Proxy, 3rd party connectivity and remote access intrusions. The role performs restorative and maintenance actions with perimeter infrastructure connectivity intrusions using basic troubleshooting to more advanced technical skills and actions. The role additionally assists, as part of a team of skilled technicians, in technical implementation support tasks and activities for network security improvements in response to specific EY identified threats or to align the perimeter network to industry standards. The role maintains accurate information and data within the incident logging system (ServiceNow) and operates according to EY’s policies and standards. The role is an individual contributor and is managed by the Regional Perimeter Protection Team Lead in SOS.
Essential Functions of the Job:
· Provides a level of advanced technical support for execution of the daily management, administration and maintenance activities aligned to protecting EY’s global perimeter security infrastructure environment including Firewall, the Demilitarized Zone (DMZ) or perimeter network, Proxy, 3rd party connectivity and remote access against internal and external network security threats or unauthorized access intrusions identified via IT staff and end-user incidents escalated from the GO Service Desk.
· Recognizes and applies the prescribed methodology within such industry frameworks as Information Technology Infrastructure Library (ITIL) to identify basic and advanced problems with network security threats or unauthorized user access conditions referred to SOS by Information Technology (IT) teams such as the GO Service Desk.
· Performs restorative and maintenance actions remotely using troubleshooting and technical skills that may be advanced in nature to perform triage, analysis, response and remediation for infrastructure breaches.
· Determines activities with network services, software systems engineering and/or application development in which security issues require escalation to other teams.
· Can work, as needed, in collaboration with those individuals who have specific network security technical knowledge.
· Assists, as part of a team of skilled technicians, in technical implementation support tasks and activities for network security improvements in response to specific EY identified threats or to align the perimeter network to industry standards.
· Identifies, analyzes and escalates noted patterns in incidents associated with EY authorized or proprietary technology devices (e.g., PCs, etc.) as well as with perimeter infrastructure connectivity intrusions to isolate a specific cause or recognize trends as a prevention of future re-occurrence utilizing reports and metrics generated from the ServiceNow application.
· Acts as a mentor or trainer to junior members of staff on tasks or activities that require specific guidance. Coaches aligned individuals in best practices to guide their success.
Analytical/Decision Making Responsibilities:
The role requires advanced analytical skills to probe for understanding and addressing as appropriate both common and more complex IT staff and end-user incidents escalated from the GO Service Desk. The role is expected to make sound decisions to address infrastructure intrusions such as Firewall and Proxy in guiding resolution of functionality issues that may affect portions of or entire business units. The role needs to drive the priority and time management of their own efforts to support/resolve assigned activities and communicate results and findings to end users and management as necessary.
Knowledge and Skills Requirements:
· Well defined analytical skills to conduct effective issue analysis so that key issues are properly identified and effective solutions are provided. Uses analytics to identify issues for solution as well as escalation for infrastructure issues and breaches that have wider impact.
· Working knowledge of Information Technology Infrastructure Library (ITIL) to identify industry standards and procedures for Incident, Problem, Change and Knowledge as required by the role’s remit.
· Takes an active role in building and advancing knowledge of EY’s global data protection policies and compliance directives with specific focus on the perimeter protection infrastructure environment including Firewall, the DMZ or perimeter network, 3rd party connectivity and remote access.
· Solid familiarity of EY’s businesses supported within the location to recognize the impact of perimeter infrastructure technology issues that are restricted to a specific business unit or may be global in nature and to engage and participate with confidence on escalating issues that are impacting a particular desktop, business or location as well as those that have wider impact.
· Strong advanced interpersonal skills to adapt personal communication styles to the style of others, to engage, as a thought leader, with all levels of the organization, staying calm under pressure and to maintain the credibility the business has in SOS technical support.
· Advanced time management skills to prioritize workload and work through issues and incidents with efficiency and guide others in same.
· Strong oral and written communication skills in the English language to work effectively with all levels of end users and IT personal.
· Advanced knowledge in current and future features of aligned technology to the role’s remit including but not limited to:
· Malware protection software and applications including Check Point SecurePlatform (a Check Point Linux distribution based on Red Hat Enterprise Linux, also known as SPLAT), and Nokia Firewall/VPN appliances with Check Point on firewall environments, Blue Coat proxy appliances including malware scanning and Uniform Resource Locator (URL) filtering environments.
· Security devices and tools including CheckPoint Secure Web Gateway appliance based URL and anti-virus (AV) filtering.
· Transmission Control Protocol/Internet Protocol (TCP/IP) including packet analysis.
· Remote access technologies such as Cisco routing and switching technologies, Dell SonicWALL Comprehensive Gateway Security or similar remote access technologies.
· IT service management tool, ServiceNow, to record incidents and remediation as well as guide others in features and functions.
The role is generally an individual contributor managed day to day by the regional SOS Perimeter Protection Team Lead.
The role may also require the periodic allocation of additional time on the job during usual working hours to ensure multiple demands and escalating issues are managed in a timely manner to restore services. Additionally, to maintain services 24/7, the role will be required to be “on call” during off hours for the location on a rotational basis and to perform off hours work outside of the usual working hours to restore services.
· Bachelor's degree in computer related field or equivalent work experience.
Approximately 3-5 years of experience in network security.
· Cisco Certified Network Associate (CCNA) (preferred)
· Check Point Certified Security Expert (CCSE) (preferred)
· Blue Coat Certified Proxy Administrator (BCCPA) (preferred)
· Information Technology Infrastructure Library (ITIL v2 or v3 Foundations training) (preferred)