Colorado PERA · 3 hours ago
Infrastructure Senior Engineer - Network
Denver, CO
Full-time
Hybrid
Mid, Senior Level
$120K/yr - $150K/yr
4+ years expColorado PERA is expanding its Information Technology team and is looking for a Senior Networking Engineer. The role involves designing and maintaining networks, ensuring security, and mentoring other engineers while managing network-related hardware and software.
Asset ManagementFinancial ServicesRetirement
Responsibilities
Protect our network perimeter by filtering incoming and outgoing traffic, ensuring only authorized access is granted, while monitoring for potential security threats and implementing necessary security policies
Design, implement, manage, integrate, and maintain the organizations network including on-prem and in the cloud
Experience with network security including Intrusion Detection, Protection, and tunneling
Management of Certificate Authority and certificate issuance
Employees are held accountable for all duties of the job. Individuals must be able to perform these duties with or without reasonable accommodations. Subject Matter Expert in perimeter network domain including WAN-LAN integrations, security, redundancy, design, implementation, support, and vendor interaction are required
Ability to support other staff working Level 3 calls, immediately recognizing solutions without relying on vendor support, occasionally research, resolve, and document unknown root cause solutions
Oversee and manage firewall systems, design multiple tool integrations to support vulnerability reduction while supporting Administrators and Engineers working on specific vulnerability and security risks
Research and develop mitigations for security related network vulnerabilities, act as SME for specific security tools within PERA’s networking domain, and evaluate and review configurations and actions ensuring all changes improve the infrastructure security posture at PERA
Design, implement, and mentor other staff in firewall management and participate in disaster recovery testing with a focus on communications in a DR test/event, ensuring documentation is written, diagrammed, up to date, tested, and improved for system recovery and operation
Expert comprehension of multiple PERA systems, projects, project specifications, and DevSecOps initiatives that require a firewall/network SME contributor
Identify and evaluate opportunity to improve confidentiality, integrity, and availability in multiple areas of SME expertise, design and lead various network and encryption solution implementations, identify and evaluate new tools and integrations to help Infrastructure staff accomplish the mission of CIA
Design, plan, and implement significant projects, network enhancements, and network integrations including assisting in planning and responsibility assignments to accomplish those initiatives, ensuring documentation of details and review for completeness of ITSM processes
Utilizing multiple network SME skills to design, review, and approve vendor SOW projects, participate in vendor discussions to resolve significant issues, regularly act as a senior resource for staff on existing security appliance operation in the domain, rarely utilize or rely on vendor services and support, evaluate licensing and initiate and review quotes for significant new services or tools
Applies different and creative techniques to analyze, test, and implement ad-hoc solutions in a prudent and swift manner, foreseeing and avoiding potential impacts on end user computing environments and colleagues by focusing on network availability and stability, and leads peers to an understanding of complex networking topics
Adept at making decisions and optimizing future work utilizing planning, testing, and proof of concepts
Provides written communication that is concise, clear, and updated, on both small and large initiatives and reviews ITSM processes to ensure continued process improvement
Collaborates effectively with teammates and vendors with empathy, adeptly uses feedback and audience specific language to explain and resolve issues, and manages vendor relationships
Provides technical and task leadership, coaching, training, and direction to develop team depth, proactively on moderate to large size projects with minimal supervision required from senior staff and management
Perform other duties as assigned
Qualification
Required
Degree in technical (STEM) field and four years' experience in technical role preferred, or equivalent combination of education and experience
Expertise in firewall technologies and network security
Strong understanding of network protocols including TCP/IP, UDP, MPLS, BGP, OSPF, and TLS
Experience with design and implementation of security through IP subnets and routing
Subject Matter Expert in perimeter network domain including WAN-LAN integrations, security, redundancy, design, implementation, support, and vendor interaction are required
Ability to support other staff working Level 3 calls, immediately recognizing solutions without relying on vendor support, occasionally research, resolve, and document unknown root cause solutions
Oversee and manage firewall systems, design multiple tool integrations to support vulnerability reduction while supporting Administrators and Engineers working on specific vulnerability and security risks
Research and develop mitigations for security related network vulnerabilities, act as SME for specific security tools within PERA's networking domain, and evaluate and review configurations and actions ensuring all changes improve the infrastructure security posture at PERA
Design, implement, and mentor other staff in firewall management and participate in disaster recovery testing with a focus on communications in a DR test/event, ensuring documentation is written, diagrammed, up to date, tested, and improved for system recovery and operation
Expert comprehension of multiple PERA systems, projects, project specifications, and DevSecOps initiatives that require a firewall/network SME contributor
Identify and evaluate opportunity to improve confidentiality, integrity, and availability in multiple areas of SME expertise, design and lead various network and encryption solution implementations, identify and evaluate new tools and integrations to help Infrastructure staff accomplish the mission of CIA
Design, plan, and implement significant projects, network enhancements, and network integrations including assisting in planning and responsibility assignments to accomplish those initiatives, ensuring documentation of details and review for completeness of ITSM processes
Utilizing multiple network SME skills to design, review, and approve vendor SOW projects, participate in vendor discussions to resolve significant issues, regularly act as a senior resource for staff on existing security appliance operation in the domain, rarely utilize or rely on vendor services and support, evaluate licensing and initiate and review quotes for significant new services or tools
Applies different and creative techniques to analyze, test, and implement ad-hoc solutions in a prudent and swift manner, foreseeing and avoiding potential impacts on end user computing environments and colleagues by focusing on network availability and stability, and leads peers to an understanding of complex networking topics
Adept at making decisions and optimizing future work utilizing planning, testing, and proof of concepts
Provides written communication that is concise, clear, and updated, on both small and large initiatives and reviews ITSM processes to ensure continued process improvement
Collaborates effectively with teammates and vendors with empathy, adeptly uses feedback and audience specific language to explain and resolve issues, and manages vendor relationships
Provides technical and task leadership, coaching, training, and direction to develop team depth, proactively on moderate to large size projects with minimal supervision required from senior staff and management
Preferred
Networking certifications including CCNP (Data Center/Enterprise) and CCDE preferred
Experience as an SME with in multiple key technologies/platforms within the network technology domain with a solid understanding of system security implications
Periodically attends technical training relating to current and future network technology support duties
Demonstrated design and integration of external network redundancy and high availability technologies, advanced network edge security and firewall integration initiatives, and optimization of workflow regarding security and network event warnings and errors, resource management, and network availability in both external and internal environments
Demonstrated design and implementation of applicable network devices, firewalls, wireless access points, WAN services, and security design and integration with other systems preferred
Design and implementation of secure network integration, including WAN, LAN, SD-WAN, tunneling, and Wi-Fi, with integration of Public Key Infrastructure (PKI), certificate authority management, and TLS security protocols. Protocol familiarity with, but not limited to TCP, IP, UDP, HTTP, DHCP, DNS, and various Wi-Fi protocols with skills integrating and improving security systems such as firewalls, gateways, tunnels, certificate management, and cloud/on-prem API security integration and management preferred
Experience designing and managing security event workflows and tools, including design and implementation of internal and external security layer tools from the end point, through network isolation and monitoring, to ingress/egress of data and communications preferred
Benefits
Opportunity to work from home up to three days per week.
Company
Colorado PERA
Provides retirement and other benefits to the employees of more than 500 government agencies and public entities in the state of Colorado.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Amy Copeland McGarrity, CFA
Chief Investment Officer
Jeremy Hill
Chief Administrative Officer
Recent News
Pensions & Investments
2024-04-27
Company data provided by crunchbase