Network Security Architect

Network SecurityUSCIS has a large remote work force. Remote work includes teleworkers, digital nomads, and large teams working in extreme remote locations. Remote capability requirements fluctuate with immigration challenges. USCIS is in the process of deploying a Zero Trust framework which enables users to work more optimally from afar with enhanceability and performance. The USCIS client base is expanding and growing. Securing our information while making it more adaptable, agile, and scalable is an increasing requirement.The contractor shall continue to develop, build, and enhance the Zero Trust Environment andlead USCIS in discovering, designing, and building strategic ingress/egress points. Specifictechnologies, applications and services will be compartmentalized securely utilizing approved TIC 3.0 and subsequent requirements. The contractor shall perform the following:• Design and adopt SaaS and IaaS service platforms where possible. • Architect, engineer and implement network security control methods in cloud, onpremises,and virtual environments to support DHS directive 4300A, NIST 800-53 andindustry best practices.• Audit firmware versions and configuration settings for the USCIS SDWAN, SDN, WAN,LAN Cloud network infrastructure platforms/devices to eliminate vulnerabilities andensure USCIS deploys and operates in accordance with vendor recommendations,industry best-practices, DoD STIGs, and DHS configuration guidance. • TIC services such as Proxy, Reverse Proxy. • Recommend, design, configure, and implement Next Generation Firewall systems andNext Generation Intrusion Protection Systems. • Review existing configuration settings to identify potential security vulnerabilities andpropose/implement setting or architectural changes to address these vulnerabilities.• Orchestrate, facilitate, and automate configurations standards and policy enforcement. • Architect and engineering a Network Access Control (NAC) solution. • Design, recommend, provide bolthires analysis, threat, and risk mitigation for new TICboundary. • Build and deliver new TIC solution. Enterprise Infrastructure SupportEnterprise Infrastructure support includes management of USCIS Network and Network securitydevices which include, but not limited to, CISCO ASA, CISCO Security Manager, IPS/IDSModules, SPLUNK, Cisco Firepower, StealthWatch, Cisco Prime, AlgoSec, NetMapper(Riverbed), network switches, routers, load balancers and Infoblox and equivalent technologies.Implement security components which include appliances, jump boxes and scanning tools. Provide maintenance support to the security components which would include but is not limitedto upgrading firmware, and patches. Provide coverage 24 hours a day, 365 days a year. Normalbusiness hours are 6 am to 6 pm EST. Also, provide support to incidents within 30 minutesduring work hours, and within 1 hour during after-hours support. Incidents not resolved within30 minutes during work hours or within 1 hour during after hours, shall be escalated to the government per the USCIS ticketing system.The Contractor shall perform the following:• Manage inventories for all devices, validate the current license, and generate a reportwhich details which appliances are operating with current licenses; and notify thegovernment in the cases where expiration is imminent within 180 days or less. • Manage and implement configuration changes, break-fix, upgrades and patches for allsecurity appliances. • Create scripts and processes for the implementation of all configuration changes, breakfixes, upgrades and patches.These scripts must be written so they may also beimplemented by other service contractors. • Generate schedules for deployment of patches and upgrades; coordinate with the EOC,DHS, SOC or other stakeholders, as appropriate. • Escalate to vendor support when required in accordance with USCIS Standard OperatingPolicies, and/or ServiceNow knowledgebase articles. • Coordinate with the NOC and SOC to integrate appliance alerts into their primary monitoring tools. • Maintain documentation for all network security appliance changes and process flows.• Post documents to USCIS EID SharePoint, EIDocs, as required. • Serve as the technical leads for security and network appliances and/or security andnetwork services. • Coordinate with other Engineering teams to provide technical advice and assistance. • Provide consulting to assist the engineering team with projects to expand the existingcapability, to include automation. • Coordinate with vendors for appliance break/fix issues and Return MerchandiseAuthorization (RMA’s). • Generate schedules for returning appliances and racking the replaced appliances.• Coordinate with Tier III/IV (NOC/SOC) support to address security and networkappliance issues/outages. • Review and provide recommendations to government managers for USCIS, DHS andOneNet Change Requests that are reviewed at the Change Request boards. • Create a tools analysis report, and provide the government with recommendations on bolthiressavings, synergies, and automation. Job Types: Full-time, ContractPay: $90,836.66 - $109,394.69 per yearWork Location:Remote Apply tot his job