Principal IT Security Engineer
Posted on May 4, 2021 by Frontier Communication
Principal Engineer, IT Security Operations and Response will provide expertise and guidance in defending against network attacks within a 24x7 Cybersecurity Operations Center (CSOC) environment. The Principal Engineer will be responsible for mitigating advanced attacks against critical network infrastructure and serve as a Subject Matter Expert (SME) for DDoS mitigation and methods. The Principal will also serve as a Tier 3 escalation point for more complex mitigation efforts. Additionally, the Principal Engineer will be responsible for updating processes and procedures to ensure continuous improvement in monitoring, detection, and mitigation capabilities. This is a great opportunity to make a difference and grow your cybersecurity career with a forward-thinking organization.
- Respond to and mitigate advanced DDoS attacks on customer and infrastructure networks.
- Identify traffic anomalies and devise filtering techniques in real-time.
- Perform network protocol misuse and traffic analysis on multiple routing technologies including Juniper and Cisco.
- Develop DDoS auto-mitigation templates based on current attack trends.
- Lead performance tuning efforts of network security tools.
- Facilitate communications with NOC (Network Operations Center) partners.
- Serve as point of contact for network security vendors and support teams.
- Ensure reporting dashboards accurately reflect relevant data.
- Advise and inform senior leadership with status updates.
- Recommend updates to CSOC playbooks and procedures.
- Assist and mentor junior CSOC Analysts and Engineers.
Experience and Requirements:
- 7+ years of experience in large ISP/Telecom network environments.
- 5+ years of experience with DDoS detection and mitigation tools.
- Advanced knowledge of troubleshooting complex network issues.
- Experience with all major routing protocols including BGP.
- Thorough understanding of all network protocols.
- Knowledge of network intrusion detection and prevention.
- Ability to perform deep packet inspection via tcpdump/Wireshark.
- Ability to communicate technical information and work across external teams.
- At least one of the following security certifications is preferred: CCIE, JNCIE, GCIA.