Austin Bergstrom International Airport (AUS)
Network Security Engineer/Architect
Austin Bergstrom International Airport (AUS), Bethesda, Maryland, us, 20811
Overview
GovCIO is seeking a highly specialized F5 Big-IP Network Security Engineer/Architect to serve as the subject matter expert for our application delivery and security infrastructure. This role designs, implements and manages solutions that ensure our critical applications are available, secure and performant. You will leverage the full capabilities of the F5 Big-IP platform, including LTM, ASM, APM, and DNS (GTM) to deliver robust load balancing, web application security and secure access. The ideal candidate is a seasoned engineer with deep expertise in F5 technologies and a strong understanding of how they integrate within a broader ecosystem of security and network services. This hybrid position requires working onsite one day per week and residency within a daily commutable distance of Alexandria, VA. Responsibilities
Application Delivery Control: Design, implement and manage advanced traffic management solutions using F5 Big-IP Local Traffic Manager (LTM). This includes writing and maintaining complex iRules, developing custom health monitors and configuring advanced persistence profiles Web Application Security: Deploy, tune and manage F5 Big-IP Application Security Manager (ASM) policies to protect web applications against the OWASP Top 10, zero-day attacks and other vulnerabilities (WAF) Secure Access Management: Engineer and maintain secure remote and internal access solutions using F5 Big-IP Access Policy Manager (APM), integrating with Two-Factor (2FA) and Multi-Factor Authentication (MFA) services to enforce strong authentication Global and DNS Services: Configure and administer F5 Big-IP DNS (formerly GTM) for intelligent DNS resolution and global server load balancing (GSLB) across multiple data centers Infrastructure Integration: Serve as the primary point of contact for integrating the F5 Big-IP platform with other critical infrastructure, including NGFWs (Palo Alto, Cisco Firepower), DDI solutions (Infoblox) and enterprise monitoring tools SSL/TLS Management: Manage the SSL/TLS traffic lifecycle, including certificate management, implementing Break and Inspect policies and offloading SSL processing from backend servers Troubleshooting and Performance Tuning: Lead advanced troubleshooting efforts for application availability and performance issues, utilizing tools like Wireshark and F5-specific diagnostics to isolate and resolve problems Collaborate with network and security teams to design and enforce Zero Trust security models and the principle of least privilege access Assist in implementing and troubleshooting certificate-based authentication (TLS/SSL, OpenSSL operations and PKI infrastructure) Conduct deep-dive traffic analysis using tools like Riverbed, Wireshark, TCPDump and SolarWinds to diagnose authentication issues and identify network anomalies Qualifications
Bachelor\'s degree in computer science, cybersecurity, information technology or a related field + 8 years of professional experience; or 12 years equivalent professional experience Must meet or exceed DoD 8140 IAT Level II minimum Security+ certification A minimum of 3 years of dedicated experience in application delivery and network security, with a primary focus on the F5 Big-IP platform Clearance Required: Active Secret Required Skills and Experience: Bachelor\'s Degree and 12 years of experience Expert-level, hands-on experience with the F5 Big-IP platform and its core modules: LTM, ASM, APM and DNS (GTM) Proficiency in iRules development and scripting to customize traffic handling and implement business logic In-depth knowledge of core application protocols (HTTP/S, DNS, SSL/TLS, TCP/IP) and the ability to perform deep-dive packet analysis Demonstrable experience integrating F5 solutions with external authentication services (e.g., RADIUS, SAML, LDAP) for 2FA/MFA Strong understanding of security infrastructure integration, including experience working with Palo Alto NGFWs, Cisco Firepower and Infoblox DDI Experience managing Load Balancing, WAF, Reverse Proxy and Forward Proxy functions within an enterprise DMZ Preferred Skills and Experience
F5 Certified Administrator (F5-CA) or F5 Certified Technology Specialist (F5-CTS) certifications Experience with F5 automation using AS3, Declarative Onboarding and BIG-IP\'s iControl REST API
#J-18808-Ljbffr
GovCIO is seeking a highly specialized F5 Big-IP Network Security Engineer/Architect to serve as the subject matter expert for our application delivery and security infrastructure. This role designs, implements and manages solutions that ensure our critical applications are available, secure and performant. You will leverage the full capabilities of the F5 Big-IP platform, including LTM, ASM, APM, and DNS (GTM) to deliver robust load balancing, web application security and secure access. The ideal candidate is a seasoned engineer with deep expertise in F5 technologies and a strong understanding of how they integrate within a broader ecosystem of security and network services. This hybrid position requires working onsite one day per week and residency within a daily commutable distance of Alexandria, VA. Responsibilities
Application Delivery Control: Design, implement and manage advanced traffic management solutions using F5 Big-IP Local Traffic Manager (LTM). This includes writing and maintaining complex iRules, developing custom health monitors and configuring advanced persistence profiles Web Application Security: Deploy, tune and manage F5 Big-IP Application Security Manager (ASM) policies to protect web applications against the OWASP Top 10, zero-day attacks and other vulnerabilities (WAF) Secure Access Management: Engineer and maintain secure remote and internal access solutions using F5 Big-IP Access Policy Manager (APM), integrating with Two-Factor (2FA) and Multi-Factor Authentication (MFA) services to enforce strong authentication Global and DNS Services: Configure and administer F5 Big-IP DNS (formerly GTM) for intelligent DNS resolution and global server load balancing (GSLB) across multiple data centers Infrastructure Integration: Serve as the primary point of contact for integrating the F5 Big-IP platform with other critical infrastructure, including NGFWs (Palo Alto, Cisco Firepower), DDI solutions (Infoblox) and enterprise monitoring tools SSL/TLS Management: Manage the SSL/TLS traffic lifecycle, including certificate management, implementing Break and Inspect policies and offloading SSL processing from backend servers Troubleshooting and Performance Tuning: Lead advanced troubleshooting efforts for application availability and performance issues, utilizing tools like Wireshark and F5-specific diagnostics to isolate and resolve problems Collaborate with network and security teams to design and enforce Zero Trust security models and the principle of least privilege access Assist in implementing and troubleshooting certificate-based authentication (TLS/SSL, OpenSSL operations and PKI infrastructure) Conduct deep-dive traffic analysis using tools like Riverbed, Wireshark, TCPDump and SolarWinds to diagnose authentication issues and identify network anomalies Qualifications
Bachelor\'s degree in computer science, cybersecurity, information technology or a related field + 8 years of professional experience; or 12 years equivalent professional experience Must meet or exceed DoD 8140 IAT Level II minimum Security+ certification A minimum of 3 years of dedicated experience in application delivery and network security, with a primary focus on the F5 Big-IP platform Clearance Required: Active Secret Required Skills and Experience: Bachelor\'s Degree and 12 years of experience Expert-level, hands-on experience with the F5 Big-IP platform and its core modules: LTM, ASM, APM and DNS (GTM) Proficiency in iRules development and scripting to customize traffic handling and implement business logic In-depth knowledge of core application protocols (HTTP/S, DNS, SSL/TLS, TCP/IP) and the ability to perform deep-dive packet analysis Demonstrable experience integrating F5 solutions with external authentication services (e.g., RADIUS, SAML, LDAP) for 2FA/MFA Strong understanding of security infrastructure integration, including experience working with Palo Alto NGFWs, Cisco Firepower and Infoblox DDI Experience managing Load Balancing, WAF, Reverse Proxy and Forward Proxy functions within an enterprise DMZ Preferred Skills and Experience
F5 Certified Administrator (F5-CA) or F5 Certified Technology Specialist (F5-CTS) certifications Experience with F5 automation using AS3, Declarative Onboarding and BIG-IP\'s iControl REST API
#J-18808-Ljbffr