Data Center Network Security Architect (Information Systems Analyst III, Option N)

Essential Functions

• Under administrative direction, serves as the Data Center Network Security Architect for the Department of Innovation & Technology (DoIT) performing highly complex professional, advisory, and technical functions for enterprise network infrastructure and security implementations, including serving as a technical expert in enterprise data center security architecture design and specifications, ensuring secure connectivity across on-premises and cloud environments.
• Collaborates with customers under high-pressure conditions to troubleshoot complex network security systems, end-user communication problems, suspected intrusions, and hardware/security software failures using network monitoring systems and traffic analyzers. 
• Serves as technical project leader and analyst for strategic data center security planning, design, development, modification, and deployment of complex network security solutions across on-premise data centers, cloud services, and application load-balancing environments. 
• Keeps abreast of new developments in the information technology security field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
• Performs other duties as required or assigned which are reasonably within the scope of duties enumerated above.

Minimum Qualifications:

• Requires knowledge, skill and mental development equivalent to four (4) years of college with course work in information technology, computer networking, computer engineering, computer science or directly related fields.
• Requires five (5) years of professional experience in Information Technology networking or directly related Information Technology field.

Specialized Skills:

• Requires five (5) years of professional experience in data center network security architecture and design, including developing enterprise-level security network designs, implementing segmentation strategies, and enhancing compliance with security standards across on-premises and cloud environments, designing and supporting secure application load-balancing solutions, planning secure upgrade paths, and evaluating vendor technologies for enterprise deployment.
• Requires five (5) years of professional experience in enterprise firewall administration (Cisco/Palo Alto), including advanced configuration, policy-based controls, custom address translation,  troubleshooting to secure multi-data center environments, responding to security advisories and vulnerabilities, leading mitigation planning and deployment, collaborating with vendors to resolve critical security issues, and enforcing least-privilege and policy hardening practices. 
• Requires five (5) years of professional experience implementing and managing Layer 7 firewall policies, including micro-segmentation techniques to achieve compliance with regulatory frameworks including SOC 2, SOX, ISO, FedRAMP, and CJIS; implementing custom traffic management techniques including URL rewriting and port redirection, multi-data-center traffic distribution, and conducting root cause analysis (RCA) for security incidents and service disruptions.
• Requires five (5) years of professional experience with OSI Model Layers 1 through 7, including integration of network diagnostic tools, packet analyzers, and administration of enterprise security systems to perform complex network troubleshooting and vulnerability analysis, monitoring enterprise security infrastructure, managing service queues, ensuring SLA adherence, escalating time-sensitive incidents, and serving as a senior technical escalation and guidance resource for operational teams.

Preferred Qualifications (In Order of Significance):

• Requires five (5) years of professional experience in data center network security architecture and design, including developing enterprise-level security network designs, implementing segmentation strategies, and enhancing compliance with security standards across on-premises and cloud environments, designing and supporting secure application load-balancing solutions, planning secure upgrade paths, and evaluating vendor technologies for enterprise deployment.
• Requires five (5) years of professional experience in enterprise firewall administration (Cisco/Palo Alto), including advanced configuration, policy-based controls, custom address translation,  troubleshooting to secure multi-data center environments, responding to security advisories and vulnerabilities, leading mitigation planning and deployment, collaborating with vendors to resolve critical security issues, and enforcing least-privilege and policy hardening practices. 
• Requires five (5) years of professional experience implementing and managing Layer 7 firewall policies, including micro-segmentation techniques to achieve compliance with regulatory frameworks including SOC 2, SOX, ISO, FedRAMP, and CJIS; implementing custom traffic management techniques including URL rewriting and port redirection, multi-data-center traffic distribution, and conducting root cause analysis (RCA) for security incidents and service disruptions.
• Requires five (5) years of professional experience with OSI Model Layers 1 through 7, including integration of network diagnostic tools, packet analyzers, and administration of enterprise security systems to perform complex network troubleshooting and vulnerability analysis, monitoring enterprise security infrastructure, managing service queues, ensuring SLA adherence, escalating time-sensitive incidents, and serving as a senior technical escalation and guidance resource for operational teams.
• Five (5) years of experience with data center and cloud security architecture, including capacity planning, secure application load balancing, and implementation of content filtering solutions to protect enterprise systems. 
• Five (5) years of experience with intrusion detection and prevention systems (IDS/IPS), Domain Name Services (DNS) administration, DNS security (DNSSEC), and application load balancing to ensure secure and efficient traffic flow across enterprise environments. 
• Three (3) years of professional experience in project coordination, including multitasking across complex security initiatives and strategic planning for data center network security implementations.
• Ability to analyze data logically and exercise sound judgement in defining and evaluating problems of an operational or procedural nature. 
  Developed verbal and written communication skills to present technical information clearly and precisely to diverse audiences, including business users, development teams, and agency executives.
• Certifications in one or more of the following: Cisco Certified Network Professional (CCNP) Security, Cisco Certified Internetwork Expert (CCIE) Security, CompTIA Security, Certified Information Security Manager (CISM), Routing and Switching, Palo Alto Networks Certified Network Security Engineer (CCSE), or similar relevant certification(s) in Information Security

Conditions of Employment:

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.  

• Requires the ability to verify identity. 
• Requires employment authorization to accept permanent full-time position with State of Illinois. 
• Requires the ability to pass a position specific, agency required background check and requires self-disclosure of criminal history. 
• Requires the ability to travel in performance of duties. 
• Requires the ability to work overtime including scheduled, unscheduled, short notice, evening, weekends, and holidays.
• Requires the ability to attend seminars, conferences, and training to remain current on methods, tools, ideologies, or other industry related topics relevant to job duties. 
• Requires the ability to lift and carry objects or equipment weighing up to 20 pounds. This is considered light work as defined by the U.S. Department of Labor (20 CFR 404.1567(b)). Light work involves lifting no more than 20 pounds at a time with frequent lifting or carrying of objects weighing up to 10 pounds. 
• Requires adherence to the revolving door restrictions outlined in 5 ILCS 430/5-45. Consequently, employees should be aware that in the event of receiving a non-State employment offer during state employment or within one year immediately following the termination of State employment, they are required to inform the Office of the Executive Inspector General for the Agencies (OEIG) of the Illinois Governor before accepting such non-State employment. Failure to notify the OEIG may result in the imposition of a fine. 
• Requires compliance with the provisions outlined in section 4A-101 of the Illinois Governmental Ethics Act, necessitating the occupant of this position to file of a Statement of Economic Interest. Pursuant to the Illinois Governmental Ethics Act (5 ILCS 420/4A et seq.), specific state officials and employees are required to annually submit Statements of Economic Interest to the Office of the Secretary of State, which will be accessible to the public for examination and copying. Employees subject to this requirement must also file a Supplemental Statement of Economic Interest with the Executive Ethics Commission, as specified in Executive Order 15-09. Failure to submit these statements in a timely manner may result in fines and penalties. 
• The conditions of employment listed are incorporated and/or related to any duties included in the position description.