Data Center Network Security Engineer (Information System Analyst II, Option N)

Essential Functions

• Under administrative direction, serves as a Data Center Network Security Engineer for the Department of Innovation & Technology (DoIT) performing complex hardware and software installations, designing specifications, developing, and modifying secure Data Center network communications, including related security components. 
• Collaborates with users/stakeholders to define secure architecture requirements and design specifications to Data Center security communications, including firewalls, segmentation technologies, intrusion detection/prevention systems, network security appliances, application load balancers, internet filtering solutions, and supporting infrastructure. 
• Configures, tests, and maintains diverse firewall models, application load balancers, segmentation solutions, and network security systems such as Intrusion Detection (IDS), and Intrusion Prevention Systems (IPS) to safeguard critical infrastructure.
• Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures. 
• Performs other duties as required or assigned which are reasonably within the scope of duties enumerated above.

Minimum Qualifications

• Requires knowledge, skill, and mental development equivalent to completion of four (4) years of college with course work in computer science or directly related fields.
• Requires three (3) years of professional experience in Network Services or a related Information Technology field. 

Specialized Skills

• Requires three (3) years of professional experience in data center network security, including designing, implementing, documenting and maintaining secure architectures for on-premises and cloud environments in alignment with organizational and regulatory security standards, including experience with formal change control processes, configuration management and audit-ready documentation. 
• Requires three (3) years of professional experience with enterprise firewall administration, including configuration, testing, maintenance, upgrades, and hardening of diverse firewall models (e.g. Palo/Cisco) to safeguard critical infrastructure, as well as implementing vendor-recommended firmware/software updates, coordinating vendor support, and resolving production incidents in high-availability environments. 
• Requires three (3) years of professional experience with OSI Model Layers 1 through 7, network diagnostic tool integration, packet analyzers, and complex network troubleshooting, including administration of enterprise security systems and traffic analysis using tools including Wireshark and Panorama and participation in incident response, root cause analysis and SLA-driven break/fix operations using enterprise monitoring platforms. 
• Requires three (3) years of professional experience with data center and cloud network security architecture, including segmentation technologies, application load balancers, traffic management and internet/content filtering solutions supporting muti-tiered applications, including capacity planning, performance optimization, vulnerability assessment, and collaboration with stakeholders to define secure architecture requirements. 

Preferred Qualifications (In Order of Significance)

• Three (3) years of professional experience in data center network security, including designing, implementing, documenting and maintaining secure architectures for on-premises and cloud environments in alignment with organizational and regulatory security standards, including experience with formal change control processes, configuration management and audit-ready documentation. 
• Three (3) years of professional experience with enterprise firewall administration, including configuration, testing, maintenance, upgrades, and hardening of diverse firewall models (e.g. Palo/Cisco) to safeguard critical infrastructure as well as implementing vendor-recommended firmware/software updates, coordinating vendor support, and resolving production incidents in high-availability environments. 
• Three (3) years of professional experience with OSI Model Layers 1 through 7, network diagnostic tool integration, packet analyzers, and complex network troubleshooting, including administration of enterprise security systems and traffic analysis using tools such as Wireshark and Panorama and participation in incident response, root cause analysis and SLA-driven break/fix operations using enterprise monitoring platforms.
• Three (3) years of professional experience with data center or cloud network security architecture, including segmentation technologies, application load balancers, traffic management and internet/content filtering solutions supporting multi-tiered applications including capacity planning, performance optimization, vulnerability assessment, and collaboration with stakeholders to define secure architecture requirements.
• Three (3) years of experience with intrusion detection and protection systems (IDS/IPS), Domain Name Services (DNS) administration and DNS security (DNSSEC), including analysis of security events and implementation of mitigation strategies to ensure secure and efficient traffic flow.
• Three (3) years of professional experience in technical project coordination, including multitasking across complex security initiatives, collaborating with stakeholders and vendors, supporting change control processes and strategic planning for data center network security implementations.
• Ability to analyze data logically and exercise sound judgement in defining and evaluating problems of an operational or procedural nature. 
• Ability to lead and coordinate cross-functional teams, aligning individual contributions toward shared goals to consistently deliver high-impact results.
  Developed verbal and written communication skills to present technical information clearly and precisely to diverse audiences, including business users, development teams, and agency executives. 
• Certifications in one or more of the following: Cisco Certified Network Professional (CCNP) Security, Cisco Certified Internetwork Expert (CCIE) Security, CompTIA Security, Certified Information Security Manager (CISM), Routing and Switching, Palo Alto Networks Certified Network Security Engineer (CCSE), or similar relevant certification(s) in Information Security.

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.

• Requires the ability to verify identity. 
• Requires employment authorization to accept permanent full-time position with State of Illinois. 
• Requires the ability to pass a position specific, agency required background check and requires self-disclosure of criminal history. 
• Requires the ability to travel in performance of duties. 
• Requires the ability to work overtime including scheduled, unscheduled, short notice, evening, weekends, and holiday. 
• Requires the ability to attend seminars, conferences, and training to remain current on methods, tools, ideologies, or other industry related topics relevant to job duties.
• Requires the ability to lift and carry objects or equipment weighing up to 30 pounds. This is considered medium work as defined by the U.S. Department of Labor (20 CFR 404.1567(c)). Medium work involves lifting no more than 50 pounds at a time with frequent lifting or carrying objects weighing up to 30 pounds.
• Requires adherence to the revolving door restrictions outlined in 5 ILCS 430/5-45. Consequently, employees should be aware that in the event of receiving a non-State employment offer during state employment or within one year immediately following the termination of State employment, they are required to inform the Office of the Executive Inspector General for the Agencies (OEIG) of the Illinois Governor before accepting such non-State employment. Failure to notify the OEIG may result in the imposition of a fine. 
• Requires compliance with the provisions outlined in section 4A-101 of the Illinois Governmental Ethics Act, necessitating the occupant of this position to file of a Statement of Economic Interest. Pursuant to the Illinois Governmental Ethics Act (5 ILCS 420/4A et seq.), specific state officials and employees are required to annually submit Statements of Economic Interest to the Office of the Secretary of State, which will be accessible to the public for examination and copying. Employees subject to this requirement must also file a Supplemental Statement of Economic Interest with the Executive Ethics Commission, as specified in Executive Order 15-09. Failure to submit these statements in a timely manner may result in fines and penalties.   
• The conditions of employment listed are incorporated and/or related to any duties included in the position description.