Network Security Architect

Overview:
Our client is in need for a Network Security Architect, where you'll play a pivotal role in designing, implementing, and securing robust network solutions. This position offers an exciting opportunity to lead advanced security architectures, influence our cybersecurity posture, and collaborate with cross-functional teams to protect our critical infrastructure.

Key Responsibilities:

• Application Delivery & Traffic Management:
  Design and oversee sophisticated traffic control solutions leveraging F5 Big-IP Local Traffic Manager (LTM). Responsibilities include developing and maintaining complex iRules, crafting custom health monitors, and configuring advanced persistence profiles to ensure optimal application availability and performance.

• Web Application Security:
  Deploy, tune, and manage F5 Big-IP Application Security Manager (ASM) policies to defend web applications against OWASP Top 10 vulnerabilities, zero-day threats, and other emerging security risks. Continuously monitor and improve WAF configurations to adapt to evolving threat landscapes.

• Secure Access & Authentication:
  Engineer secure remote and internal access solutions using F5 Big-IP Access Policy Manager (APM). Integrate multi-factor (MFA) and two-factor authentication (2FA) services to enforce robust user authentication and access controls.

• Global Domain Name & DNS Services:
  Configure and manage F5 Big-IP DNS (GTM) for intelligent, geo-aware DNS resolution and global server load balancing (GSLB) across multiple data centers, ensuring high availability and responsiveness.

• Infrastructure Integration & Optimization:
  Act as the primary liaison for integrating F5 solutions with perimeter security devices (Palo Alto, Cisco Firepower), DDI platforms (Infoblox), and enterprise monitoring tools. Facilitate seamless infrastructure workflows and automation.

• SSL/TLS & Certificate Management:
  Oversee SSL/TLS traffic lifecycle management, including secure certificate implementation, inspection policies, and offloading SSL processing to optimize backend server performance.

• Troubleshooting & Performance Tuning:
  Lead complex troubleshooting efforts with tools like Wireshark, TCPDump, Riverbed, and SolarWinds to diagnose application and network issues, ensuring high performance and availability.

• Security Architecture & Compliance:
  Collaborate with security and network teams to design, implement, and enforce Zero Trust models and least privilege principles. Support PKI infrastructure and certificate-based authentication processes.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or related field, with 8+ years of experience, or equivalent professional experience (12+ years).
• Active Secret clearance.
• At minimum, Security+ certification aligned with DoD 8140 IAT Level II standards.

Required Skills and Experience:

• Extensive hands-on expertise with the F5 Big-IP platform, including LTM, ASM, APM, and DNS modules.
• Proficiency in developing and scripting iRules to customize traffic flow and enforce complex business logic.
• Deep understanding of core protocols such as HTTP/S, DNS, SSL/TLS, TCP/IP, and experience performing detailed packet analyses.
• Proven capability to integrate F5 solutions with external authentication systems (RADIUS, SAML, LDAP) supporting 2FA/MFA.
• Strong background working with security infrastructure including Palo Alto NGFW, Cisco Firepower, and Infoblox DDI.

Preferred Skills & Certifications:

• F5 Certified Administrator (F5-CA) or F5 Certified Technology Specialist (F5-CTS).
• Experience automating F5 configurations using AS3, Declarative Onboarding, and iControl REST API.
• Familiarity with F5 BIG-IQ for centralized management and analytics.
• Hands-on experience with secure remote access solutions like Palo Alto GlobalProtect.
• Knowledge of adjacent technologies such as SD-WAN (VERSA), FortiGate, Riverbed WAN Optimization, and network automation tools like NetBrain.

Publishing Pay Range: $50.00 – $60.00 Hourly