Network Security Engineer

Description

This contractor will support modernization of site-to-site IPsec VPN tunnels and strengthening firewall access control policies across the enterprise network environment. The work focuses on upgrading VPN tunnels from IKEv1 to IKEv2, aligning cryptographic configurations with organizational standards, and improving secure connectivity with external partners. The role will also review and refine Cisco Firepower firewall rules to reduce overly permissive access and enforce least-privilege network security. Key responsibilities include updating pre-shared keys, validating VPN and firewall changes after implementation, and ensuring no service disruption during maintenance windows. The contractor will coordinate technical changes with internal teams and external partners while documenting updates and validation results to support ongoing operational security.

Candidate Must-Haves • Experience managing site-to-site IPsec VPN environments, including IKEv1 to IKEv2 migrations • Hands-on experience with Cisco Firepower firewall administration and access control rule management • Strong knowledge of cryptographic standards, secure key management, and VPN configuration validation • Experience implementing least-privilege network security controls and supporting production change/maintenance windows

Responsibilities • Review approximately 80 existing site-to-site IPsec VPN tunnels • Upgrade approximately 50 VPN tunnels from IKEv1 to IKEv2 • Ensure VPN configurations align with organizational cryptographic standards • Update pre-shared keys (PSKs) to meet a minimum 20-character requirement • Validate VPN tunnel functionality after each change • Review approximately 10 firewall access control rules on Cisco Firepower • Modify firewall rules to remove overly permissive or broad subnet access • Restrict firewall rules to required source/destination networks, ports, and protocols • Apply principle of least privilege in firewall rule updates • Perform validation testing after firewall changes to confirm no service disruption • Coordinate implementation activities with UC Davis campus teams and external partners • Support execution of approved maintenance window changes • Provide technical assistance during implementation activities • Document VPN and firewall changes and validation results • Coordinate cryptographic parameter and shared secret updates with external partners • Support scheduling and execution of maintenance window activities

Required Technical Experience • Experience managing site-to-site IPsec VPNs • Hands-on experience upgrading VPNs from IKEv1 to IKEv2 • Experience configuring and validating VPN tunnel connectivity • Knowledge of cryptographic standards and secure key management practices • Experience managing firewall access control rules • Experience with Cisco Firepower firewall platforms • Ability to implement least privilege network access controls • Experience performing post-change validation and troubleshooting network issues • Experience coordinating technical changes with internal teams and external partners • Experience working within structured maintenance window processes

Preferred Qualifications • Experience in healthcare or higher education IT environments • Familiarity with large-scale enterprise network environments • Experience supporting change management processes in production environments

Desired Certifications • Cisco CCNA Security or CCNP Security (or equivalent experience) • CompTIA Security+ or equivalent security certification • ITIL Foundation (preferred)