Network Security Engineer

The Network Security Engineer within the University of California, San Francisco's (UCSF) Information Technology (IT) department will ensure the security and integrity of UCSF's network infrastructure. The Network Security Engineer supports the planning, design, optimization, implementation, audit, and troubleshooting of network security systems. The Engineer improves the overall security posture of UCSF and its assets. The Security Engineer will partner with other teams, including security operations, governance, and system administrators, to successfully design and deploy required solutions to harden UCSF platforms.

The Network Security Engineer will

• Configure/Install and manage various network security devices, features, and technologies including, but not limited to Firewalls, DDI (DNS, DHCP and IP Address Management), VPN, Network Access Control solutions, Web Filtering solutions, CASB and SASE systems, Intrusion Detection/Prevention systems, Network Packet Brokers, and Network Traffic Visibility solutions
• Fulfill project requests and tasks for our clients (Firewall Policy, VPN tunnel creation, DDI, CASB Incident Response, applying web filter entries, etc.)
• Manage and mitigate vulnerabilities for the devices that are backed by the Network Security Team
• Resolve problems and break/fix incidents on the enterprise network and its network security systems.
• Provide administrative-level technical network security implementation skill set for enterprise and Data Center environments of UCSF
• Assist in the development of network device hardening standards
• Apply professional communications concepts, industry practices, and relevant policies, procedures, and objectives to resolve highly complex issues.
• Establish methods, techniques and evaluation criteria to obtain results.
• Interface with management, IT-Security and vendors to develop and implement new solutions to meet business requirements
• Serve as an escalation point for junior staff

Required Qualifications:

• Bachelor's Degree, or equivalent combination of experience/training in one or more of the following fields: computer science, engineering, computer information systems, etc.
• 5-7 years of experience working in one or more of the following fields: network services, information technology, network security, or network operations.
• Cisco Certified Network Professional (CCNP) and/or equivalent experience/training
• Demonstrated advanced knowledge of various network security devices, features, and technologies like firewalls, intrusion detection and prevention systems, network access control solutions, web filtering solutions, network packet brokers, load balancing, DDI (DNS, DHCP, and IP Address management), VPN, and network traffic visibility solutions.
• Demonstrated advanced knowledge of various VPN technologies.
• Demonstrated advanced knowledge of network security protocols, technologies, standards, and tools.
• Demonstrated advanced knowledge of various authentication protocols and services.
• Demonstrated advanced understanding of modern enterprise TCP/IP data networks using standards and technologies including but not limited to: OSPF, STP, RSTP, 802.1Q, Multicast, Quality of Service and tunneling protocols.
• Demonstrated advanced knowledge of security architectures in private and public cloud environments. Experience designing and implementing network services within public cloud environments (e.g., AWS, Azure).
• Demonstrated advanced knowledge, skills, and experience with Cisco Routing and Switching products.
• Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, load balancing, packet capture, and/or data loss prevention.
• Understands implications of work on other areas of IT and business.
• Proven ability to learn effectively and meet deadlines. Self-motivated and works independently and as part of a team with minimal supervision. Participates in network on-call rotation supporting a 24/7 environment.
• Excellent communication skills with the ability to convey technical information to both technical and non-technical personnel. Ability to support the creation of presentation materials, generate reports, and lead presentations to stakeholders.
• Demonstrated advanced ability to gather, organize, and analyze data in the completion of a variety of functional assignments.
• Demonstrated advanced problem-solving skills. Ability to diagnose and resolve network connectivity issues, in a timely manner. Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention.
• Familiarity with network security best practices and the ability to implement and maintain firewall rules, access controls, and intrusion detection/prevention systems.
• Excellent interpersonal skills, with the ability to work effectively with colleagues and stakeholders across departments.

License/Certification:

• Cisco Certified Network Professional (CCNP) and/or equivalent experience/training

Preferred Qualifications:

• Demonstrated advanced knowledge, skills, and experience with Juniper Routing and Switching products.
• Demonstrated advanced knowledge and experience with network device management tools, technologies, and products like SASE, CASE, and CASB solutions.
• Extensive knowledge of structured cabling systems, network facilities, electrical, UPS, etc.
• Experience performing packet and flow analysis with various toolsets, including in-line taps, firewall/IPS appliances, network routers, and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools.
• Palo Alto Networks Certified Network Security Engineer and/or equivalent experience/training
• Certified Information Systems Security Professional (CISSP)
• AWS Solutions Architect or AWS Cloud Practitioner Certification

About UCSF

The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world's leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.

Pride Values

UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values.

In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available here.

Join us to find a rewarding career contributing to improving healthcare worldwide.

Equal Employment Opportunity

The University of California is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected status under state or federal law.

Salary Information

The final salary and offer components are subject to additional approvals based on UC policy.

Your placement within the salary range is dependent on a number of factors including your work experience and internal equity within this position classification at UCSF. For positions that are represented by a labor union, placement within the salary range will be guided by the rules in the collective bargaining agreement.

To learn more about the benefits of working at UCSF, including total compensation, please visit:

Required Qualifications:

• Bachelor's Degree, or equivalent combination of experience/training in one or more of the following fields: computer science, engineering, computer information systems, etc.
• 5-7 years of experience working in one or more of the following fields: network services, information technology, network security, or network operations.
• Cisco Certified Network Professional (CCNP) and/or equivalent experience/training
• Demonstrated advanced knowledge of various network security devices, features, and technologies like firewalls, intrusion detection and prevention systems, network access control solutions, web filtering solutions, network packet brokers, load balancing, DDI (DNS, DHCP, and IP Address management), VPN, and network traffic visibility solutions.
• Demonstrated advanced knowledge of various VPN technologies.
• Demonstrated advanced knowledge of network security protocols, technologies, standards, and tools.
• Demonstrated advanced knowledge of various authentication protocols and services.
• Demonstrated advanced understanding of modern enterprise TCP/IP data networks using standards and technologies including but not limited to: OSPF, STP, RSTP, 802.1Q, Multicast, Quality of Service and tunneling protocols.
• Demonstrated advanced knowledge of security architectures in private and public cloud environments. Experience designing and implementing network services within public cloud environments (e.g., AWS, Azure).
• Demonstrated advanced knowledge, skills, and experience with Cisco Routing and Switching products.
• Experience with Border Gateway Protocol (BGP), intrusion detection, proxies, firewalls, load balancing, packet capture, and/or data loss prevention.
• Understands implications of work on other areas of IT and business.
• Proven ability to learn effectively and meet deadlines. Self-motivated and works independently and as part of a team with minimal supervision. Participates in network on-call rotation supporting a 24/7 environment.
• Excellent communication skills with the ability to convey technical information to both technical and non-technical personnel. Ability to support the creation of presentation materials, generate reports, and lead presentations to stakeholders.
• Demonstrated advanced ability to gather, organize, and analyze data in the completion of a variety of functional assignments.
• Demonstrated advanced problem-solving skills. Ability to diagnose and resolve network connectivity issues, in a timely manner. Experience troubleshooting and deploying solutions involving certificates and public key infrastructures (802.1X or SSL decryption and offloading), and designing and deploying web proxy and content filtering solutions for data loss prevention.
• Familiarity with network security best practices and the ability to implement and maintain firewall rules, access controls, and intrusion detection/prevention systems.
• Excellent interpersonal skills, with the ability to work effectively with colleagues and stakeholders across departments.

License/Certification:

• Cisco Certified Network Professional (CCNP) and/or equivalent experience/training

Preferred Qualifications:

• Demonstrated advanced knowledge, skills, and experience with Juniper Routing and Switching products.
• Demonstrated advanced knowledge and experience with network device management tools, technologies, and products like SASE, CASE, and CASB solutions.
• Extensive knowledge of structured cabling systems, network facilities, electrical, UPS, etc.
• Experience performing packet and flow analysis with various toolsets, including in-line taps, firewall/IPS appliances, network routers, and hosts. Experience working with network access control platforms, writing shell scripts using Python or Bash, and using infrastructure monitoring tools.
• Palo Alto Networks Certified Network Security Engineer and/or equivalent experience/training
• Certified Information Systems Security Professional (CISSP)
• AWS Solutions Architect or AWS Cloud Practitioner Certification