NAC Security Engineer

Description :

Where good people build rewarding careers.

Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

This position is a member of the Network Security team, supporting campus and branch offices network access control in support of voice/video/data network services, to hundreds of sites US nationwide, India and Northern Ireland. This individual will provide technical assistance and mentoring to junior staff on the network security team, and contribute as a lead technical resource on network security implementation projects, as related to access controls and campus users and data segmentation. As a member of the security team, this position is responsible for developing and updating standard security operating procedures, responding to escalation of network security incidents, and reporting information regarding the current status of the network infrastructure and connected devices.

Allstate is seeking a results-oriented, self-motivated network access (NAC) security engineer, who will be responsible for maintaining and continuously improving the security of a large enterprise network.

Primary duties for this position include designing the appropriate solutions, deploying and providing ongoing support for Network Access Control (NAC) technologies that will enable the organization to track all connected devices.

Qualifications

Education

  • Bachelors Degree in Computer Science, Engineering, or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience.

Qualifications

  • Must have 6-10 years experience in network engineering/operations or cyber security positions, responsible for tier-3 activities involving technical hands-on configuration and troubleshooting tasks.
  • Must demonstrate proficiency with Network Access Control (NAC) solutions and products (Cisco ISE or similar competitive products). This position will perform system administration functions across various network infrastructure platforms, as they integrate with ISE, ensuring all connected devices are tracked and granted access into the appropriate network segments.
  • This position will assist in the roll-out of network segmentation and access control technical measures enforced with a focus on allowing authorized hosts access to the environment, detecting unauthorized hosts, and quarantining hosts which do not meet local cyber security requirements. The scope of segmentation covers wired and wireless networks, in various configurations inclusive of full network internal, guest, and hybrid access solutions.
  • The ideal candidate will have recent experience in an enterprise or service provider environment deploying, troubleshooting, and documenting LAN and campus networks that integrate NAC features with various vendors products using 802.1X, MAB, RADIUS, TACACS+, profiling and posturing. Additional expertise in the area of integration with third party products, via pxGrid, and integration into end-to-end solutions such as TrustSec will be considered.
  • Must excel in high-paced, demanding environments where each day provides a new set of challenges under short time constraints involving complex security of network configurations and/or troubleshooting, with multiple hosts scattered across large campus networks.
  • Possess excellent problem solving skills and a solid understanding of how to quickly troubleshoot connectivity issues that involve switches, routers, desktops, laptops, tablets, smartphones, printers, VoIP phones and video endpoints.
  • Knowledge and hands-on experience with enterprise-level tools and products that provide security services, including: NAC, SIEM, firewalls, logging, DNS, DHCP, RADIUS, TACACS+ and VPN.
  • Must have proficiency with Linux command line utilities and familiarity with Python, Perl or shell scripting languages to parse large sets of data, automate configuration changes, generate reports, etc.
  • Experience with system integration via API calls, plug-ins, and/or web-based or CLI application development using a scripting language and SQL is a plus.

Qualification

In addition to the successful candidate's primary focus on NAC products, this position will be called upon for the following requirements and additional duties:

  • Provide Tier-2 and Tier-3 network access support in response to trouble ticket queues, where immediate response is required to resolve customer-reported network problems. The candidate must be capable of coordinating multiple open issues and interfacing with customers at all levels.
  • Develop documentation to improve current network and security standard operating procedures (SOPs).
  • Draft configuration change control proposals for submission to the change advisory board (CAB).
  • Create and update topology diagrams and associated documentation for each office location and network enclave.
  • Review log events and operate network and security management applications in order to perform fault detection, identify performance metrics, and generate reports to support specific service level requirements.
  • Perform packet capture reviews using wireshark, tcpdump and other packet analysis tools.
  • Must be flexible and able to work nights, weekends and holidays as needed to support planned and unplanned network security maintenance and troubleshooting events.
  • The successful candidate is expected to be available on-call 24x7.
  • Ability to travel as needed, primarily within the United States.
  • The successful candidate will demonstrate self-initiative and be able to operate without supervision.
  • Must have strong time management, multi-tasking, organization and administrative skills.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.

ABC


Meet Some of Allstate's Employees

Patrick

Data Analytics Engineer

Patrick supports the work of his fellow Data Scientists by coding predictive models. He works to create functional Allstate products by making sense of the company's vast amount of customer data.

Jordan

Agile Software Developer

Because developers at Allstate engage in paired programming, Jordan spends the majority of his day working with one of his fellow developers on various coding projects.


Back to top