The Sr. Network Security Engineer is a critical member of the Enterprise Security Office-Security Engineering Team. The role is responsible for architecting, deploying, and managing security infrastructure/processes with specific focus on the security of the Lennar IT networks. This role will be accountable for providing security engineering and technical leadership for the deployment of network security solutions across all of Lennar’s business units. In this role, the Network Security Engineer will be a key contributor to the design and oversight of corporate network security solutions supporting Lennar’s employees, suppliers, dealers, and business partners. The incumbent will collaborate closely with IT Operations and other Engineering teams to ensure adequate security solutions are in place throughout all IT systems and platforms. This role will drive to achieve and maintain a security posture commensurate with the risk tolerance of the organization, meet business objectives and regulatory requirements
- Provide leadership and technical expertise with the deployment and maintenance of Lennar’s network security solutions.
- Provide network security expertise and guidance around security issues and recommend solutions to mitigate and eliminate risks to Lennar information assets.
- Ensure that controls are in place and managed properly to meet legal and regulatory compliance of all network infrastructures.
- Ensure the development of and adherence to Lennar standards and best practices in all areas of networks security engineering and operations.
- Contribute to the development of the Security Engineering roadmap of Lennar’s telecom and network infrastructure.
- Collaborate and provide input with Lennar’s security teams in the areas of Risk Management, Compliance, and Incident Response to establish and enforce security policies for the network environment.
- Promotes and facilitates effective communication between the Security Engineering, Architecture, Operations and other departments and or business units.
- Assist in the acquisition and vendor risk assessment, procurement and evaluation of vendors and products.
- Evaluate and recommend new and emerging services and technologies.
- Assist with remediation efforts and recommendations as it relates to external and internal security audits.
- Participate as an active member of the Security Incident Response Team.
- Participate in post-mortem investigation of security incidents and prepare security incident reports documenting the findings.
Education and Experience Requirements:
- Bachelors required, Master’s degree preferred in Computer Science, Information Systems Security or related field.
- CISSP, CEH, SANS Security and other industry and vendor specific security certifications highly preferred.
- Minimum of 8+ years of experience in networking technologies including TCP/IP, DNS, DHCP, LAN/WAN, Wireless Networking, Routing, Switching, Firewalls, IPv4/v6, and administration of routers/switches with a proven record of successful deployment and management of network security solutions at a mid to large-scale enterprise network.
This is primarily a sedentary office position which requires the incumbent to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary.
- Expert knowledge with security concepts and technologies such as stateful inspection, packet filtering, 802.1x, Firewalls (Cisco ASA, Palo Alto preferred), Web Application Firewalls, Intrusion Detection and Prevention systems (Cisco, Palo Alto, Snort preferred), Proxy technologies, load-balancing technologies, network security monitoring, traffic analysis, Distributed Denial of Service Threats and other security vulnerabilities and risk mitigation strategies.
- Expert knowledge of network security technology solutions including Virtual Private Networks (VPN) and IPSec with two-factor authentication.
- Experience with Security Information and Event Management Systems (SIEM) and log management systems (Splunk Enterprise Security preferred).
- Experience with network based vulnerability assessment tools (i.e. Rapid7, Nessus, Retina, Qualys).
- Experience with securing wireless networks and Wireless Intrusion Prevention Systems and technologies (i.e. Casper/JSS, Meraki, MobileIron or AirWatch).
- Clear understanding of Identity & Access Management, and Privilege Access Management processes and technologies.
- Ability to analyze and communicate strengths and weaknesses of network technology solutions, relative to network security, performance and cost.
- Experience identifying system critical and single points of failure. Works with other teams and third-party vendors to resolve security issues.
- Experience identifying and analyzing emerging and advanced threats (such as APT, OWASP top-10/20, and others).
- Experience in developing and managing application security testing programs (leveraging OWASP Software Assurance Maturity Model, and others)
- Experience with responding to security incidents and reporting on incident handling and resolution.
- Experience with participating in post-mortem investigation of security incidents and preparation of security incident reports documenting the findings.
- Considerable writing proficiency and visual design skills, oral presentation skills, problem solving and decision-making skills.
- Excellent verbal and written communication skills, including executive-level presentations.
- Ability to deal effectively with a wide range of vendors, service providers, and regulatory agencies.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
- Ability to exercise sound judgment in complex situations.
- Ability to confidently and simply explain technical security issues without hype or buzzwords.
- Ability to work with technical and non-technical business owners to develop solutions.
- Ability to handle multiple competing priorities in a fast-paced environment.
- Strong commitment to customer service.
- Results oriented, high energy, self-motivated.
- Ability to work well under minimal supervision.
- Some travel may be required for internal, conference, customer, partner and vendor meetings.
This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice.