Infrastructure

Network Security Engineer

RedStream Technology

Network Security Engineer Waltham, MA

Network Security Engineer

– Contract Role – Waltham, MA

RedStream Technology is recruiting for an experienced Network Security Engineer with a particular focus on AWS security design and implementation. 

Work with a team on architecture, design and implementation of multi-account/inter-region AWS solutions with scalable security and compliance controls centered around (but not limited to) network plane.

Provide Cloud security expertise to design and implement an AWS Architected Framework with emphasis on the ‘Security’ pillar, knowledgeable and experienced with common Cloud reference architectures (past, current and future states), security standards, best practices, control frameworks and an eye towards simplification

Experience:

  • Three or more years of experience as hands-on security architect/engineer in a large-scale regulated enterprise customer environment or professional services consulting engagement(s) of a similar scope
  • Experience as an active contributor to architecture, design and implementation of multi-account/inter-region AWS solutions with scalable security and compliance controls centered around (but not limited to) network plane
  • Proven mastery of AWS native SDN instrumentation (VPC, SGs, ACLs, PrivateLink, etc) and management of advanced network topologies (hub-and-spoke, elastic micro-segmentation, peering, static and dynamic routing, encapsulation, VPN, TGW, public and private endpoints, etc) spanning across account boundaries
  • In-depth understanding of TCP/IP networking and wide range of AWS tools, services (i.e. Route53,) and mechanisms (e.g. SCPs, resource level policies, etc). to implement security around these protocols and common integration points with on-prem data center environments including various connectivity options AWS provides
  • Experience with and understanding of core network security functions such as L3/4 stateful firewalls, WAF, IDS/IPS, DDoS, packet inspection, auditing and logging as well as adjacent domains for AWS and partner ecosystems defending against common threat models
  • Knowledge and hands-on experience with end-to-end multi-hop implementations of data in transit encryption solutions (TLS, termination and certificate management, PKI, advanced load balancer configuration options, resource/service side encryption controls)
  • A working knowledge and understanding of recent additions to the product line (Network Firewall, FMS, Traffic Mirroring, Ingress, GWLB, IRSA, SGs for Pods, etc) as well as roadmap for AWS security services and features
  • Hands on experience and ability to express the desired state via declarative IaC tools such as CFN or TF, or via higher level abstractions such as CDK and familiarity with the associated DevOps practices aimed at producing repeatable and fully automated solutions
  • Familiarity with L7 communications patterns and advanced security solutions such as service meshes and mTLS for containerized (EKS) and other workloads
  • Hands-on experience with 3rd party security products (L3/4 next gen firewalls, WAFs, forward and reverse proxies)
  • AWS Security/Network Specialty and/or Architect Pro Certifications
  • Recognized Information Security Industry Certifications

Tagged as: Network Security Engineer