Network Security Architect

Network Security USCIS has a large remote work force. Remote work includes teleworkers, digital nomads, and large teams working in extreme remote locations. Remote capability requirements fluctuate with immigration challenges. USCIS is in the process of deploying a Zero Trust framework which enables users to work more optimally from afar with enhanceability and performance. The USCIS client base is expanding and growing. Securing our information while making it more adaptable, agile, and scalable is an increasing requirement. The contractor shall continue to develop, build, and enhance the Zero Trust Environment and lead USCIS in discovering, designing, and building strategic ingress/egress points. Specific technologies, applications and services will be compartmentalized securely utilizing approved TIC 3.0 and subsequent requirements. The contractor shall perform the following:

• Design and adopt SaaS and IaaS service platforms where possible.
• Architect, engineer and implement network security control methods in cloud, onpremises,

and virtual environments to support DHS directive 4300A, NIST 800-53 and industry best practices.

• Audit firmware versions and configuration settings for the USCIS SDWAN, SDN, WAN,

LAN Cloud network infrastructure platforms/devices to eliminate vulnerabilities and ensure USCIS deploys and operates in accordance with vendor recommendations, industry best-practices, DoD STIGs, and DHS configuration guidance.

• TIC services such as Proxy, Reverse Proxy.
• Recommend, design, configure, and implement Next Generation Firewall systems and

Next Generation Intrusion Protection Systems.

• Review existing configuration settings to identify potential security vulnerabilities and

propose/implement setting or architectural changes to address these vulnerabilities.

• Orchestrate, facilitate, and automate configurations standards and policy enforcement.

20

• Architect and engineering a Network Access Control (NAC) solution.
• Design, recommend, provide cost analysis, threat, and risk mitigation for new TIC

boundary.

• Build and deliver new TIC solution.

Enterprise Infrastructure Support Enterprise Infrastructure support includes management of USCIS Network and Network security devices which include, but not limited to, CISCO ASA, CISCO Security Manager, IPS/IDS Modules, SPLUNK, Cisco Firepower, StealthWatch, Cisco Prime, AlgoSec, NetMapper (Riverbed), network switches, routers, load balancers and Infoblox and equivalent technologies. Implement security components which include appliances, jump boxes and scanning tools. Provide maintenance support to the security components which would include but is not limited to upgrading firmware, and patches. Provide coverage 24 hours a day, 365 days a year. Normal business hours are 6 am to 6 pm EST. Also, provide support to incidents within 30 minutes during work hours, and within 1 hour during after-hours support. Incidents not resolved within 30 minutes during work hours or within 1 hour during after hours, shall be escalated to the government per the USCIS ticketing system. The Contractor shall perform the following:

• Manage inventories for all devices, validate the current license, and generate a report

which details which appliances are operating with current licenses; and notify the government in the cases where expiration is imminent within 180 days or less.

• Manage and implement configuration changes, break-fix, upgrades and patches for all

security appliances.

• Create scripts and processes for the implementation of all configuration changes, break

fixes, upgrades and patches. These scripts must be written so they may also be implemented by other service contractors.

• Generate schedules for deployment of patches and upgrades; coordinate with the EOC,

DHS, SOC or other stakeholders, as appropriate.

• Escalate to vendor support when required in accordance with USCIS Standard Operating

Policies, and/or ServiceNow knowledgebase articles.

• Coordinate with the NOC and SOC to integrate appliance alerts into their primary monitoring tools.
• Maintain documentation for all network security appliance changes and process flows.
• Post documents to USCIS EID SharePoint, EIDocs, as required.
• Serve as the technical leads for security and network appliances and/or security and

network services.

• Coordinate with other Engineering teams to provide technical advice and assistance.

24

• Provide consulting to assist the engineering team with projects to expand the existing

capability, to include automation.

• Coordinate with vendors for appliance break/fix issues and Return Merchandise

Authorization (RMA’s).

• Generate schedules for returning appliances and racking the replaced appliances.
• Coordinate with Tier III/IV (NOC/SOC) support to address security and network

appliance issues/outages.

• Review and provide recommendations to government managers for USCIS, DHS and

OneNet Change Requests that are reviewed at the Change Request boards.

• Create a tools analysis report, and provide the government with recommendations on cost

savings, synergies, and automation. Job Types: Full-time, Contract Pay: $90,836.66 - $109,394.69 per year Work Location: Remote Apply tot his job Apply To this Job