PDA

View Full Version : Senior Check Point Firewall Engineer Wanted



Barry J. Stiefel
2011-02-24, 19:43
CPUG Members:

Here's a new listing for a contract position. They're looking for someone with CCSE and VSX certification. They're flexible on the rate they specify below.

Barry

Sr. Firewall Engineer

DTI has an immediate need for a Sr.Firewall Engineer for 6 month plus contract opportunity. Candidate can be located in: Annapolis, MD; Aurora, CO or Lisle, IL.

Job Description:
Candidate will be apart of the Firewall and Security Services Tier III group responsible for managing complex problem escalations, performing simple to complex changes/migrations and upgrades. There is a regular need to shift work week hours to weekend hours for scheduled changes. There is occasional need to travel on-site to local centers and assist with remote hands and eyes and perform new installs. This position directly interfaces with external clients and is highly visible. The position is involves complex problem engagements, interfacing with customers, vendors and developers, performance tuning, and development of ad-hoc tools to aid in identifying trends and isolating problems during times of critical need.
The following skills and experience are required for this position:
Expert level knowledge of:
Checkpoint Firewall-1/VPN software (NG-AI) Checkpoint 4.1, NG, NGAI, NGX, VSX Secure Platform
Cisco Pix, FWSM, ASA
Juniper Netscreen Firewalls
Cisco Routers/Switch
TCPIP
CCNA/CCNP - UNIX Skills (Intermediate to Advanced)

- Advanced technical expertise across a broad range of technologies. - Advanced and solid experience in troubleshooting Firewall flows - Experience in migrating Firewalls from one platform to another unlike platform requiring in dept rules analysis and translation - Protocol decoding and analysis using a variety of software tools - An understanding of Internet DNS, HTTP and load balancing concepts. - Technical leadership during high visibility outages and maintenance activity. - Technical Consultative Skills and the ability to manage projects.

Required Skills:
1) Knowledge of Checkpoint Firewall Expert Required
2) UNIX Skills Intermediate Required
3) Troubleshooting Routing & Switching Issues Expert Required
4) Understanding Internet DNS, HTTP Expert Required
5) Technical leadership during high outages Expert Required
6) Citrix Netscaler Load Balancer Intermediate Desired
7) Technical Consultative Skills Intermediate Desired
8) Knowledge of protocol analysis tools Expert Required
9) CCSE Certification Expert Required
10) VSX Certification Expert Required Duration: 6 Months
Location: Various Locations
Rate Range: $42.00-47.00Hr/W2 Contact Information
Contact: Lathia Davison
Location: Annapolis

DTI
828 South Wabash Ave.
Suite 200
Chicago, IL 60605
Tel: 312-362-9600
Fax: 312-362-9272

security4it
2011-02-27, 21:56
Really? $42 per hour for an EXPERT in all these areas. I personally will refer NO one I know to any recruiters for less than $60.00 plus T&L expenses.
Barry how can we call ourselves Professionals in Information Security when we are accepting entry level pay.

Any other opinions out there. Speak UP!

How much do you think Security EXPERTS (YOU) are worth?

Barry J. Stiefel
2011-02-27, 22:07
Really? $42 per hour for an EXPERT in all these areas. I personally will refer NO one I know to any recruiters for less than $60.00 plus T&L expenses.
Barry how can we call ourselves Professionals in Information Security when we are accepting entry level pay.

Any other opinions out there. Speak UP!

How much do you think Security EXPERTS (YOU) are worth?Yeah, I wasn't happy about that rate, either.

northlandboy
2011-02-27, 22:37
Yeah, I wasn't happy about that rate, either.

But aren't you keen to work for a place that still uses 4.1?

Routerkid1
2011-02-28, 01:18
But aren't you keen to work for a place that still uses 4.1?

I upgraded a client from 3.0B to R65 3 years ago. I was like grandpa tell me about the days when Nat started.

chillyjim
2011-02-28, 12:51
I still have a customer on 3.0b! Yes he is paying SS.
We won't even discus the 4.1 and FP3 customers still out there.

northlandboy
2011-02-28, 15:03
I still have a customer on 3.0b! Yes he is paying SS.

I've often wondered about places like that, where they never upgrade, never apply patches, yet they pay for support. Is it just for the warm fuzzy feeling, or just to tick a box in a checklist?

You do wonder why they bother with a "security" appliance, if they don't actually care about security.

It's before my time even, but wouldn't the 3.x branch be vulnerable to that old FTP problem, where it was trivial to bypass the firewall if you allowed any FTP?

RayPesek
2011-02-28, 21:07
I've often wondered about places like that, where they never upgrade, never apply patches, yet they pay for support. Is it just for the warm fuzzy feeling, or just to tick a box in a checklist?

Laziness. At my last employer, back in 2002 we were deploying Windows 2000 for desktops. The showstopper was the Lawson HR software, known as "Client 2.2". We noticed it was running in the WoW 16-bit emulator but it still wouldn't work right. It turned out the HR programmers had customized the server-side code so much that they didn't want the hassle of an upgrade. The current version was 6.0 and we were on 2.2. We were paying $85,000 a year to Lawson for support and they were using them as a help desk.

We solved it by making the HR people have two desktops, two mice, two keyboards and two monitors, one just for Lawson. That lasted precisely one week before the HR programming staff was told to upgrade.

There were so many changes they had to fly people in from the remote locations to go through three days of classes. They actually got kudos for making the upgrade so professional, with nary a word said about the $350,000 of wasted support costs, three days of hotel rooms for a couple of dozen people, air fare for same, etc. <sigh>

Ray

PhoneBoy
2011-03-01, 01:23
This sounds like a version of the old "if it ain't broke, don't fix it" rule. As long as it worked as they expected, it wasn't "broke" and thus didn't need fixing.

We've had more than a few reports of 5+ year uptimes on old IP650s and IP330s. Those platforms were retired long ago...

Routerkid1
2011-03-01, 10:38
This sounds like a version of the old "if it ain't broke, don't fix it" rule. As long as it worked as they expected, it wasn't "broke" and thus didn't need fixing.

We've had more than a few reports of 5+ year uptimes on old IP650s and IP330s. Those platforms were retired long ago...

Well the big problem I see with most Enterprise customers is fear of change because of a bad experience with an IT upgrade inthe past. It could be Lotus Notes, Exchange or Phones but the end result is IT sucks and changing things leads to pain. One thing I do with firewall changes is to use policy based routing via cisco route maps to move sections of traffic over. I also only cut over one vpn at a time for external traffic.