Overview

Network Security Engineer at University of California, San Francisco (UCSF) within the Information Technology (IT) department. The role ensures the security and integrity of UCSF’s network infrastructure, supporting planning, design, optimization, implementation, audit, and troubleshooting of network security systems. The engineer partners with security operations, governance, and system administrators to design and deploy solutions to harden UCSF platforms.

Responsibilities

• Configure/Install and manage various network security devices and technologies including, but not limited to, firewalls, DNS/DHCP/IPAM, VPN, Network Access Control, web filtering, CASB and SASE systems, Intrusion Detection/Prevention, Network Packet Brokers, and Network Traffic Visibility solutions.
• Fulfill project requests and tasks for clients (Firewall policy, VPN tunnel creation, DDI, CASB incident response, applying web filter entries, etc.).
• Manage and mitigate vulnerabilities for devices backed by the Network Security Team.
• Resolve problems and break/fix incidents on the enterprise network and its security systems.
• Provide administrative-level technical network security implementation skills for enterprise and data center environments at UCSF.
• Assist in developing network device hardening standards.
• Apply professional communications concepts, industry practices, and relevant policies to resolve highly complex issues; establish methods and evaluation criteria to obtain results.
• Interface with management, IT security, and vendors to develop and implement new solutions to meet business requirements.
• Serve as an escalation point for junior staff.

Required Qualifications

• Bachelor’s Degree, or equivalent combination of experience/training in computer science, engineering, computer information systems, or related field.
• 5–7 years of experience in network services, information technology, network security, or network operations.
• Cisco Certified Network Professional (CCNP) and/or equivalent experience/training.
• Demonstrated advanced knowledge of network security devices and technologies (firewalls, IDS/IPS, NAC, web filtering, CASB/SASE, VPN, DDI, load balancing, visibility solutions).
• Demonstrated advanced knowledge of VPN technologies and modern enterprise TCP/IP networks (OSPF, STP/RSTP, 802.1Q, QoS, tunneling, etc.).
• Experience with security architectures in private and public cloud environments (designing/implementing network services in AWS, Azure).
• Experience with Cisco and Juniper routing and switching products; strong problem-solving and troubleshooting skills including certificates, PKI, 802.1X or SSL, proxies, content filtering, and data loss prevention.
• Familiarity with BGP, IDS/IPS, proxies, firewalls, load balancing, packet capture, and DLP.
• Strong communication skills and ability to work with technical and non-technical stakeholders; able to contribute to reports and presentations.

Preferred Qualifications

• Additional knowledge of Juniper routing and switching; network device management tools and platforms (SASE, CASB, etc.).
• Experience with structured cabling systems, network facilities, electrical, UPS, etc.
• Experience with packet/flow analysis, Python or Bash scripting, and infrastructure monitoring tools.
• Certifications: Palo Alto Networks CNSE, CISSP, AWS Solutions Architect or AWS Cloud Practitioner, CCNP.

License/Certification

• CCNP or equivalent experience/training
• Additional relevant certifications may be considered.

About UCSF & Equal Opportunity

UCSF is a leading academic health sciences institution committed to health worldwide through research, education, and patient care. UCSF values PRIDE ( professionalism, respect, integrity, diversity, and excellence) and is an Equal Employment Opportunity employer. All qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected status. For diversity information consult UCSF diversity resources.

Location: San Francisco, CA; Job type: Full-time; Work style: Flexible; Shift: Days; Shift Length: 8 Hours; Additional Shift Details: Mon-Fri, 9-5, with after-hours support as required.