Role & Responsibilities:

Firewall Management

• Configuration (Site to site or client to site) of new VPN tunnels.
• Routing of traffic through the gateways.
• NATing of incoming and outgoing traffic through NAT rules.
• Configure new gateways and getting them into production.
• Creation of rules (Access, deny and block) to control traffic.
• Configure SNMP so that alerts are sent to respective Syslog server.
• Refining existing rules to minimize the number of rules used.
• Software update on all Security Gateways
• Troubleshoot calls with users (Generic access) or clients (VPN).
• Removal of errors (License, rule error) during a policy push.
• Enabling Role based access (Super user, admins, read only).
• Rule management using Tufin analysis as and when planned.
• Configure the SNMP so that logs are forwarded Syslog servers
• Monitoring the health of the firewall -- CPU utilization, cluster status, interface status ,AD connectivity, Dash board connectivity

Intrusion Prevention

• Configuration of IPS blade and fine tuning(Add rules to prevent and detect) as per security standards
• Rule Documentation (List of rules which are in Prevention and Detection).
• Enabling Role based access (Super user, admins, read only).
• Analyze & investigate triggered events.
• Send notifications to users when alerts are received.
• Escalation to required Personnel during a security breach
• Monitoring the health of the device -CPU utilization, interface status.

Honeypot

• Should be able to configure honeypot software and hardware to simulate vulnerable systems or services that attract malicious activity.
• Monitoring honeypots for the malicious activity or unauthorized access attempts.
• Analyzing captured data to understand attack patterns, tactics, and techniques used by potential adversaries.
• Providing support during incident response activities by leveraging insights gained from honeypot data to mitigate ongoing threats and prevent future attacks.
• Documenting configurations, findings, and methodologies related to honeypot deployments. Generating reports to communicate findings and recommendations to stakeholders.
• Collaborating with other cybersecurity team members to integrate honeypot data into broader security operations and threat intelligence efforts.

Required Skill:

• Implementation, configuration and management of network security devices firewall, IPS & IDS, VPN, Honeypot. Experience shall comprise of
• Capabilities of performing the enterprise wide security assessment
• Tools and Technologies: Next generation Firewall, IPS/IDS, Network Access Control, Site to Site and Remote Access VPN, Honeypot
• Advanced threat protection architecture design etc.
• Deployment of the honeypot devices into the network
• Should have in-depth knowledge about honeypot and its working concepts
• Should have hands-on experience of deployment and managing honeypot (Preferably Canary Tools Honeypot)