IT Security Lead - Firewall | Pharma Industry

Main purpose of the Job:

The Tech Lead IT Security will be responsible to handle the complete Network Firewalls, OT firewalls, SDWAN Devices and SIEM across the organization

Role & responsibilities:

• Responsible for maintaining the firewalls by consider the network topology, traffic patterns, and potential threats while creating an effective firewall strategy.
• Responsible for maintaining the SD-WAN based on the organization's requirements and network topology.
• Should create and manage firewall rules that determine what types of traffic are allowed or denied between different network segments or between the internal network and the internet.
• Continuously monitoring the firewall infrastructure to ensure its proper functioning is a critical task. If issues or anomalies are detected, then must troubleshoot and resolve them promptly to minimize downtime and security risks.
• Need to involve in security audits and assessments to ensure that the organization complies with relevant security standards and regulations. need to prepare documentation and reports on firewall configurations and policies.
• Regularly assessing the firewall devices for vulnerabilities and applying security patches and updates is necessary to safeguard the network from emerging threats.
• Optimizing the firewall's performance is essential to prevent bottlenecks and ensure smooth network traffic flow. This may involve fine-tuning rules, adjusting configurations, or upgrading hardware when necessary.
• SD-WAN seamless integration with existing routers, firewalls, VPNs, and other networking components.
• Prioritize and manage different types of network traffic based on policies and application requirements.
• Regularly monitoring the SD-WAN infrastructure is essential to identify performance issues, security threats, or configuration errors will be responsible for troubleshooting and resolving them to minimize downtime and ensure network reliability.
• Monitor SIEM alerts and notifications to detect security incidents in real-time. Investigate and respond to security events, triaging and escalating incidents as necessary.
• Conduct in-depth analysis of security incidents to determine the root cause, scope, and impact of the events. Perform digital forensics and analysis on compromised systems, if necessary.
• Monitor the health and performance of the SIEM infrastructure to ensure its continuous and reliable operation. Troubleshoot and resolve issues promptly.
• Plan and execute SIEM software upgrades and patches to ensure the platform is up to date with the latest features and security enhancements.
• Collaborate with other IT teams, security analysts, incident response teams, and management to ensure effective communication and alignment of SIEM initiatives with overall cybersecurity strategies.

Candidate Required skills:

• In-depth knowledge of various firewall and SD-WAN technologies, such Checkpoint, paloalto, Fortinet, cisco ASA, Barracuda
• Strong understanding of networking protocols, including TCP/IP, UDP, ICMP, HTTP, HTTPS, DNS, FTP, and others.
• Knowledge of how these protocols operate at different layers of the OSI model is crucial for firewall rule configuration
• Thorough knowledge of network security principles, best practices, and common attack vectors. Understanding firewall policies, access control lists (ACLs), VPN technologies, intrusion detection/prevention systems (IDS/IPS), and DDoS protection is important.
• Ability to create, manage, and optimize firewall policies and rules based on business requirements, security standards, and compliance regulations. This involves understanding traffic flow, application requirements, and security implications.
• Familiarity with security auditing processes, vulnerability assessments, and compliance frameworks to ensure the firewall infrastructure meets industry standards and regulatory requirements.
• Proficiency in configuring and managing intrusion detection and response systems (IDS/IPS) to detect and respond to potential threats and attacks in real-time.
• Knowledge and work experience of virtual private networks (VPN) and remote access technologies, including IPsec, SSL VPN, and multi-factor authentication (MFA) to enable secure remote connections.
• Strong troubleshooting skills to identify and resolve issues related to firewall configurations, connectivity, and performance.
• Familiarity with network monitoring tools to assess firewall performance, traffic patterns, and security events.
• Knowledge of SIEM (Security Information and Event Management) solutions is beneficial.
• A strong background in traditional networking, such as routing, switching, and WAN technologies, is highly beneficial in understanding the broader network context in which SD-WAN operates.
• In-depth knowledge and hands-on experience with various SIEM platforms, such as Rapid7, Splunk, IBM QRadar, ArcSight, LogRhythm
• Strong understanding of cybersecurity concepts, including security event log analysis, intrusion detection, threat hunting, and incident response
• Proficiency in analyzing and correlating security event logs from various sources to detect potential security incidents and threats.
• Experience in creating and fine-tuning correlation rules to identify suspicious patterns and behaviors indicative of security threats.
• Familiarity with incident response processes and methodologies, including triaging and responding to security incidents.
• Should have good experience in handling the team
• Should have excellent communication skills.