Network Security Engineer

Job Title: Network Security Engineer
Location: Rancho Cordova, CA (Onsite) 

Job Description: 
Our client is seeking a contract resource to support modernization of site-to-site IPsec VPN tunnels and firewall access control policy hardening within the client''''''''s environment. 
This role will focus on upgrading existing VPN tunnels from IKEv1 to IKEv2 and ensuring cryptographic configurations meet organizational standards. 
The contractor will also review and refine firewall rules on Cisco Firepower
systems to reduce overly permissive access and align configurations with approved requirements. 
This work supports improved security and controlled network connectivity across the client and its external partners.

Responsibilities: 
•  Review approximately 80 existing site-to-site IPsec VPN tunnels
•  Upgrade approximately 50 VPN tunnels from IKEv1 to IKEv2
•  Ensure VPN configurations align with organizational cryptographic standards
•  Update pre-shared keys (PSKs) to meet a minimum 20-character requirement
•  Validate VPN tunnel functionality after each change
•  Review approximately 10 firewall access control rules on Cisco Firepower
•  Modify firewall rules to remove overly permissive or broad subnet access
•  Restrict firewall rules to required source/destination networks, ports, and protocols
•  Apply principle of least privilege in firewall rule updates
•  Perform validation testing after firewall changes to confirm no service disruption
•  Coordinate implementation activities with UC Davis campus teams and external partners
•  Support execution of approved maintenance window changes
•  Provide technical assistance during implementation activities
•  Document VPN and firewall changes and validation results
•  Coordinate cryptographic parameter and shared secret updates with external partners
•  Support scheduling and execution of maintenance window activities

Required Technical Experience?
•  Experience managing site-to-site IPsec VPNs
•  Hands-on experience upgrading VPNs from IKEv1 to IKEv2
•  Experience configuring and validating VPN tunnel connectivity
•  Knowledge of cryptographic standards and secure key management practices
•  Experience managing firewall access control rules
•  Experience with Cisco Firepower firewall platforms
•  Ability to implement least privilege network access controls
•  Experience performing post-change validation and troubleshooting network issues
•  Experience coordinating technical changes with internal teams and external partners
•  Experience working within structured maintenance window processes

Preferred Qualifications: 
•  Experience in healthcare or higher education IT environments
•  Familiarity with large-scale enterprise network environments
•  Experience supporting change management processes in production environments

Desired Certifications: 
•  Cisco CCNA Security or CCNP Security (or equivalent experience)
•  CompTIA Security+ or equivalent security certification
•  ITIL Foundation (preferred)