In this key position, The Security/Firewall Engineer is responsible for the design, implementation, evaluation and operations of TB’s global security technologies including, but not limited to systems authentication, firewalls, network access, infrastructure and operating systems. The candidate will be responsible for working with TB’s Architecture, Information Security, Network and Systems Engineering Organization on the design and implementation of TB’s security architectures and standards as well as assist with the identification and deployment of relevant technologies. In this position, you will stay current on Network Security Best Practices and actively implement network security controls within the organization. A key aspect of this role is compliance management relative to TB’s security architecture and the development of appropriate risk mitigation and corrective action plans. Team work, self-direction, creativity and problem solving are important candidate qualities. Candidates for this position are expected to maintain technical currency and possess broad security knowledge across multiple disciplines with emphasis on network security.
Prevent, Detect and Remediate security vulnerabilities at all layers of the TB platform (mobile, backend, network, embedded, administrative)
Use and develop tools and techniques to research and identify exploits in backend and embedded systems
Familiarity with network authentication practices, network security practices, and basic cryptography
Work with internal engineers and external security auditors to test and secure the TB platform
Validate and document existing firewall rules within the organization; ensure auditable documentation that details Firewall Rule sets for all Firewalls within the organization
Develop and implement a process for the analysis and definition of new Firewall Rules to organize and provide an audit trail for the implementation of the Firewall Security Controls
Work with Information Security to develop and implement Network Security Controls –Collaborate with the Information Security team to stay abreast of current Network Security trends; lead the development and implementation of desired controls within the organization
Develop and implement audit parameters for all Firewalls within the organization resulting in an organized system for audits of Firewalls within the organization
Ensure remote access solutions are compliant with the applicable security controls by partnering with various IT groups
Assume ownership of layer 3 controls for the Palo Alto solutions within the organization. Develop a process, procedure and application rule set around the administration of Palo Alto Firewalls.
Configure network Firewalls to meet compliance standards; ensure that network configurations meet the requirements of applicable industry security standards and comply with applicable security policies and controls
Must have demonstrated knowledge of IP Networking and Network Security.
Must possess the ability to analyze network traffic flows to reverse-engineer the required firewall ports.
Must be able to troubleshoot firewall problems involving complex application flows between multiple hosts and spanning firewalled security zones.
Must have demonstrated knowledge of desktop, server and other network technologies. Such as DNS, DHCP, OSPF, BGP, VPN AND SNMP.
Interface with security staff and business clients to evaluate security posture of projects and formulate test plans and engagement timelines
Perimeter security / firewall / ips / ids / load balancer / WAFs / ipsec / ssl vpn
Some type of forensic / log / tcp dump analysis
Routing and Network layer understanding
System based security for windows and linux. In the event of a suspicious activity should be able to do basic forensic (helpful)
The vendors and technologies we usePalo Alto
Aruba (Clear Pass and NAC) + AP management
Cisco Firewall (90+ locations)
SIEM – Specifically LogRhythm
Understanding of cloud base and virtualize environment for security and policy / compliance (helpful)
EDUCATION & PRIOR EXPERIENCE NEEDED
Bachelor’s degree in Computer Science; or 7+ years related experience and/or training; or equivalent combination of education and experience
5 to 7 years’ experience supporting an IT 24×7 production environment.
3-5 years’ experience in a complex global computing environment; deep understanding of, and integration of Active Directory. Authentication systems, protocol analysis, secure protocols, mobile device management.
Strong technical acumen in access control and firewall hardening
CISSP and/or other Network Certifications are preferred.
Strong understanding of the support of a 24×7 production environment from a network security perspective.
Proven Network Security design skills.
Strong understanding of industry standard Network Security Controls.
Ability to conduct strategic planning for the enterprise network and security infrastructure.
Fluent understanding of Firewalls and Network Security Devices.
Adaptable – Change before you have toChanges course easily – Knows when to be patient and when to push – Works well in the gray – Shows grace under pressure – Owns mistakes and learns from them – Balances multiple priorities
Entrepreneurial Spirit – Own itTakes initiative, doesn’t wait for direction – Builds for the future – Takes personal ownership and accountability – Is resourceful in getting things done
Collaborative – No “I” in ToryIs self-aware and open-minded – Integrates the perspectives of others – Is direct but respectful – Communicates cross functionally – Knows when to get people involved and when to make a decision – Takes an inclusive approach
Client & Brand Focus – Put yourself in Tory’s shoesPassionate about the brand and the work – Creates a transformational client experience – Makes decisions in the best interest of the company and our customers – Focuses on internal and external customers
Live the Values – Being “Buddy”Keeps the “Buddy Values” alive (Kindness, humility, warmth, honesty, loyalty, compassion, integrity, and passion) – It’s not just what you do, but how you do it – Contributes to a positive and productive environment
Functional Expertise – Know Your StuffHas the skills necessary to perform the job – Keeps current on trends, skills, and practices – Puts learning into practice
FOR PEOPLE MANAGERS: Team Builder – It’s all about “We”Sets team goals and roles – Develops, motivates and empowers – Delivers constructive and encouraging feedback – Holds people accountable for results – Recognizes high performance
FOR PEOPLE MANAGERS: Change Leader – Change is the essence of lifeChallenges the current point of view – Puts changes in context for the team – Executes changes that impact the business – Is proactive and positive – Listens to and keeps the team up to speed
Equal Employment Opportunity Statement
Tory Burch LLC is an Equal Employment Opportunity employer and provides equal opportunities to all employees and applicants without regard to an individual’s age, race, creed, color, religion, national origin, sex (including pregnancy) or sexual orientation, gender expression, military status, marital status, genetic predisposition or carrier status, disability or membership in any other protected class under applicable law. Likewise, we will consider qualified applicants with criminal histories for employment in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring, Ordinance No. 184652. Pursuant to the San Francisco Fair Chance Ordinance, we will consider qualified applicants with arrest and conviction records for employment.
Tory Burch is committed to providing reasonable accommodations to applicants and employees with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment. If you require assistance or an accommodation with the hiring process, please contact email@example.com.