Senior Network Security Engineer – NRE SecOps

JOB SUMMARY

The Senior Network Security Engineer Network Reliability Engineering (NRE) Security Operations (SecOps) is the subject matter expert in designing and implementing the Network Access Control (NAC) solution strategy for the next-gen operations for all Marriott International (MI) networks including the Property Networks Datacenter/Cloud Networks and Corporate Networks. This role will work closely and collaboratively with a matrix team of expert network architects and engineers to drive the adoption of NRE practices and operating models across all network product towers and around the globe. As the Senior Network Security Engineer the candidate focuses on defining and executing the zero-trust strategy to prevent unauthorized access to Marriott network as well as meet stringent compliance requirements. Reporting to the Director of NRE-SecOps the engineer will be responsible to articulate and effectively execute a vision to address increasing complexity scale of modern IT systems and ensure real-time asset visibility assessment remediation and access control to Marriott services. The successful candidate will be expected to bridge the gap by implementing security strategies and next-gen zero trust solutions to make sure all system components are meeting Marriott network access and security compliance requirements at a granular level. This role is accountable for establishing technical level relationships and partnering with all business disciplines other MI teams solution providers/vendors and operational partners to define and implement the Network NRE zero trust security roadmap building and enforcing the standards defined in it.

CANDIDATE PROFILE

Education and Experience

Required:

• Undergraduate degree in IT engineering or computer science discipline or equivalent experience/certification

• 6 years experience with network security tools related products

• Experience in installing configuring and troubleshooting of zero trust security tools (Forescout NAC Cisco ISE Aruba ClearPass or other similar tools)

• Strong preference to have Forescout certifications (FSCA or FSAA or FSCE)

• Must possess expertise in designing and implementing policies in the tools mentioned above

• Experience with one or more Cloud Computing platforms (e.g. Amazon AWS Microsoft Azure Google Compute Engine)

• Knowledge and experience in wireshark/tcpdump/nmap and related analysis techniques

• Experience in developing documenting and managing the requirements gathering process and providing detailed design and implementation plan to support the requirements throughout the project life cycle

• Field experience and knowledge of foundational data networking and IP technologies including (ARP TCP/IP UDP DHCP DNS NAT and others)

• Awareness in installing managing troubleshooting and administration of firewall management solutions (Firemon Palo Alto Panorama Checkpoint MDS)

• Understanding of TACACS RADIUS

• Experience in Agile methodologies daily stand-up meetings sprint planning sessions and user story preparations

• Hands-on experience with common routing and switching platforms (Cisco Juniper HP/Aruba etc.)

• Demonstrated experience in delivering written documents detailing network solutions and diagrams

Preferred:

• Advanced Degree (e.g. MS PhD) in Computer Science or other technical discipline or MBA preferably with a focus on technology

• Familiarity with multiple languages including C Java PythonPerl or another programming language

• Experience with managing network security tools in a hospitality industry a plus

• Experience in leveraging public APIs for developing automation scripts

• Team player with the ability to collaborate and work with cross functional teams in multiple time zones

• Experience in researching emerging technologies and trends standards and products and synthesizing into clear technology roadmaps and strategies

• Strong knowledge of emerging tools applications and systems for attaining best-in-class network security posture across the enterprise

• Excellent problem-solving skills working independently and through leading outcomes for cross functional teams

• Excellent understanding of change management testing requirements and techniques to ensure high availability and business readiness of platforms

• Strong attention to detail with an ability to operate effectively across multiple priorities

• Ability to perform independently as a member of a team and through cross functional initiatives

• Proven track record of transformation in network technologies tools and processes through a data driven continuous improvement methodology

• Demonstrated experience in improving reliability performance and agility of complex enterprise networks

• Strong understanding of network infrastructure automation instrumentation and monitoring platforms and the emerging technologies in this area

• Strong influencing skills and an ability to overcome barriers while driving change

• Excellent verbal and written communication skills for a wide range of audiences including executives business stakeholders and IT teams

CORE WORK ACTIVITIES:

• Develop complex global distributed infrastructure monitoring management and automation solutions to manage our global network. Lead design write and build tools to improve the reliability availability and scalability of Datacenter/Cloud Networks Property Networks and Corporate Networks

• Serve as technical lead for the development of complex global distributed infrastructure monitoring management and automation solutions to manage our global network.

• Serve as technical lead for the design of new tools to monitor smart alerts that help discover failures or issues before our customers.

• Collaborate with other Network teams to develop network SecOps solutions with a focus on production integration

• Conduct network analysis configuration management and development improvements for system software performance availability and reliability

• Provide program management assistance and contribute input to help manage project schedules risks and costs.

• Manage SecOps NRE products and solutions including the design low level engineering and delivery of new hardware systems for Marriott applications across the network.

• Define and implement an operational Recovery Time Objective (RTO) and Recovery Point Objective (RPO) strategy for all Network Infrastructure areas.

• Establish management level relationships and partner with all Business disciplines and other MI teams to define NRE SecOps services meet service level requirements and serve as an escalation point to resolve service delivery and operational issues.

• Drive accountability with ITO partners vendors telco/ISPs etc. launching and managing Performance Improvement initiatives where appropriate.

• Create functional strategies and specific objectives for the sub-function and development budgets/policies/procedures to support the functional NRE SecOps tools systems and infrastructure.

• Foster an environment of continuous improvement and structured processes and procedures that support a zero-fault culture.