Network Security Engineer

Our client is seeking a contract resource to

support modernization of site-to-site IPsec VPN tunnels and firewall access

control policy hardening within the clients environment. This role

will focus on upgrading existing VPN tunnels from IKEv1 to IKEv2 and ensuring cryptographic configurations meet organizational standards. The contractor will also review and refine firewall rules on Cisco Firepower

systems to reduce overly permissive access and align configurations with approved requirements. This work supports improved security and controlled network connectivity across the client and its external

partners.

Responsibilities

Review approximately 80 existing site-to-site IPsec VPN tunnels

Upgrade approximately 50 VPN tunnels from IKEv1 to IKEv2

Ensure VPN configurations align with organizational cryptographic standards

Update pre-shared keys (PSKs) to meet a minimum 20-character requirement

Validate VPN tunnel functionality after each change

Review approximately 10 firewall access control rules on Cisco Firepower

Modify firewall rules to remove overly permissive or broad subnet access

Restrict firewall rules to required source/destination networks ports and protocols

Apply principle of least privilege in firewall rule updates

Perform validation testing after firewall changes to confirm no service disruption

Coordinate implementation activities with UC Davis campus teams and external partners

Support execution of approved maintenance window changes

Provide technical assistance during implementation activities

Document VPN and firewall changes and validation results

Coordinate cryptographic parameter and shared secret updates with external partners

Support scheduling and execution of maintenance window activities

Required Technical Experience

Experience managing site-to-site IPsec VPNs

Hands-on experience upgrading VPNs from IKEv1 to IKEv2

Experience configuring and validating VPN tunnel connectivity

Knowledge of cryptographic standards and secure key management practices

Experience managing firewall access control rules

Experience with Cisco Firepower firewall platforms

Ability to implement least privilege network access controls

Experience performing post-change validation and troubleshooting network issues

Experience coordinating technical changes with internal teams and external partners

Experience working within structured maintenance window processes

Preferred Qualifications

Experience in healthcare or higher education IT environments

Familiarity with large-scale enterprise network environments

Experience supporting change management processes in production environments

Desired Certifications

Cisco CCNA Security or CCNP Security (or equivalent experience)

CompTIA Security or equivalent security certification

ITIL Foundation (preferred)

Required Skills :

Basic Qualification :

Additional Skills :

Background Check : No

Drug Screen : No