PVH Corp:
Global Network Security Solution Engineer - PVH Corp. Job in Bridgewater, VT
Premium
See who posted the job
Premium
Competitive Insights
Premium
Check your commute time
Closed
Bridgewater, VT
Full-time | Computer - Programming
About the job
All associates based in the EU should apply to the job by clicking here. Please note that you will have to create a new account on the application page.
POSITION SUMMARY:
Responsible for Global Network Security technology solution engineering including the network perimeter; may include internal network security aspects such as network access controls, logical security controls and physical security controls. Will leverage existing networking & security skillset to collaborate with global and regional business units to ensure new solutions are implemented within Global Network Security standards and strategy set forth by the Global Network Security team. The position requires continual review and contributions to the network security standard and strategy in order to keep pace with respective industries, as well as, to keep pace with changing business technology requirements.
Solution design documentation will be required to ensure thoughtful and easily communicated solutions at different levels of the organization and different teams. Must have strong documentation and presentation skills to develop reference architectures, operational processes and solution documentation and the ability to present the proposed solutions.
PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:
Act as liaison between the business and the Global Network Security team as a solution engineer; the role is to enable business strategies while balancing the security risk. Participate and guide the solution request, participate in deployment planning and build operational run books for network focused support of the solution.
Manage incoming projects by establishing viable, strategic, and security-centric solutions using repeatable frameworks where network infrastructure technologies are foundational to the business request.
Produce solution engineering documentation which details the proposed solution which will meet or exceed the business project technical requirements while also meeting or exceeding networking and security standards. Documentation includes typical network diagrams (physical and logical), data flow charts, process diagrams, financial and budgetary and operational support. Must be proficient with Visio.
Ability to clearly articulate network security perspectives to the business partners, helping them understand the potential impact and possible controls in business terms.
Action and solution oriented with an emphasis on engineering security-centric networking solutions that enable PVH to meet business goals as well as regulatory requirements such as PCI.
Validate and prove complex security designs to produce detailed engineering specifications for existing and proposed technologies; in certain cases, provide detailed designs to effectively mitigate legacy technology vulnerabilities.
Assess, design, implement, and integrate enterprise security solutions including, but not limited to, next-generation firewalls, web application firewalls (WAF), intrusion prevention/detection systems (IDS/IPS), content filtering, secure log management, security information, network access control (NAC), load balancing LTM / GTM/APM (F5), remote access VPN, DNS, event management (SIEM) systems, anti-malware solutions, endpoint security solutions and certificate management.
Identify technology risks and independently evaluate the efficiency and effectiveness of complex information technology and security controls across IT infrastructure, cloud services, networks, and security systems to help manage risks that could impact the company.
Maintain knowledge of complex industry trends, current security issues, and security technologies.
Collaborate with the PVH I&O and Security teams to develop engineering design strategies for PVH in the form of standards, frameworks, service catalogs and guidelines, with the emphasis on Infrastructure security.
Advise and contribute to strategies and initiatives to strengthen PVHs Security.
Act as Subject Matter Expert (SME) and provide third-level support and analysis during investigations. Hands on experience with Checkpoint Firewalls, Cisco ASA and FTD Firewalls, F5 LTM / GTM / APM, and DNS.
Experience with network access control solutions a plus
Research and coordinate migrations of existing security boundaries to new platforms and infrastructure. Devise network management policies and procedures to ensure the maximum availability of the corporate network. Evaluate new hardware and software technology and assesses applicability to the communications requirements of the corporation.
Investigate security incidents for the BU, work with ISG and recommend appropriate corrective actions. Primary point of contact for Network security audits, participate in scoping, deliverable requests, collaborate with IT senior leadership to clear audit reports and help ensure effectiveness/completeness of action plans.
Ensure IT owners are held accountable for the state of their controls and understand their responsibilities as to risk mitigation and remediation as well as compliance to
Security policy & standards, reducing the likelihood of audit, regulatory & legal liabilities.
Educate management of the risk implications associated with a particular infrastructure design decisions, and communicate the likelihood and impact of those decisions so management can fully quantify those risks and determine tolerance levels.
________________________________________________________________________
QUALIFICATIONS & EXPERIENCE:
Experience:
Minimum 10 years in Information Technology with at least 5 dealing directly with network security, information security or infrastructure security.
At least 3 years of experience with commercial and open source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, cryptography, firewalls, routing, load balancing, vulnerability scanning and penetration testing), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.)
Broad-based knowledge of information security processes and technologies such as: business process design, risk assessment, minimum baseline security controls (*nix,
Windows, network protocols, common services), data classification and management, security monitoring and log analysis, incident management, network protocols, application and database architectures, SDLC, system planning and integration, and security metrics.
Working knowledge of technologies such as operating systems, directory services, and network protocols.
TECHNICAL AND PRODUCT EXPERIENCE:
Strong experience with Checkpoint, Cisco ASA series, Cisco FTD series, Cisco Switches and Routers Configurations, F5 Load Balancing.
Experience with Juniper SSL appliances and Forescout.
Have a complete understanding on systems infrastructure including firewalls, switches/routers, load balancers, DMZ networks, proxies, IPS, and DNS infrastructure.
Able to provide L3/L4 support including configuration changes, infrastructure enhancements and upgrades.
Capable of providing advanced support for enterprise firewall management; engages with infrastructure vendors as appropriate for complete problem resolution.
Capable of providing advanced support for enterprise load balancing management; engages with infrastructure vendors as appropriate for complete problem resolution.
The ability to understand and report on the overall infrastructure security risk posture of the environment, providing a holistic view of vulnerabilities and associated risks to the business and Infrastructure.
Able to f
POSITION SUMMARY:
Responsible for Global Network Security technology solution engineering including the network perimeter; may include internal network security aspects such as network access controls, logical security controls and physical security controls. Will leverage existing networking & security skillset to collaborate with global and regional business units to ensure new solutions are implemented within Global Network Security standards and strategy set forth by the Global Network Security team. The position requires continual review and contributions to the network security standard and strategy in order to keep pace with respective industries, as well as, to keep pace with changing business technology requirements.
Solution design documentation will be required to ensure thoughtful and easily communicated solutions at different levels of the organization and different teams. Must have strong documentation and presentation skills to develop reference architectures, operational processes and solution documentation and the ability to present the proposed solutions.
PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:
Act as liaison between the business and the Global Network Security team as a solution engineer; the role is to enable business strategies while balancing the security risk. Participate and guide the solution request, participate in deployment planning and build operational run books for network focused support of the solution.
Manage incoming projects by establishing viable, strategic, and security-centric solutions using repeatable frameworks where network infrastructure technologies are foundational to the business request.
Produce solution engineering documentation which details the proposed solution which will meet or exceed the business project technical requirements while also meeting or exceeding networking and security standards. Documentation includes typical network diagrams (physical and logical), data flow charts, process diagrams, financial and budgetary and operational support. Must be proficient with Visio.
Ability to clearly articulate network security perspectives to the business partners, helping them understand the potential impact and possible controls in business terms.
Action and solution oriented with an emphasis on engineering security-centric networking solutions that enable PVH to meet business goals as well as regulatory requirements such as PCI.
Validate and prove complex security designs to produce detailed engineering specifications for existing and proposed technologies; in certain cases, provide detailed designs to effectively mitigate legacy technology vulnerabilities.
Assess, design, implement, and integrate enterprise security solutions including, but not limited to, next-generation firewalls, web application firewalls (WAF), intrusion prevention/detection systems (IDS/IPS), content filtering, secure log management, security information, network access control (NAC), load balancing LTM / GTM/APM (F5), remote access VPN, DNS, event management (SIEM) systems, anti-malware solutions, endpoint security solutions and certificate management.
Identify technology risks and independently evaluate the efficiency and effectiveness of complex information technology and security controls across IT infrastructure, cloud services, networks, and security systems to help manage risks that could impact the company.
Maintain knowledge of complex industry trends, current security issues, and security technologies.
Collaborate with the PVH I&O and Security teams to develop engineering design strategies for PVH in the form of standards, frameworks, service catalogs and guidelines, with the emphasis on Infrastructure security.
Advise and contribute to strategies and initiatives to strengthen PVHs Security.
Act as Subject Matter Expert (SME) and provide third-level support and analysis during investigations. Hands on experience with Checkpoint Firewalls, Cisco ASA and FTD Firewalls, F5 LTM / GTM / APM, and DNS.
Experience with network access control solutions a plus
Research and coordinate migrations of existing security boundaries to new platforms and infrastructure. Devise network management policies and procedures to ensure the maximum availability of the corporate network. Evaluate new hardware and software technology and assesses applicability to the communications requirements of the corporation.
Investigate security incidents for the BU, work with ISG and recommend appropriate corrective actions. Primary point of contact for Network security audits, participate in scoping, deliverable requests, collaborate with IT senior leadership to clear audit reports and help ensure effectiveness/completeness of action plans.
Ensure IT owners are held accountable for the state of their controls and understand their responsibilities as to risk mitigation and remediation as well as compliance to
Security policy & standards, reducing the likelihood of audit, regulatory & legal liabilities.
Educate management of the risk implications associated with a particular infrastructure design decisions, and communicate the likelihood and impact of those decisions so management can fully quantify those risks and determine tolerance levels.
________________________________________________________________________
QUALIFICATIONS & EXPERIENCE:
Experience:
Minimum 10 years in Information Technology with at least 5 dealing directly with network security, information security or infrastructure security.
At least 3 years of experience with commercial and open source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, cryptography, firewalls, routing, load balancing, vulnerability scanning and penetration testing), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.)
Broad-based knowledge of information security processes and technologies such as: business process design, risk assessment, minimum baseline security controls (*nix,
Windows, network protocols, common services), data classification and management, security monitoring and log analysis, incident management, network protocols, application and database architectures, SDLC, system planning and integration, and security metrics.
Working knowledge of technologies such as operating systems, directory services, and network protocols.
TECHNICAL AND PRODUCT EXPERIENCE:
Strong experience with Checkpoint, Cisco ASA series, Cisco FTD series, Cisco Switches and Routers Configurations, F5 Load Balancing.
Experience with Juniper SSL appliances and Forescout.
Have a complete understanding on systems infrastructure including firewalls, switches/routers, load balancers, DMZ networks, proxies, IPS, and DNS infrastructure.
Able to provide L3/L4 support including configuration changes, infrastructure enhancements and upgrades.
Capable of providing advanced support for enterprise firewall management; engages with infrastructure vendors as appropriate for complete problem resolution.
Capable of providing advanced support for enterprise load balancing management; engages with infrastructure vendors as appropriate for complete problem resolution.
The ability to understand and report on the overall infrastructure security risk posture of the environment, providing a holistic view of vulnerabilities and associated risks to the business and Infrastructure.
Able to f