Network Security Specialist - Firewall

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 155,000 people worldwide, including 4,000 in Marseilles where its head office is located.

** ALL CANDIDATES MUST BE LEGALLY AUTHORISED TO WORK IN CANADA**

POSITION SUMMARY

As a Network Security Specialist, you are responsible for all solutions that are owned by Network Security, performing operational tasks and following best industry practice.

KEY RESPONSIBILITIES

1. Configuration and maintenance of firewall platforms (Cisco ASA, Palo Alto, Checkpoint, Fortinet). The tasks include but are not limited to:
1. Creation/Modification of firewall objects and policies.
2. Establishing secured external connectivity with VPN technologies.
3. Configuration and operation of firewall auxiliaries such as Panorama, User-ID agents, etc.

1. Configuration and maintenance of load balancers (Citrix ADC formerly known as Netscaler). The tasks include but are not limited to:
1. Creation/Modification and health checks of load balanced services, monitors, virtual servers, content switching, and ADC gateways.
2. Defining rewrites and responders.
3. SSL certificate installations and maintenance.

1. Configuration and maintenance of proxy solutions (local open source - Squid, SOCKS, FTP proxy; cloud - Zscaler). The tasks include but are not limited to:
1. Creation/Modification of security policies (firewall and web-content filtering).
2. Whitelisting/blacklisting URL and IP addresses.
3. Maintenance of user internet access policies and troubleshooting proxy-related internet connectivity issues.
4. Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) operations and producing web usage reports.

1. DNS management (zones, records, GeoDNS, etc.)
2. PKI / SSL certificates administration.
3. Distributed Denial of Service Protection (DDoS) management.
4. Keeping up to date with information regarding firmware security vulnerabilities and bugs and ensuring firmware of security devices are secured and updated.
5. Working side by side with Cybersecurity to help with incidents.
6. Involvement in projects outside of daily operations to help with developments on technological solutions.
7. Log investigation, debugging, and packet captures.
8. Producing capacity planning reports.
9. Daily health checks for devices and services.
10. Making sure device inventory is updated and within standards.
11. Creating documents such as SOP or basic network diagram and ability to suggest improvements in the policies and processes.
12. License renewals and hardware refresh or replacements of devices.
13. Other responsibilities as required.

QUALIFICATIONS

Education:

Bachelor's degree in IT, Computer Science, Computer Engineering, or related field.

Knowledge & Experience:

1. At least 3-5 years of related experience.
2. Strong knowledge and experience on the FF technologies:
1. Firewalls (Cisco ASA, Palo Alto, Checkpoint).
2. VPN Technologies (IPSEC S2S/Client SSL).
3. Load balancers (F5 or Citrix ADC).
4. Proxies (open source such as Squid, SOCKS, and FTP proxies; Cloud based proxy solutions – Zscaler ZIA).
5. Zero Trust Network Access (ZTNA – Zscaler ZPA).

1. Strong foundation on Networking (routing and switching).
2. Basic knowledge and experience on DNS administration and PKI.
3. Basic knowledge of Distributed Denial of Service (DDoS) Protection.
4. Preferred but not required:
1. Security management tools such as Firemon, AlgoSec, Tuffin, or Red Seal.
2. Linux administration.
3. Scripting tools such as shell or Python.
4. Relevant certifications (CCNP Sec, PCNSE, etc.).
5. Knowledge in NAC appliances (Cisco ISE).

Other:

1. Strong work ethic, professional integrity and the ability to apply the appropriate level of judgement and maturity.
2. Excellent interpersonal skills, and a strong ability to communicate, team player, and result oriented.
3. Willing to work on shifting schedule.
4. Fluent in English & French.

Come along on CMA CGM’s adventure!