Senior Information Technology Engineer, IT Security (Firewall Administration)

The East Bay Municipal Utility District's (EBMUD) Information Systems Department is currently seeking a Senior Information Technology Engineer with deep experience administering firewalls in mission-critical, highly available enterprise environments. The role focuses on securing both internal and perimeter networks, supporting business continuity and cyber resilience.

Applicants must reside within commuting distance of EBMUD's Oakland, CA Administration building. This is a hybrid position which requires office presence in accordance with EBMUD's telecommuting guidelines (minimum 2-day per week physical office presence required). Telecommuting policies are subject to change. EBMUD will not provide relocation assistance.

We are seeking candidates with advanced IT Security experience and skills. Experience is desired in three or more of the following disciplines:

*At least five years of hands-on experience administering firewalls in enterprise-scale, high-availability production environments, including policy management, troubleshooting, and rule lifecycle maintenance.

*Experience with enterprise-grade firewalls: eg. Palo Alto Networks, Cisco, FortiNet and/or Checkpoint.

*Expertise in troubleshooting network issues. Solid understanding of TCP/IP protocols.

*Experience configuring, supporting and managing routing- BGP, OSPF, EIGRP, static.

*Experience with analyzing firewall logs and packet captures.

*Experience managing virtual firewalls in AWS, Azure and/or GCP.

*Understanding of IAAS concepts.

*Experience implementing and supporting ssl-inspection in a production environment.

*Experience managing VPN's: IPSEC site to site and end user remote access.

*Experience working with firewall policies, implementing changes, testing changes, submitting changes through change control processes.

*Experience with automating firewall rule analysis or change workflows using scripts or APIs is a plus.

And the ability to:

*Create and maintain network diagrams and documentation for new and existing firewall deployments- depicting logical and physical environments.

*Communicate complex topics to non-technical users. Ability and willingness to share knowledge and information with others.

*Create documentation detailing implementation steps, tracking changes.

*Work across teams to investigate and respond to incidents.

*Lead or participate in IT security projects by creating project plans and technical requirements.

*Track and report on incident handling and response metrics.

*Participate in annual tabletop cyber incident response exercises.

*Establish and maintain positive working relationships; teamwork attitude.

*Balance project deliverables among day-to-day operational demands.

*Perform independent research and share knowledge effectively.

*Maintain calm and focus during emergency operations.

*Work in a hybrid work environment.

The most competitive candidates for the Senior IT Security Engineer position will possess strong working knowledge of firewall administration in a highly available production environment; networking experience; threat intelligence; experience in critical infrastructure-including ICS/OT firewall management; and project management principles and practices. In addition, a current security certification such as PCNSE,CCNP, NSE, CCSE or similar is desirable.

Your experience will include demonstrated success working in many or all the following areas:

*Experience managing firewall changes including: NAT, routing, VPN, access policies, troubleshooting, deployment, upgrades.

*Experience reviewing, analyzing and responding to firewall alerts: security and operational.

*Ability to perform and analyze network captures utilizing wireshark.

*Experience working within a ticketing system to track requests, changes, approvals

*Experience participating in Blue/Red team exercises.

*Log and systems analysis, troubleshooting, documentation techniques and procedures.

*Change control concepts and procedures supporting a production environment.

*Knowledge of network based attack methods and defense: DDOS, C2, data exfiltration, brute-force attacks, OWASP, etc.

*Familiarity with or interest in protecting Industrial Control Systems (ICS) and Operational Technology (OT) environments is a plus.

*Project management.

The salary range is $12,383 per month increasing to $13,002, $13,652, $14,335, and $15,052 after 6, 18, 30, and 42 months, respectively.

EBMUD is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, religious creed, sex, gender, gender identity, gender expression, marital or registered domestic partnership status, age for individuals over forty years of age, national origin, ancestry, disability (mental or physical, including AIDS and HIV), medical condition (cancer and genetic characteristics), genetic information, sexual orientation, military and veterans status, family or medical leave status, pregnancy, pregnancy disability leave status, or any other status protected by federal, state and/or local laws.

1. A bachelor's degree; and

2.Two years of experience** in information technology engineering, one year of which was at a level comparable to or higher than the EBMUD class of Information Technology (IT) Engineer II.

3.Willingness to participate in a rotating on-call schedule to support 24/7 network security operations, including incident response and critical issue resolution.

4.Overtime will be required on an as needed basis. Working environment is indoors and may require sitting for prolonged periods of time and repetitive hand motions.

*Additional years of experience (beyond the minimum requirement) may be substituted for the education on a year for year basis, only if the experience is at the level of the job for which the applicant is applying. (i.e., Four additional years of experience, at the level of the Senior IT Engineer classification, will be considered equivalent to a bachelor's degree).

**A graduate level degree in a directly related field may be substituted for one year of experience.

To be considered under the "equivalent combination of education and experience" provision, it is your responsibility to include in your application materials written evidence of employment performed at the level of the typical duties of this position and/or coursework in subject areas directly related to this position. For more information, see our FAQ page at http://www.ebmud.com/jobs/job-resources/job-faqs-frequently-asked-questions/.

1.Please submit a completed EBMUD application and the required supplemental questions responses online at www.ebmud.com by 4:30 p.m., Friday, May 30, 2025. Only application materials submitted online during the filing period will be accepted.

2.Candidates must achieve a passing score on each test part to advance to the next step in the selection process.

3.All qualified applications and supplemental responses will be competitively evaluated. Candidates demonstrating the strongest qualifications for the position based on their supplemental responses may be invited to a panel interview tentatively scheduled for July 2025.

4.Successful candidates will be placed on the hiring list, based on rank, for further consideration to fill the current regular vacancy, as well as others occurring over the next 12 to 24 months.

5.The probation period for this position is 12 months. For those holding civil service status the probation period is 6 months.

6.All employment offers are conditional, pending the results of a Live Scan background screening. All selected finalists must participate in the Live Scan background screening process to remain in consideration for EBMUD employment.

As the first step in the selection process, responses to the supplemental questions must be submitted online with the regular EBMUD application. Please provide concise and clear responses to each question below. Your responses should accurately represent the roles and responsibilities described in your application's work history. Please limit your response to three paragraphs maximum each. Should you respond with comments such as "see application" or "see resume" instead of addressing the questions directly, your application may not be considered.