received a call about a job

dhay13dhay13 Member Posts: 580 ■■■■□□□□□□
Hello all. I just received a call for a position at a large nationally known company as a Sr. Network Security Engineer. The duties are firstly, firewall management, additionally, IDS/IPS support, and likely anything else related to security. I used to manage the firewall at my last job (IPCop) but haven't touched Intrusion Detection (Snort) since my Sr. year of college (2010).

I worked as IT support for 2 years while finishing college, then 4 years as a Systems Admin at my last job, and currently 1 year as a Systems Engineer doing vulnerability remediations for about 7000 servers.

My main concern is my lack of experience against the others they will be interviewing. I'm sure most of them will have a few more years of relevant experience than I do and I'm sure I will need to address that at the interview (if I get one).

The pros of this position: 1) it is a very large company that I could potentially retire from (I'm 47 now) 2) it is in the security sector 3) the pay is pretty attractive 4) it is one of the few larger companies within a reasonable driving distance (about 25 minute drive).

I obviously do not know what FW or IPS/IDS systems they are running but I would like to crash course myself this week on this stuff. Any advice on what to focus on? Anything specific I might want to install on my lab that might help?

BTW-I just passed Security+ last week. I know I could have passed it years ago but at the time it wasn't important to me and I recently decided to focus on the security sector.

I know this is vague but I want to be as prepared as I can be. Thanks!

Comments

  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    First things first: If you have a major gap in working in the security field, be prepared to go nose to the grindstone in and out of work hours to catch up. It can be done, but you will have to work and study your butt off until you're back in the groove. Be prepared. Hopefully your new boss won't throw a bunch of complex projects at you the first week you're there or you might be overwhelmed. Not trying to intimidate you, just know what you're signing up for. That said, my advice to give yourself a shot at it:

    Step 1: do an OSINT reconnaissance for what they have

    - Look at the job posting, it might spell out the specific security platforms/products you'd be managing there.
    - Search LinkedIn for current and former employees, their profiles might tell you what technologies they managed/deployed/supported or have expertise of
    - if it's a big company the product vendors might advertise them as customers
    - if you don't have any clue, search Google for the 2015 Gartner Magic Quadrant of each technology category you'd be dealing with ("Next Gen Firewall", "Network Intrusion Prevention", etc) and be familiar with their strengths/weaknesses;
    - download a trial/free version of the stuff they have and install in your lab, and get acquainted with it
    *** One thing to note here - as a Sr Security Engineer (I know first-hand BTW) your role isn't just to react to events, alarms, etc., but to recommend WHAT and HOW to prevent, detect, and remediate incidents. You recommend, install, config, test, measure effectiveness of security provisions. So it's just as important if not more important to know WHY you need IPS and how it needs to be set up than how to operate the GUI for your Sourcefire or Fortinet or FireEye or whatever you've got for day-to-day monitoring, which is what Sec Analysts typically do. ***

    Step 2: recon the business

    - based on their industry/sector, what is likely to be their main security threats and most valuable/sensitive assets?
    - what are they likely required to comply with? (NIST, PCI-DSS, SOX, etc)
    - Windows/Linux/Mac? Cisco/Juniper? Based on this and on their industry, sector, size, etc, what are likely the major threats/APTs, risks, etc? This all informs you as to WHY they need the security protections, tech, expertise, including YOU.

    Step 3: prep for likely questions/scenarios

    - how would you harden the security posture to protect resource X from threat Y and Z?
    - what would you recommend in order to mitigate the risk of X?
    - how would you detect/prevent an intrusion on X?
    - how do you convince external stakeholders to adopt X and Y security measures if they resist?
    - if your recommendation of security measure/change X is denied by upper management due to other interests (stability, usability, cost, culture), what would be your next course of action?

    Hope this helps. Good luck. It can be done if you want it bad enough.
  • dhay13dhay13 Member Posts: 580 ■■■■□□□□□□
    Thanks for that. Sounds like a plan. I will try to get an idea of what they may be using and go from there.
Sign In or Register to comment.