Network Security Engineer with Health Domain || Rancho Cordova, California - Local Only
Sandy Mishra
Role: Network Security Engineer
Rate: $65/hr on C2C
Location: Rancho Cordova, California
Local candidate only
Visa: USC/ GC
Notes:
Hybrid schedule, mostly
remote, but on-site as needed. schedule will be coordinated with hiring
manager. expect at least 2 days per week on-site.
Experience managing site-to-site IPsec VPN environments, including IKEv1 to
IKEv2 migrations
Hands-on experience with Cisco Firepower firewall administration and access
control rule management
Strong knowledge of cryptographic standards, secure key management, and VPN
configuration validation
Experience implementing least-privilege network security controls and
supporting production change/maintenance windows
Job Description:Our client is seeking a contract resource to
support modernization of site-to-site IPsec VPN tunnels and firewall access
control policy hardening within the client's environment. This role
will focus on upgrading existing VPN tunnels from IKEv1 to IKEv2 and ensuring cryptographic configurations meet organizational standards. The contractor will also review and refine firewall rules on Cisco Firepower
systems to reduce overly permissive access and align configurations with approved requirements. This work supports improved security and controlled network connectivity across the client and its external
partners.
Responsibilities
• Review approximately 80 existing site-to-site IPsec VPN tunnels
• Upgrade approximately 50 VPN tunnels from IKEv1 to IKEv2
• Ensure VPN configurations align with organizational cryptographic standards
• Update pre-shared keys (PSKs) to meet a minimum 20-character requirement
• Validate VPN tunnel functionality after each change
• Review approximately 10 firewall access control rules on Cisco Firepower
• Modify firewall rules to remove overly permissive or broad subnet access
• Restrict firewall rules to required source/destination networks, ports, and protocols
• Apply principle of least privilege in firewall rule updates
• Perform validation testing after firewall changes to confirm no service disruption
• Coordinate implementation activities with UC Davis campus teams and external partners
• Support execution of approved maintenance window changes
• Provide technical assistance during implementation activities
• Document VPN and firewall changes and validation results
• Coordinate cryptographic parameter and shared secret updates with external partners
• Support scheduling and execution of maintenance window activities
Required Technical Experience
• Experience managing site-to-site IPsec VPNs
• Hands-on experience upgrading VPNs from IKEv1 to IKEv2
• Experience configuring and validating VPN tunnel connectivity
• Knowledge of cryptographic standards and secure key management practices
• Experience managing firewall access control rules
• Experience with Cisco Firepower firewall platforms
• Ability to implement least privilege network access controls
• Experience performing post-change validation and troubleshooting network issues
• Experience coordinating technical changes with internal teams and external partners
• Experience working within structured maintenance window processes
Preferred Qualifications
• Experience in healthcare or higher education IT environments
• Familiarity with large-scale enterprise network environments
• Experience supporting change management processes in production environments
Desired Certifications
• Cisco CCNA Security or CCNP Security (or equivalent experience)
• CompTIA Security+ or equivalent security certification
Regards,
Sandy M | 1Point System LLC
Lead Technical Recruiter
• Email: sa...@1pointsys.com
• Fax: 803-832-7973 • www.1pointsys.com
115 Stone Village Drive • Suite
C • Fort
Mill, SC • 29708
LinkedIn : https://www.linkedin.com/in/sandy-m-74b06b212/
An E-Verified company | An Equal Opportunity Employer