Job Description

Information Security Engineer - Forescout NAC SME

We are seeking an experienced Information Security Engineer with a strong emphasis on Forescout Network Access Control (NAC) to join our team. As a subject matter expert in Forescout NAC, you will play a critical role in delivering product presentations, conducting proof of concepts, and providing implementation support specifically for Forescout NAC solutions. Your deep expertise in Forescout NAC will be instrumental in fortifying our organization's network security and access control capabilities.

Key Responsibilities:
• Forescout NAC Subject Matter Expertise: You will possess comprehensive knowledge of Forescout NAC and its advanced features and functionalities. Your expertise will extend to other areas such as data classification and prevention, data rights management, and data leakage prevention within the Forescout NAC framework.
• Schema Design and Data Protection Policy: You will be responsible for designing effective schema structures and data protection policies within Forescout NAC. Your expertise will ensure the appropriate configuration and optimization of Forescout NAC to enforce network access controls and protect sensitive data.
• Network Access Control Implementation: You will oversee the end-to-end implementation of Forescout NAC solutions, including post-sales support, troubleshooting, and optimization. Your hands-on experience with Forescout NAC will be essential in effectively securing and managing network access within our organization.
• Compliance and Document Requirements: Collaborating with clients, you will assist in achieving desired compliance standards, such as GDPR and HIPAA, through the implementation of Forescout NAC for data classification and prevention. You will work closely with clients to identify specific document requirements and align the Forescout NAC solution accordingly.
• Network Security and Troubleshooting: Your strong understanding of networking concepts and tools such as Wireshark will enable you to proactively identify and resolve network security issues. You will leverage Forescout NAC's capabilities to enhance network visibility, monitoring, and incident response.
• Presentation and Training: Conducting product training sessions for strategic accounts following Forescout NAC implementation, you will effectively communicate technical information to educate clients and stakeholders on the capabilities and advantages of Forescout NAC.
• Audit and Compliance: You will assist in performing audits and ensure compliance with industry standards such as PCI, ISO 27001, ISO 27002, SAMA, and NESA.
Qualifications:
• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Extensive experience in implementing and managing Forescout NAC solutions, with a strong emphasis on network security and access control.
• In-depth knowledge of Forescout NAC features and capabilities, along with a solid understanding of related technologies such as data classification, data leakage prevention, and data rights management.
• Familiarity with securing Office 365 environments and a working knowledge of CIS Security benchmarks.
• Proven experience in designing and implementing cybersecurity solutions, including firewalls, endpoint security, DLP, encryption, and web application security.
• Excellent understanding of network protocols, encryption protocols, AAA Radius, L2TP, IPSEC, firewalls, and 802.1Q.
• Strong communication skills and the ability to present complex technical concepts to C-level executives and senior management.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Forescout Certified Administrator, or other related certifications would be advantageous.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• K0058   Knowledge of network traffic analysis methods.
• K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• K0104   Knowledge of Virtual Private Network (VPN) security.
• K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• K0334   Knowledge of network traffic analysis (tools, methodologies, processes).

Required Skills

• S0007   Skill in applying host/network access controls (e.g., access control list).
• S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
• S0077   Skill in securing network communications.
• S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Required Abilities

• A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).