Morton Salt is an iconic company with a strong heritage and a bright future. Since 1848, we have been improving lives and enhancing everyday moments – at home, at work and virtually everywhere in between.  We help unlock the flavors in food, make roads and sidewalks safer, improve the water in baths, pools, and homes, and keep businesses and industries running. We are a dedicated team who constantly strives to do better together, and we are passionate about building a sustainable future for our company, the communities in which we operate, and the world around us. By joining our team, you will contribute to producing and delivering every form of salt that enhances everyday life.

Job Summary

Morton Salt is looking for an Enterprise IT Infrastructure Engineer & Firewall Architect to join the Corporate Information Security team. This is a highly technical role, and as a senior position, requires extensive knowledge of many domains in the information security and IT management realm, as well as deep and wide knowledge of the Fortinet fabric, applications, and products. This knowledge extends to all network switch LAN/WAN technology including Wireless Access Systems.

Duties and Responsibilities

Assess and document current network LAN/WAN/WiLAN infrastructure and architect a future run state that meets organizational goals for approval, to be followed up with full execution. Maintain and improve infosec systems to provide maximum uptime, scalability, continuity, functionality, and integration with the Fortinet Security Fabric and third party/fabric-partner tools. Identify gaps in infosec infrastructure security and privacy capabilities, working with internal teams and developers to remedy and improve our systems and products. Understand and improve the completeness and visibility of global log/event data while delivering useful dashboards, alerts and automation integration to the Incident Response (IR), Computer Security Incident Response Team (CSIRT) and Security Operations Center (SOC) teams. Perform Blue/Red exercises against our infrastructure to validate event parsing, alerting fidelity, incident veracity and SOC response. Serve as an internal subject matter expert to assess cyber threats and to secure the organization by leading in IR, TH, re-architecture, and remediation efforts. Work with SOC team to identify visibility gaps, system usability issues, and to deliver infosec tooling improvements via configuration, parser improvement, or by raising bugs to development teams. Develop, implement, and communicate vulnerability mitigation strategies to IT and development teams. Identify, document, and monitor tactics, techniques, and procedures used by threat actors targeting Fortinet and the broader industry. Proactively research new attack vectors that may affect Fortinet infrastructure and applications. Develop strategies, evaluate solutions, design, and implement tools, processes, and controls to validate and ensure that security and privacy are designed into Fortinet infrastructure and applications while adhering to policy, compliance, and governance requirements. Be part of a global distributed team to share knowledge, workload, and assignments. Strong sense of teamwork is required. Cross train with peers in security concepts and best practices.  A hunger for knowledge sharing and growth are essential in this team. Other duties as assigned.

Knowledge, Skills, and Abilities

10+ years of work experience as an Information Security Researcher or Engineer working with multiple Fortinet products such as the core products plus FortiSIEM, FortiClient, FortiEDR – NSE7+ or equivalent knowledge. Security expert 5 - 7 years experience in LAN/WAN/Internet services administration. 5+ years of experience with penetration testing, vulnerability testing, blue/red teaming. Practical understanding of tactical application of various compliance frameworks including monitoring and validating compliance. Ability to design network and security solutions, effectively utilize Visio, ability to create BOMs (Bill of Materials). Strong understanding of computer and network security, protocols, packet analysis, authentication & authorization, security protocols and attack methods. Experience with penetration testing and exploitation tools and methods. Experience with vulnerability scanners like Qualys, Tenable/Nessus, Nexpose, Whitehat Sentinel, Acunetix or similar. Experience with forensic data capture, evidence preservation and data extraction and analysis. Functional programming/scripting experience with the ability to develop custom scripts to automate or simplify tasks and data gathering/munging. Proficiency with administrative operation, configuration, and debugging/troubleshooting of Linux, Windows, MacOS, Active Directory, Exchange etc. and SSO/MFA technologies. Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teams. A BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience. CISSP, NSE7+ or similar certification or proven knowledge and experience. Knowledge of the following technologies: Routing, Switching, VPN, LAN, WAN, Network Security, Stateful Firewalling, NGFW, Firewall policies, Identity based policies, NAT, IPS, AntiMalware, Botnet, Application Control, DDoS, Web Filtering. Strong understanding in the following technologies and protocols: TCP/IP, IPv4, IPv6, supernetting and subnetting, DNS, HTTP, SMTP, RADIUS, LDAP, Active Directory, PKI, IKE, Certificates, L2TP, SSL Decryption, SSL VPN, IPSEC, NAT, Stateful Firewall, Firewall Policies, 802.1Q, VLANs, LACP, MD5, SSH, SSL, SHA1, SHA512, 3DES, AES. Experience with encryption and authentication technologies required. Strong technical troubleshooting skills desired. Strong presentation skills. Strong communication and writing skills.  Previous experience on responding to RFP's is beneficial. White board skills are beneficial. Technical knowledge in Wifi, Load Balancing and Application Delivery, Ethernet Switching, ACI, API, Two Factor Auth, Malware Sandboxes, Mail Gateways, Web Application Firewalling, Cloud (AWS, Azure, etc), SDN, NFV, Virtualization, Centralized Management, SIEM, and Data Center redundancy are considered assets. Previously experience to work with telco and large enterprise space. Hands-on experience in networking and Strong understanding of common network protocols (TCP/IP, GRE, IPsec, BGP, OSPF, MPLS, VRRP, STP, IPsec, SNMP protocols). Hands-on experience with Carrier / ISP Routing in building and managing large-scale BGP environments with publicly routable Autonomous Systems, Route Arbitration, Peering, IRRs, etc. Hands-on experience in security including, access and application control, in security products and technologies (e.g. Firewalls, IDS/IPS, DDos, VPN, Web application Firewall) site and content categorization and SSL encrypt/decrypt functions. Strong technical and problem-solving skills, including experience in at least one scripting language (Bash, Python, etc.) to develop automated methods to mitigate and remediate network events. Experience in network, servers, and systems monitoring (Zabbix, Nagios, etc.) to analyze and diagnose data and identify root causes to network issues. Knowledge in server virtualization (VMware, KVM, etc.). Knowledge in change management process.

Beneficial but not required:

Bachelor’s degree in Computer Science, Software Engineering or related field, or an equivalent combination of training and experience is desirable with minimum of CCNP level of education.

Compensation

The salary range of $123,800 - $206,300 is just one component of Morton's total package. Actual compensation varies depending on the individual’s knowledge, skills, experience.

Morton Salt offers a competitive benefits package, including medical, dental, and vision insurance coverage, paid time off and paid sick time, 401(k) and 401(k) matching, short-term and long-term disability coverage, an employee assistance program, and the opportunity for an annual performance-based bonus!

At Morton Salt, we work best when we work as a team, when we treat one another with dignity and respect, and value the unique contributions of others. We are committed to equal employment opportunity and prohibit discrimination and harassment based on race, national origin, sex, religion, color, disability, marital status, protected veteran status, sexual orientation, gender identity, gender expression, genetic information, citizenship, or any other characteristic protected by law.