Network Security Engineer

Day to Day:

Insight Global is seeking a contract resource to support modernization of site-to-site IPsec VPN tunnels and firewall access control policy hardening within the UC Davis Health environment. This role will focus on upgrading existing VPN tunnels from IKEv1 to IKEv2 and ensuring cryptographic configurations meet organizational standards. The contractor will also review and refine firewall rules on Cisco Firepower systems to reduce overly permissive access and align configurations with approved requirements. This work supports improved security and controlled network connectivity across UC Davis Health and its external partners.

Job Responsibilities:
• Review approximately 80 existing site-to-site IPsec VPN tunnels
• Upgrade approximately 50 VPN tunnels from IKEv1 to IKEv2
• Ensure VPN configurations align with organizational cryptographic standards
• Update pre-shared keys (PSKs) to meet a minimum 20-character requirement
• Validate VPN tunnel functionality after each change
• Review approximately 10 firewall access control rules on Cisco Firepower
• Modify firewall rules to remove overly permissive or broad subnet access
• Restrict firewall rules to required source/destination networks, ports, and protocols
• Apply principle of least privilege in firewall rule updates
• Perform validation testing after firewall changes to confirm no service disruption
• Coordinate implementation activities with UC Davis campus teams and external partners
• Support execution of approved maintenance window changes
• Provide technical assistance during implementation activities
• Document VPN and firewall changes and validation results
• Coordinate cryptographic parameter and shared secret updates with external partners
• Support scheduling and execution of maintenance window activities

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 3–5 years of relevant experience in network security or network engineering.
• Proven experience managing site to site IPsec VPNs.
• Hands on experience upgrading VPN configurations from IKEv1 to IKEv2.
• Demonstrated ability to configure, validate, and maintain VPN tunnel connectivity.
• Solid understanding of cryptographic standards and secure key management practices.
• Experience managing and maintaining firewall access control rules.
• Hands on experience with Cisco Firepower firewall platforms.
• Ability to design and implement least privilege network access controls.
• Experience performing post change validation and troubleshooting network issues.
• Proven ability to coordinate technical changes with internal teams and external partners.
• Experience operating within structured maintenance window and change management processes.
• Cisco CCNA Security or CCNP Security, or equivalent hands on experience.
• CompTIA Security+ or equivalent security certification.

• Experience in healthcare or higher education IT environments
• Familiarity with large-scale enterprise network environments
• Experience supporting change management processes in production environments
• ITIL Foundation certification is preferred

$50/hr to $60/hr.
Exact compensation may vary based on several factors, including skills, experience, and education.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.