We are seeking a dynamic, motivated individual to serve as a Senior-Level F5 Integrator in support of the 26 NOS, US Air Force at Maxwell AFB, Gunter Annex. The F5 Integrator will complete basic configurations on the F5, including but not limited to: OS upgrades, trunking, and general troubleshooting of F5 devices using load balancing strategies/techniques, expertise in application switching/traffic management, knowledge of persistence and SSL certificates. If you are seeking a challenging place to work, please review the list of responsibilities and qualifications. If you don’t meet all of the qualifications, a candidate may still be considered depending on your level of experience.
Duties & Responsibilities:
- F5 BIG-IP Administrator must operate and maintain F5 appliances, configurations and identify BIG-IP Traffic Processing Objects
- Must perform proper understanding of traffic management shell hierarchical structures and their navigation; understanding of how to use TCPDUMP on BIG-IP Systems.
- Admins are responsible for shutting down and restarting BIG-IP systems; restoring from backups
- Assist in managing IP load balanced traffic and viewing statistics and logs
- Configure virtual servers, pools and monitor BIG-IP configuration states and files.
- Save and replicate configuration data and oversee transitions onto a BIG-IP system
- Administrators must map IP addresses with NATs and resolve routing issues with SNATs
- Ability to create virtual server SNAT auto maps, manage pools and members as well as node statuses
- Use network maps and understand profile types and dependencies
- Administrators must introduce source address affinity persistence and cookie persistence, and manage object states and handle SSL offloads and re-encryption
- Provide high availability services within the local LAN/MAN/WAN; intelligent DNS routing; deliver load balancing administration and support for managing secure two-factor authentication (2FA) user authentication sessions with Public Key Infrastructure (PKI) CAC or PIV Smart Card via BIG-IP management interface between enterprise directory service locations/data centers
- Troubleshoot network problems, network device configurations, and coordinate with various department administrators to facilitate connectivity issue resolution
- Participate in development and support of customer technical requirements and technical solutions
- Industry and F5 networks-targeted technologies i.e. Application Delivery Control, Application Access Control, Web Application Firewall Security, etc.
- Support, troubleshoot and configure SSL intercept/inspection, web certificates, certificate management, PKI Certificate Authority (CA) bundles, private/public keys
- Assist in meeting compliance baseline configuration, inventory, and best practice requirements while operating to security standards to aide in reducing gaps in cyber security risk exposure
- Audit, record configurations, conduct assessments and submit suggestions to end-user applications
- Candidate will coordinate system activities such as deploying, configuring, monitoring, tuning, upgrading, and troubleshooting F5 BIG-IP components spanning local, remote and complex enclaves
- Document F5 BIG-IP systems for each network to include IP addresses, Fully Qualified Domain Name (FQDN), DNS entries, Role Based Access Controls (RBAC), service accounts, certificates, licenses and physical/virtual location of each component
- System administrator skills with Linux, UNIX, Microsoft or application knowledge
- Ability to install and patch operating systems, applications, and document Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ACAS implementations
- Ability to leverage asset management solutions and enterprise network application tools such as ACAS Tenable, Forescout, SolarWinds Orion, Trellix/McAfee Endpoint Security Solutions (ESS), etc.
- Follow established change management process, systems access, implement changes or configuration, and test changes. Apply expertise in system administration, information security, and infrastructure to enhance established policies and procedures, operations, and implement best practices
- Ensures networks receive periodic updates from AFCYBER-released software patches, updates, and upgrades via Time Compliance Technical Orders (TCTO), Time Compliance Network Orders (TCNO), Maintenance Tasking Order (MTO) and Notices to Airman (NOTAMs)
- Perform systems analysis, design review, integration of complex system applications
- Ensure external networks receive cybersecurity inventory reporting for compliance data via ACAS to DISA CMRS, Splunk logging and DoD Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP)
- Participate in all phases of the Vulnerability Management (VM) life cycle with emphasis on the scan, mitigation, remediation, and reporting phases
- Rack and provision government furnished equipment (GFE) servers when applicable
Qualifications/Requirements:
- Candidate must be a valid F5 Certified Administrator (F5-CA) BIG-IP certification in order to receive administrative permissions on the F5 appliance(s):
- Senior Level: Above Exams 101, 201 for F5-CA BIG-IP plus F5 BIG-IP LTM: Exam 301A BIG-IP LTM Specialist: Architect, Setup, Deploy and Exam 301B BIG-IP LTM Specialist: Maintain and Troubleshoot
- Candidate should have 1 to 4 years of years of hands-on experience in:
- Load balancer or local traffic management products
- Familiarity using virtual IP load balancing best practices
- Linux-based or Windows operating systems support with experience in mid-to-large enterprise data center environment; familiarity with network patch/update management
- Exposure interacting with virtualized environments (VMware vSphere, ESXi)
- Demonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills
- Ability to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs
- Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN), routers, switches, or firewalls
- Advanced networking concepts, VLAN, trunking and port channel
- Thorough understanding of Internet Protocol (IP) routing, switching, and OSI model
Education/Certification(s):
- High School Diploma/GED with 4+ years of related experience or Technical degree, Associates or Bachelor’s degree in Computer Science/Information Systems, S.T.E.M. plus 2-4 years’ relevant experience in Information Technology preferably within systems or applications administration is acceptable
- Requires DoD 8570.01-M IAT Level II certification: CompTIA Security+ CE (Continuing Education) or Higher
- Requires one CE Certification Specialist for Senior Level:
- F5 Certified Technical Specialist BIG-IP Local Traffic Manager (F5-CTS BIG IP LTM)*
- Retired F5 Global Traffic Manager (F5-CA GTM) will be considered
- F5 Certified Technical Specialist BIG-IP Domain Naming Services (F5-CTS BIG IP DNS)
- F5 Certified Technical Specialist BIG-IP Application Security Manager (F5-CTS BIG IP ASM)
- F5 Certified Technical Specialist BIG-IP Access Policy Manager (F5-CTS BIG IP APM)
Clearance: Active DoD Secret required