We are seeking a dynamic, motivated individual to serve as a Mid-Level F5 Operator in support of the 26 NOS, US Air Force at Maxwell AFB, Gunter Annex. The F5 Operator will complete basic configurations on the F5, including but not limited to: OS upgrades, trunking, and general troubleshooting of F5 devices using load balancing strategies/techniques, expertise in application switching/traffic management, knowledge of persistence and SSL certificates. If you are seeking a challenging place to work, please review the list of responsibilities and qualifications.
Duties & Responsibilities:
- F5 BIG-IP Administrator must operate and maintain F5 appliances, configurations and identify BIG-IP Traffic Processing Objects
- Candidate must have a proper understanding of traffic management shell hierarchical structures and their navigation; understanding of how to use TCPDUMP on BIG-IP Systems.
- Admins are responsible for shutting down and restarting BIG-IP systems, restoring from backups.
- Assist in managing IP load balanced traffic and viewing statistics and logs.
- Configure virtual servers, pools and monitor BIG-IP configuration states and files.
- Save and replicate configuration data and oversee transitions onto a BIG-IP system.
- Administrators must map IP addresses with NATs and resolve routing issues with SNATs.
- Ability to create virtual server SNAT auto maps, manage pools and members as well as node statuses.
- Administrators must introduce source address affinity persistence and cookie persistence and manage object states and handle SSL offloads and re-encryption.
- Provide high availability services within the local LAN/MAN/WAN; intelligent DNS routing; deliver load balancing administration and support for managing secure two-factor authentication (2FA) user authentication sessions with Public Key Infrastructure (PKI) CAC or PIV Smart Card via BIG-IP management interface between enterprise directory service locations/data centers.
- Troubleshoot network problems, network device configurations, and coordinate with various department administrators to facilitate connectivity issue resolution.
- Participate in development and support of customer technical requirements and technical solutions.
- Support, troubleshoot and configure SSL intercept/inspection, web certificates, certificate management, PKI Certificate Authority (CA) bundles, private/public keys.
- Assist in meeting compliance baseline configuration, inventory, and best practice requirements while operating to security standards to aide in reducing gaps in cyber security risk exposure.
- Audit, record configurations, conduct assessments and submit suggestions to end-user applications.
- Candidate will coordinate system activities such as deploying, configuring, monitoring, tuning, upgrading, and troubleshooting F5 BIG-IP components spanning local, remote and complex enclaves.
- Document F5 BIG-IP systems for each network to include IP addresses, Fully Qualified Domain Name (FQDN), DNS entries, Role Based Access Controls (RBAC), service accounts, certificates, licenses and physical/virtual location of each component.
- System administrator skills with Linux, UNIX, Microsoft, or application knowledge
- Ability to install and patch operating systems, applications, and document Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ACAS implementations.
- Ability to leverage asset management solutions and enterprise network application tools such as ACAS Tenable, Forescout, SolarWinds Orion, Trellix/McAfee Endpoint Security Solutions (ESS), etc.
- Follow established change management process, systems access, implement changes or configuration, and test changes.
- Ensures networks receive periodic updates from AFCYBER-released software patches, updates, and upgrades via Time Compliance Technical Orders (TCTO), Time Compliance Network Orders (TCNO), Maintenance Tasking Order (MTO) and Notices to Airman (NOTAMs)
- Ensure external networks receive cybersecurity inventory reporting for compliance data via ACAS to DISA CMRS, Splunk logging and DoD Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP)
- Participate in all phases of the Vulnerability Management (VM) life cycle with emphasis on the scan, mitigation, remediation, and reporting phases.
- Rack and provision government furnished equipment (GFE) servers when applicable.
- High School Diploma/GED with 4+ years of related experience or technical degree, Associates or, Bachelor’s degree in Computer Science/Information Systems, S.T.E.M. or 2-4 years’ relevant experience in Information Technology preferably within systems or applications administration is acceptable.
- Requires DoD 8570.01-M IAT Level II certification: CompTIA Security+ CE (Continuing Education) or GIAC Global Industrial Cyber Security Professional (GICSP) or (ISC)² SSCP Systems Security Certified Practitioner
- Requires CE Certification for Junior/Mid-Level Junior/Mid-Level: F5 Exam 101 Application Delivery Fundamentals and F5 BIG-IP Exam 201 TMOS Administration F5 Certified Administrator BIG-IP (F5-CA BIG-IP)
Prefer (not required) one or more of the following OS based technical certifications:
- CompTIA Linux+ or Red Hat Certified System Administrator (RHCSA) or Linux Foundation Certified System Administrator (LFCS)
- Microsoft based certification (current):
- Microsoft 365 Certified: Fundamentals
- Microsoft Certified: Security, Compliance, and Identity Fundamentals
- Microsoft Certified: Azure Fundamentals
- Microsoft Certified: Security Operations AnalystAssociate
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft 365 Certified: Teams AdministratorAssociate
- Microsoft based certification (retired, will be considered): Microsoft Technology Associate (MTA) or Microsoft Certified Solutions Associate (MCSA) or Microsoft Certified Technology Specialist (MCTS) or Microsoft Certified Solutions Expert (MCSE)
- Other Preferred technical certifications (not required): Splunk Core Certified User or Splunk Core Certified Power User
*Clearance:* Active DoD Secret required with potential to upgrade to Top Secret clearance preferred.