The Role
The role involves implementing VMware NSX for micro-segmentation, creating firewall policies, and ensuring compliance with security standards. The applicant must have significant experience in NSX design and deployment, along with a background in security frameworks and troubleshooting.
Summary Generated by Built In
VM/Infrastructure Micro Segmentation Specialist
ROLE
We need an experienced VM/Infrastructure Micro Segmentation Resource at the New York City Department of Social Services (DSS). DSS enhances the quality of life for all New Yorkers by providing temporary assistance to eligible individuals and families with social service and economic needs, supported by IT Services (ITS) which operates the critical technology infrastructure behind the agency’s programs. DSS is currently executing a large-scale Data Center Co-location and Migration Project to consolidate multiple data centers into a new facility at 11 MetroTech in Brooklyn, replacing end-of-life infrastructure and mitigating risk of service disruption to agency operations. In this role, you will implement the Zero Trust model using VMware NSX micro-segmentation technologies, identify user IDs and application access patterns, map source and destination IP communications across VMware and physical environments, create NSX firewall policies to isolate workloads, and ensure compliance audit readiness for HIPAA, FTI, and FLPS data. This is a full-time opportunity. We can offer a competitive salary and a comprehensive benefits package.
RESPONSIBILITIES
- DSS has distributed workforce working from numerous branch offices and remote workers generating data traffic routed to the main datacenter in Brooklyn. The datacenter migration involves, amongst other things, a highly complex VMware environment that demands a specialized resource. VMware consultants are essential for navigating complexities and ensuring success. They bring critical expertise in planning and executing the transitions while mitigating risk such as unplanned downtime, data loss, and compatibility issues. Furthermore, we plan to implement the Zero Trust model, by utilizing micro segmentation technologies, such as VMware NSX, where the network is broken into many compartments, which will implicitly not trust the adjacent compartments and all access has to be directly assigned using rule/role-based firewall policies. We will utilize micro segmentation as traditional perimeter defenses are insufficient to detect and prevent internal threats or compromised security credentials. We would need consultants who specialize in this technology and assist in:
- Identifying user IDs and applications accessed in performing assigned job functions.
- Identifying the source IP addresses, destination IP addresses and ports on servers in the VMware and physical environment that are communicating with each other to fetch and upload data.
- Creating firewall policies on VMware NSX ensuring that workloads, applications, and users are isolated and only allowed to communicate as strictly necessary, minimizing the risk of lateral movement during a breach.
- Utilizing micro segmentation to ensure that we meet the compliance audit readiness concerning HIPPA, FTI and FLPS data.
- Enhancing Cloud and Hybrid Security as we have compute resources on premises as well as in the AWS Cloud and Azure Cloud.
REQUIRED SKILLS/EXPERIENCE
- 4 years' experience in Lead end-to-end design of NSX-T Data Center solutions, including logical switching, routing, microsegmentation, and distributed firewalling and develop high-level and low-level design documents, architecture diagrams, and implementation plans and conduct network assessments, gap analysis, and cloud readiness evaluations
- 4 years' experience with Deploying and configure NSX-T components: NSX Manager, Edge Nodes, Tier-0/Tier-1 gateways, transport zones, and overlay networks, execute migrations from NSX-V to NSX-T and from traditional physical networks to SDN
- 4 years' experience Design and implement microsegmentation policies based on application dependency mapping utilizing tools such as Traceflow, Port Mirroring, and vRealize Network Insight (vRNI) for traffic analysis
- 4 years' experience Develop zero-trust security frameworks aligned with client compliance requirements and Provide expert-level troubleshooting and root-cause analysis for complex NSX-T issues.
- Utilizing micro segmentation to ensure that we meet the compliance audit readiness concerning HIPPA, FTI and FLPS data and collaborate with project managers to define scope, timelines, and deliverables, Mentor junior engineers and contribute to internal best-practice development
EDUCATION / CERTIFICATIONS
- Bachelor’s degree in a related field – preferred
LOCATION
- Brooklyn, NY
CLIENT
- NYC Department of Social Services
WORK AUTHORIZATION
- Must be legally entitled to work in the United States
TRAVEL
- No travel required.
WORK HOURS
- 8 hours per day. 1 unpaid hour for lunch
EMPLOYMENT CLASSIFICATION
- W2 Hourly
RELOCATION
- Not eligible for relocation benefits.
COMPENSATION
- Compensation Range: $68.68 - $93.41/hr commensurate on experience
- Benefits: Benefits package includes options for health, dental, and vision insurance coverage; 401k contribution options; paid sick time
Top Skills
Aws Cloud
Azure Cloud
Nsx-T
Vmware Nsx
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
West 4th Strategy provides rapid response technology services to civilian, defense, and homeland security customers. We build and mobilize dynamic teams of qualified technologists who embody competence, professionalism, and a commitment to results. We excel at moving fast to find the right people to get the job done. And the best part of our technology teams? They make the government’s mission their mission. Our teams work with a sense of purpose to power the government. West 4th Strategy. Our work defines us.
.png){kind=logo}
