Firewall Engineer

Department for Education
01 Sep 2017
20 Sep 2017
Contract Type

The Department for Education is in the middle of one of the most exciting and challenging IT programmes across Whitehall. Our IT Modernisation Programme will ensure that the Department has the best and the most appropriate IT systems and data services in place so that it can operate flexibly, effectively and efficiently.

This role sits within IT Group, which provides technology services to the core Department, its executive agencies and other central government departments. This function is close to achieving its ambition to take the Department's technology platform from trailing edge to leading edge. By the end of the 2016-17 financial year we will have delivered our technology modernisation programme, and refreshed our entire device estate, moved all of our applications to cloud hosting and upgraded our productivity suite to the best Microsoft products available on the market. We are also delivering award-winning digital services such as the school and college performance tables and maintain a large estate of IT applications.

Overview of the Role

The role is in our Cyber Operations team. We have a 3 year cyber strategy covering 6 capabilities: Trust Management, Threat and Vulnerability Management, Security Incident and Event Management, Cryptographic Key Management, Business Resilience Management and Identify Access Management.

The strategy is to build the team, tools and technologies for these capabilities in order to protect the department from cyber-attacks, and ensure risks to corporate assets are managed in accordance with business expectations. This role is part of a team who will be helping to safeguard over GBP60 billion of annual budgets, and vast amounts of personal and sensitive information relating to children and people employed in the education sector.

To fulfil this role you will be inquisitive and able to learn new skills quickly. This position will suit somebody who is motivated by challenges, looking to develop and expand on their existing knowledge in a fast paced and ever changing cyber threat landscape.

You will have the opportunity to train in the other security capabilities, for this knowledge transfer and any relevant external training will be provided.

Key Responsibilities

You will be accountable for developing and maintaining the Trust Management capability within the Cyber Operations team.

Main responsibilities:

  • Configuration and maintenance of the Cisco, Barracuda, Checkpoint and Fortigate firewalls - ensuring firewall rules are valid and updated, analysing traffic through the firewalls to ensure maximum security, managing updates/upgrades of hotfixes and patches, etc.
  • Working closely with wider Cloud Operations team colleagues, undertaking training in technologies as required
  • Track the technology roadmap (support, performance, lifespan)
  • Identify security risks, threats and vulnerabilities within our network infrastructure, providing mitigating advice and actions
  • Ongoing risk management
  • Documentation of implemented solutions, processes and procedures
  • Troubleshooting technical issues relating to LAN/WAN
  • Reacting to and initiating corrective action regarding security violations
  • Membership and contribution to the Department's Security Working Group
  • Develop and improve the move towards Layer 7/Application aware technologies - implement and streamline new IPS/Web URL Filtering/Application control systems to ensure maximum security for the Department's infrastructure and data
  • Be an active member of the Change Advisory Board to ensure that all IT changes conform to the CAB agreed standards. Highlight the risks of proposed changes to ensure they are understood and mitigated
  • Actively review and manage the Incident call logging system to ensure that all incidents are dealt with in a timely manner. Ensuring customers are kept up to date and all incident records are updated with thorough and detailed notes working in line with the Department's Incident and Problem management processes

Please note that out of hours on call may be required for this role.

Skills and Experience

  • Intimate knowledge of TCP/IP protocols and networking architectures
  • Significant knowledge and experience in administration of firewall technologies - CISCO, Barracuda, Checkpoint and Fortigate
  • Network routing and switching
  • Strong troubleshooting skills
  • Strong communication skills with the ability to communicate across all levels (both written and orally)
  • Ability to prioritise multiple projects and work under pressure
  • Able to use own initiative
  • Willingness to learn new skills and develop security expertise
  • Willing to undertake SC clearance
  • Practical and current knowledge of the cyber security threat landscape


  • Proficient in use of Intrusion prevention technologies.
  • Experience in network Denial of Service defence and protection.
  • Knowledge of incident response management and security risk management.
  • Experience of firewall management in a cloud environment, e.g. Azure.


Certification in at least one of the firewall technologies e.g. CCNA / CCNP.
ITIL - foundation.

Benefits Allowances

For exceptional candidates an additional allowance of up to GBP1,000 and a pension contribution of up to GBP6,000 depending on salary offered.


Civil Service pension schemes may be available for successful candidates.
Contributory pension (worth 20-22% of salary). This is a highly competitive Civil Service Pension Scheme, which many experts agree is one of the most generous in the UK. The Institute for Fiscal Studies recently said that "the biggest difference between public and private sectors remains the value of employer contributions to public service pensions. These are much more generous in the public sector than in the private sector".

If you have accrued pension rights in another pension scheme, you may be eligible to transfer these rights into the Civil Service Pension Scheme.

Annual leave

Your annual leave allowance will be 25 days, increasing by 1 day every year to a maximum of 30 days after five years' service. In addition, all staff receive the Queen's Birthday privilege holiday and eight days' bank and public holidays.

Flexible working and family-friendly culture

We offer flexible working arrangements that recognise the importance of a good work/ life balance. We offer support with childcare and holiday play schemes costs by providing childcare vouchers for staff who meet the eligibility criteria. There is also a generous maternity/adoption/paternity leave package

Flexible working is open to everyone regardless of their personal circumstances, where business or operational needs allow. For example we offer:
• job share
• compressed hours
• term-time working
• part-time working

Development and progression

DfE exists to support lifelong learning, and offer all staff a minimum of five days formal learning and development every year supported by ongoing professional development and opportunities for professional accreditation.

Other benefits

We offer a range of other benefits, including season ticket loans and a cycle-to-work scheme.

More jobs like this