Sr. Network and Security Engineer
Curaleaf is a leading vertically integrated medical and wellness cannabis operator in the United Curaleaf Holdings, Inc., (CSE: CURA) (OTCQX: CURLF) the leading vertically integrated multi-state cannabis operator in the United States. It is a high-growth cannabis company with a national brand known for quality, trust, and reliability. The company is positioned in highly populated, limited license states, and currently operates in 12 states with over 40 dispensaries, 12 cultivation sites, and 11 processing sites. The company is positioned in highly populated, limited license states, and currently operates in 12 states with 52 dispensaries, 14 cultivation sites and 14 processing sites. Curaleaf has the executive expertise and research and development capabilities to provide leading service, selection, and accessibility across the medical and adult-use markets, as well as the standalone CBD category.
This role will report to the Director of IT Infrastructure and will have the opportunity to design, build and deploy a high availability network. The primary responsibilities for the position are as follows:
- Review, design, and support of wired and wireless network infrastructure (LAN/WAN), Firewalls and Cabling
- Manage the companies chosen ISP for new deployments of fiber, firewalls, and SDWAN as well as legacy system upgrades.
- Work with other IT functions (Engineering) to design and support systems for internal needs.
- Research new technologies and overlay possible use of new technologies for both internal IT needs, and external customer needs.
- Occasional interaction with customers for implementation activities.
- Manage projects from initial scoping to deployment.
- Troubleshoot system outages, and work with other technical staffs to resolve technical issues.
- Solves problems relating to mission critical services to prevent problem recurrence, with the goal of automating response to all non-exceptional service conditions
Security Domain Knowledge
- Depth of knowledge in one or more of the core security IES domains:
- Network Security Architecture
- Next Generation Firewall Design / Deploy
- Secure SD-WAN infrastructure
- Intrusion Detection/Prevention Architecture
- Zero Trust Security / Network Segmentation
- DMZ Architecture
- Access control and firewalls/UTM devices
- Remote Network Access (VPN)
- Wireless Security
- Distributed Denial of Service Prevention (DDoS)
- Web Application Firewall Protection (WAF)
- An understanding of compliance standards ISO 27001, NIST, DFARS, PCI, and CIS is a plus
- Securing Cloud Network and Endpoint security infrastructure
- Infrastructure and Endpoint Security Maturity and program risk assessments
- Firewalls/IDPS, Zoning and Segmentation
- Next Generation Firewalls
- Firewall governance / optimization
- CISCO ASA/Firepower, Palo Alto Next Gen Firewall
- Zscaler, Palo Alto Prisma Access
- Algosec, FiremonReadiness to travel 40% annually for assignments
- Preferred Technical and Professional Expertise
- Experience design/deploy Infrastructure and Endpoint security technologies in AWS, Azure, GCP, IBM Cloud is a plus
- Minimum 5 years network experience
- Experience with Ubiquity, Aruba and Meraki wireless technology including implementing 802.1x, Airwave and Clearpass
- Experience in wired networking with a focus strong knowledge of Layer 2 and Layer 3 communications
- Experience with SD-WAN technologies
- Experience with Cisco ASA Firewalls, Cisco ISR’s and VPN connectivity
- Experience with Cisco AnyConnect configuration and best practices
- Experience working with Networking technologies and topologies (EIGRP, BGP, OSPF, etc.), Cisco/HP switches and routers, Security Information Management, IPS/IDS, Firewalls, DLP, and behavioral/risk based security frameworks
- Experience with Microsoft Azure networking
- Knowledge of Deployment technologies including
- Scripting language knowledge for routers and networks
- Experience with Active Directory, and Windows/Apple integration and two factor OS authentication
- Experienced with Network management tools
- Cisco certifications are not required, but will be helpful
- Works well as an independent contributor, a team lead, and a Customer Service agent (for client interactions)
- Willingness and openness to try new technologies, methods, and processes
- The IT team is an open, collaborative, and high integrity environment. We seek candidates who fit into our team culture of peer mentoring and support.
- Ability to provide Tier 3 on-call support for internal Help Desk escalations
- Ability to travel in North America up to 40%
- Some nights and weekends may be required
- Ability to pass an advanced background check
- Must be 21 yrs of age or older
Curaleaf is an equal opportunity employer