Lead Platform Engineer - VPN

West Creek 4 (12074), United States of America, Richmond, Virginia

Lead Platform Engineer - VPN

Do you love building and pioneering in the technology space? Do you enjoy solving complex technical problems in a fast-paced, collaborative, inclusive, and iterative delivery environment? At Capital One, you'll be part of a big group of makers, breakers, doers and disruptors, who love to solve real problems and meet real customer needs.

We are seeking an experienced Lead Platform Engineer with expertise in network security technologies cloud, enterprise, and data center to join our team!  This is an opportunity to design, deploy, and manage VPN technologies that drive the enhancement and evolution of our network security infrastructure.

As a Platform Engineer, you’ll have the opportunity to be on the forefront of driving a major transformation within Capital One. You will be working with the engineering team to integrate and manage new technologies into the existing production environment; gathering requirements, developing designs to meet documented requirements, and implementing those designs. The Platform Engineer will also function as a mentor and escalation resource for the operations team; developing/presenting training curriculums, mentoring less experienced engineers, and providing on-call incident support.  

You will collaborate and innovate with smart and passionate people within Capital One to deliver results that have a direct impact on the company’s bottom line while challenging yourself by learning new technologies and seeking opportunities to advance and improve our enterprise infrastructure.

The VPN Engineering team provides secure Virtual Private Network (VPN) connectivity at the Enterprise level that allows associates to access Capital One’s network remotely via home based networks, public Wi-Fi networks and smartphone hot spots. As part of Capital One’s move towards a well-managed network security strategy, we are replacing the legacy f5 BIG-IP VPN to a new and flexible Palo Alto’s remote access cloud based solution - GlobalProtect/Prisma Access for the hybrid workforce.

What you’ll do:

• Design, implement, and maintain high quality VPN infrastructure solutions.

• Support enterprise network security infrastructure, regional hubs, and cloud environments.

• Enforce cyber security standards, automation of security services, and deployment of security solutions.

• Work collaboratively across teams and LOBs spanning multiple time zones.

• Consult with various technology support groups as part of network security design and development efforts. 

• Identify gaps in current design and research/propose appropriate solutions based on technical and business drivers.

• Lead/contribute to security solutions development, optimizations, network and cyber security standards, and technology refresh efforts. 

• Provide input to design standards and maintain network security topology diagrams and technical design documents.

• Participate in technology integration efforts with other engineering and support teams.

• Provide direct support of audit and ad hoc consulting engagements.

• Ensure compliance with departmental and enterprise security configuration standards.

• Engage with all internal and external parties as necessary to drive and complete work.

What we’re looking for:

• Subject matter expert (SME) with a solid network security background and hands on experience with Palo Alto VPN and firewalls

• High proficiency with designing, implementing, and troubleshooting a wide range of network security platforms and VPN technologies such as AWS, f5, Cisco

• Experience in building, migrating & supporting enterprise computing platforms and systems such as GlobalProtect, Prisma Access for Desktop (macOS, Windows) & Mobile (iOS, Android), and SASE based solutions by test driving proof of concept and deployment of security solutions

• Ability to problem solve in a complex and ever changing environment

• Advanced proficiency with leveraging network security management tools and performing packet analysis during incident/problem resolution 

• Excellent interpersonal and communication skills (both verbal and written). Must be able to represent the team well and effectively communicate/share technical information to a variety of individuals, peers, and stakeholders

• Excellent analytical and problem-solving skills to help detect, communicate, and fix issues while adopting Site Reliability Engineering (SRE) principles so that the availability and performance of the investments in IT networks are optimal

• Excellent time management skills across multiple projects and distributed teams

• Encourage innovation, implementation of cutting-edge technologies, inclusion, outside-of-the-box thinking, teamwork, self-organization and diversity

• Willingness to update and contribute to living engineering documentation

• Must be ready to work flexible hours and need to adjust to changing environments

• Must be prepared for physical work which may involve lifting and carrying equipment of up to 50lbs, besides moving, racking and installing them, if necessary

• Knowledgeable about IPSec tunnels and encryption, VRF, TCP/IP, OSI model, IPv6, cloud based network security architecture, VPN deployment strategies & migrations, data traffic manipulation, Proxy, Load Balancers, DNS / Route53, VPCs

• Good to have knowledge on: general network concepts, protocols, any scripting experience, CM tools including Ansible and Terraform, and a variety of AWS tools and services

Basic Qualifications:

• High School Diploma, GED, or equivalent certification

• At least 5 years of experience with Palo Alto network security designs & solutions - VPNs, firewalls

• At least 2 years of experience leading team projects

Preferred Qualifications:

• Bachelor’s Degree

• 6+ years of experience with network security hardware and software

• 4+ years of Palo Alto VPN & firewall, f5, AWS VPN administrator experience

• 2+ years of experience in Jira, Confluence, ServiceNow, Observe

• 2+ years of scripting and automation experience (BASH, Powershell, Ansible, Terraform)

• 1+ years of experience with AWS, Azure or Google Cloud

• Palo Alto certification (PCNSA, PCNSE, PCCSE or PCSAE)

• CISSP, CCSE, CNSA or CSAE certification

• AWS certification

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

This role is expected to accept applications for a minimum of 5 business days.

No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City’s Fair Chance Act; Philadelphia’s Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).