F5 Administrator - Subject Matter Expert
Stennis Space Center, MS
Job Description
CSC is hiring for a F5 Administrator Subject Matter Expert to work at the Stennis Data Center located in Hancock County, MS. The F5 Administrator must be able to successfully pass a background investigation.
Created after 9-11-2001, the Department of Homeland Security consolidated numerous agencies' data centers for central management. CSC plays a key role in the Department's IT integration strategy through its Data Center-1 program.
CSC's DC-1 program is committed to delivering an efficient, responsive, and mature data center operation through excellence in service delivery, performance, and continual service improvement.
F5 Administrator Subject Matter Expert has in depth administration experience on F5 load balancers, including an understanding of routing and switching protocols with the relation to the load balancer landscape (Ex: STP, BGP, OSPF, TCP, SSL, SNAT, TLS), and application layer protocols including HTTP, SSH, SSL, and DNS.
The F5 Administrator must understand load balancing strategies/ techniques, expertise in application switching / traffic management, knowledge of persistence and SSL certificates. Complete basic configurations on the F5, including but not limited to: OS upgrades, Trunking, and general troubleshooting of the devices. Thoroughly understand the troubleshooting processes. The F5 Administrator will understand HTTP & HTTPS predicted behavior as well as read the packet content to create or modify custom settings on such behavior. They will have the ability to create custom monitors.
The F5 Administrator must understand the Global Traffic Manager and Iquery functionality between LTM & GTM for a HA design. Some knowledge and hands on experience working with web servers, including the understanding of the various web protocols. The F5 Administrator will have the ability to explain how the web server works, describe the settings in the main configuration files, describe how the certificates work on the web server, and describe SSL termination and handshakes with load balancers and application servers.
Essential Job Functions
- Provides Level 3 support and direction for production related issues. Considered a SME in application end to end flow and infrastructure integration touch points
- Participates in application release activities and provides resolution for any issues
- Provides app dev support for all environments in scope for channels space
- Provides on call support and participates in shift rotation to provide required coverage
- Works with enterprise partners for chronic infrastructure issues, product bugs and feature enhancements
- Participates in project calls and works with internal bank groups as well as LOB to gather detailed technical requirements and application specifications
- Responsible for application integration designs. As part of this work out the details around application logic and required code (session management, application redirects, rewrites, migration scenarios, app routing, persistence logic)
- Responsible for application forward fits across all environments
- Responsible for documentation of end to end application and infrastructure design
- Provides requirements and works with enterprise teams around new feature enhancements, certifications as well as life cycle management of portfolio
- Establishes application capacity/threshold management routines and proactively identifies upgrade/enhancement opportunities
Basic Qualifications
- Bachelor's degree or equivalent combination of education and experience
- Bachelor's degree in engineering, computer science, management information systems, or related field preferred
- Six or more years of experience in data, voice or video networks
- Experience working with multiple technical platforms (e.g., mainframe, two-tiered client-server, three-tiered client-server) and at least two network systems (e.g., Novell, Windows NT)
- Experience working with network systems, networking principles, data, voice or video
- Experience working with network software and hardware, data, voice or video
- Experience working with proprietary software and hardware
- Possess Department of Defense (DoD) security access and/or DoD security clearance
Other Qualifications
- Knowledge of F5 iRules (F5's TCL scripting language) enabling customization of application load balancing solutions through the control and direct manipulation of the application traffic
- Must have expertise in application switching and traffic management, deep knowledge of application requirements (such as persistence), understand SSL offload and implementation of SSL certificate and Key, and web acceleration and TCP optimization. Use of F5 DOS and DDOS features and mitigation methods including use of network Packet filters and iRules is desirable
- In depth knowledge of F5 BIG-IP Hardware Platforms (Citrix NetScaler also desired)
- In depth knowledge of F5 TMOS Architecture including currently generally available software versions
- Functional understanding of network Layer 2 /3 switching and routing protocols
- Knowledge of F5 LTM and GTM hardware platforms including engineering design and deployment implementation guidelines
- Functional understanding of diverse set of networked applications requiring application traffic management solutions, including HTTP, HTTPS, SSH, FTP, DNS, NTP, ANYCAST services, and others
- DMZ Network infrastructure knowledge including topology, security policies, firewalls and the L2/L3 switch and router infrastructure is required
- Understanding of LTM Inbound SNAT configurations and outbound NAT server to IP mapping required
- Understanding of application load balancing strategies and advanced techniques for application delivery
- Functional understanding of F5's API iControl and application integration
- Candidate must have admin experience with F5 configuration CLI including both BigPipe and Shell (TMSH)
- Experience with packet capture analysis software is required
- Understanding of F5 generic monitors and the ability to create custom monitors is required
- Functional knowledge of F5 advanced feature modules including Web Accelerator, Application Security Module, and Application Policy Module
- Knowledgeable of F5 system logging event types and logging levels
- Knowledge of irules, content switching, or other equivalent rule-based URL rewriting
- Experienced in VIP creation, certificate updates, SSL profile creation, pool creation and pool member modification
- In depth knowledge of SSL cryptographic protocol in securing communications over the Internet and the ability to leverage F5 BIG-IP Application Delivery Controllers in performing SSL offload (client decryption) and server encryption solutions
- Understanding of SSL Certificate Private Key Infrastructure (PKI) in the SSL Certificate and KEY management and rollover process is beneficial
- Familiar with Federal Information Processing Standards (FIPS) level 140-2 cryptographic security standard and F5 BIG-IP FIPS Hardware Security Module (HSM) implementation including the FIPS Domain administration and management for encryption, storage and protection of high-value cryptographic Keys
- Understanding of DDOS and DOS including F5 mitigation techniques and methods for both LTM and GTM systems. Comprehensive security background (understand what the threats are in their particular area and various methods of mitigation) beneficial
- Functional understanding of GEOIP and Topology record creation, in providing global load balancing of client requests to nearest hosting data center
- Functional understanding of client browser DNS Caching and impact on global site persistence and site affinity
- Understanding of F5 GTM solutions, including WideIP and Pool Load Balancing Methods, probers and monitors
- Functional Understanding of DNS DDOS and DOS threats and mitigation techniques