Cyber Security Network Firewall Administrator

Salary

$100,000-$120,000

The Cyber Security Firewall Administrator is responsible for the deployment, configuration, and ongoing administration of firewall and remote access systems to safeguard the Chicago Transit Authority’s networks from cyber threats. This role involves implementing and maintaining firewall and remote access/VPN rules and policies, monitoring traffic for unusual activity, analyzing logs, and responding to security events. The administrator works closely with IT and cyber security teams to ensure firewall and remote access/VPN configurations align with organizational security standards and regulatory requirements, supporting a secure and resilient network environment.

PRIMARY RESPONSIBILITIES

Install, configure, and maintain enterprise firewall systems (e.g., Palo Alto, Cisco, Fortinet, Check Point).
Create, modify, review, and optimize firewall rules for security and performance.
Implement and update firewall rules and access control lists (ACLs) in accordance with security policies.
Monitor and interpret firewall logs and alerts to detect, analyze, and respond to potential security incidents.
Apply firmware updates and security patches to firewall systems to mitigate vulnerabilities.
Diagnose connectivity issues, packet drops, and misconfigured policies.
Troubleshoot firewall-related issues affecting network performance or connectivity.
Document firewall architecture, configurations, change management activities, and
Build and maintain IPsec and SSL VPNs, both site-to-site and client-based.
Configure, deploy, and maintain Virtual Private Network (VPN) solutions (e.g., IPsec, SSL VPN, remote access, site-to-site).
Implement and enforce security policies for Remote Access/VPN access in accordance with organizational standards.
Manage Remote Access/VPN user access, including provisioning, deprovisioning, and authentication setting protocols such as LDAP, RADIUS, or SAML.
Apply firmware updates and security patches to Remote Access/VPN appliances and associated infrastructure.
Monitor Remote Access/VPN performance, availability, and usage to ensure secure and reliable connectivity.
Integrate Remote Access/VPN solutions with identity and access management (IAM) systems and multi-factor authentication (MFA) like Duo, RSA SecurID, or Azure MFA.
Troubleshoot Remote Access/VPN-related issues affecting remote users or inter-site communications.
Maintain documentation of Remote Access/VPN architecture, configurations, changes, and procedures.
Conduct regular audits of firewall and remote access/VPN configurations to ensure compliance with internal and regulatory standards.
Researches and analyzes cyber security threat indicators and their behaviors for the prevention, detection, containment, and correction of security breaches, and recommends threat mitigation strategies.
Assesses new security technologies to determine potential value for the enterprise.
Performs related duties as assigned.
MANAGEMENT RESPONSIBILITIES

Reporting to this position are the following jobs:

Job Title

N/A

CHALLENGES

Maintaining knowledge of current cyber technology tools, architectures, and trends in a rapidly changing field.
Completing cyber activities requiring the assistance of other teams with competing priorities.
Qualifications

EDUCATION/EXPERIENCE REQUIREMENTS

Bachelor’s degree in information security/cyber security, information technology, computer science or related field; including certifications such as Cisco Certified Specialist – Security Core, Cisco Certified Network Professional (CCNP) Security, Cisco Certified CyberOps Professional, or similar, and three to five years of experience in firewall administration or related position for large enterprises, or an equivalent combination of education certifications and experience related to the position.


PHYSICAL REQUIREMENTS

Requires remaining in a stationary position for extended periods of time and constantly operating a computer.
May be required to travel to various field locations.
Must be able to lift, maneuver and carry material weight up to 50 pounds.

KNOWLEDGE, SKILLS, AND ABILITIES

Be a proficient problem-solver that can work autonomously and with others.
Knowledge of network applications and protocols, configuration, routers, logging, monitoring, administration.
Knowledge of Syslog and SIEM principles, operations, configuration, and usage.
Knowledge of operating systems such as Unix, Linux, Microsoft Windows, VMware and Cisco.
Detailed knowledge of Command Line Interface syntax and use.
Awareness of NIST, ISO 27001, PCI-DSS, HIPAA, or similar frameworks.
Knowledge of encryption technology, tools, and techniques.
Knowledge of certificate-based authentication, pre-shared keys, IKE/IPsec negotiation, and TLS.
Knowledge of ACLs, security zones, policies, rule base configuration, and best practices.
Knowledge of Defense-in-depth, zero trust, intrusion prevention, NAT, packet filtering, and stateful inspection.
Ability to maintain absolute confidentiality of sensitive files, data and materials accessed, discussed, or observed, and while adhering to security policies and procedures.
WORKING CONDITIONS

General office environment.
May be required to travel to various field locations.
Subject to various weather conditions when traveling to and from work locations.
Subject to normal garage, shop, and terminal hazards such as noise, dust, grease, moving vehicles, etc. when working in bus/rail workshops, garages, and terminals.
EQUIPMENT, TOOLS, AND MATERIALS UTILIZED

Personal computer and related software as needed.
Additional Details
Employees and/or union members will be given priority consideration in the hiring process, per the applicable labor contracts.

Final salary will be determined in part by the qualifications of the selected candidate and may be higher or lower than target.

Applicants, if hired,must comply with CTA's residency ordinance.

CTA IS AN EQUAL OPPORTUNITY EMPLOYER

No employee or applicant for employment will be discriminated against because of race, color, creed, religion, sex, marital status, national origin, ****** orientation, ancestry, age, unfavorable military discharge, disability or any other status protected by federal, state, or local laws; except where a bona fide occupational qualification exists We are committed to providing an inclusive environment for our workforce and supporting the communities we serve. CTA will make reasonable accommodations for the known disabilities of otherwise qualified applicants for employment as well as its employees, unless undue hardship would result. If you require an accommodation in the application or hiring process, please contact arc@transitchicago.com prior to the submission of your application or upon notification of your actual test date. CTA will work with you to determine if an accommodation can be provided.

During the hiring process, CTA's Human Resources department will contact candidates with next steps . Failure to respond to these correspondences in a timely fashion may result in your application being closed out for non-responsiveness.

Please click link below to review the benefits offered at the CTA.

https://www.transitchicago.com/hrbenefits/
Primary Location: USA-Illinois-Chicago
Job: Information Technology
Job Posting: Jul 25, 2025, 2:12:25 PM
Position Type: Full-time Permanent (FTP)

United States
Illinois
Chicago Show on map Get directions