· Work in collaboration with Network Designer to roll out Next Generation LAN and WAN to MOH PSAP locations:
· Produce SD-WAN design and configuration (policy, template development)
· Produce high-level and low-level network design (design workbooks).
· Configure switches, routers, firewalls as per the network design.
· Configure dynamic routing protocols (BGP/OSPF) on both SD-WAN and Firewall devices
· Perform physical Install of SD-WAN routers, LAN Switches, HA Firewalls
· Develop and apply plan for HVAC, Power, UPS, Generator, and associate equipment remediation work.
· Develop and apply Firewall policies
· Develop Centralized and Localized policies for traffic and App-Aware routing
· Test configurations and troubleshot network issues.
· Develop and Implement QoS policies for the Next Gen LAN and WAN
· Deploy configurations in network inventory DB.
· Work with facility SME/Cable Designer to assist with facility remediation.
· Develop and Configure Palo Alto Cloud logging
· Maintain and support the network environment during Pilot phase of the project
· Assist in configuration management automation initiative using ansible and other tools
· Install Configure Aruba Clear Pass as Identity management solution
· Install and configure OOB management Firewalls across PSAP locations
· Perform other project related duties as required
NOTE
Extension/Amendment Attestation: Extension(s) only allowed using unused days/funds left on contract. No additional funds will be added beyond the maximum contract value and any extension options included in the original SOW. HSC may exercise its option(s) to extend the SOW beyond April 5, 2026, for up to one additional extension term of one year. Such extension(s) will be allowable only if the Master Service Agreement is extended beyond April 5, 2026 and be upon the same terms, conditions and covenants contained in the SOW.
The resource needed till March 31, 2027, will include an option to extend, at the same rate, till March 31, 2027 if Tender_12075 Managed Service Provider for Contingent IT Resources is also extended for a further one year, else an RFS under the Successor VOR will be issued for the services required April 5, 2026 to March 31, 2027.
Assignment Type: This position is currently listed as "Hybrid" as consultants may be required to work partly in the physical workplace and partly remotely. The details of this arrangement will be at the Hiring Manager's discretion.
NOTE
Candidate will be asked to complete a written assignment to build a specific network lab utilizing some technology routers specified by MOH. A minimum of 70% of the written test is required before proceeding to the interview. Failure to complete the assignment within MOH's requisite timeline is subject to disqualification at the Ministry's discretion.
|
· Firewall Security & Rule Management – Advanced understanding of firewall policies, access control lists, and best practices for network security enforcement. · Network Architecture & Security – Strong grasp of routing, switching, segmentation, and secure connectivity principles in complex enterprise environments. · Incident Response & Troubleshooting – Ability to diagnose and resolve network security incidents, performance issues, and firewall-related outages. · Security Compliance & Risk Management – Understanding of regulatory frameworks (NIST, ISO 27001, PCI-DSS, etc.) and their implications on firewall configurations. · Infrastructure Automation – Work closely with the Infrastructure Automation team to streamline firewall and network security operations using modern tools. · Collaboration & Cross-Functional Integration – Work closely with network, security, cloud, and DevOps teams to enhance enterprise security postures. |
50% |
|
|
Technical Skills |
· Palo Alto Networks NGFWs – Extensive experience with Palo Alto firewalls, including policy creation, advanced threat prevention, and traffic analysis. · Panorama Centralized Management – Proficiency in managing multiple firewalls using Panorama, including device groups, templates, and log analysis. · Network Automation & Scripting – Familiarity with automation frameworks (Ansible, Terraform) and scripting languages (Python, PowerShell) for firewall automation. · VPN & Secure Connectivity – Experience with GlobalProtect, IPsec, SSL VPNs, and hybrid cloud security architectures. · Cloud & Hybrid Network Security – Understanding of firewall deployments in cloud environments (AWS, Azure, GCP) and integration with on-prem networks. · Logging, SIEM, & Threat Intelligence – Expertise in security monitoring tools, log analysis, and incident response workflows. |
30% |
|
Communication/Analytical Skills |
· Advanced Problem-Solving & Root Cause Analysis – Ability to diagnose and resolve complex firewall and network security challenges in high-pressure situations. · Security Incident Reporting & Documentation – Skilled at documenting security events, network changes, and troubleshooting steps in a clear and concise manner. · Cross-Team Communication – Ability to convey complex security issues to non-technical stakeholders while collaborating effectively with technical teams. · Training & Mentorship – Provide training and mentorship to junior engineers and cross-functional teams on firewall security best practices. · Stakeholder & Vendor Engagement – Work closely with IT leadership, compliance teams, and security vendors to implement and refine security strategies. · Process Improvement & Best Practices – Continuously evaluate security operations and implement optimizations for improved efficiency and risk mitigation. · Continuous Learning & Adaptability – Stay up to date with emerging firewall technologies, automation trends, and evolving cybersecurity threats. |
20% |
Maximum Number of Submissions - one (1)
Hybrid - Candidate must work 3 days onsite and 2 days remote
NOTE
Candidate will be asked to complete a written assignment to build a specific network lab utilizing some technology routers specified by MOH. A minimum of 70% of the written test is required before proceeding to the interview. Failure to complete the assignment within MOH's requisite timeline is subject to disqualification at the Ministry's discretion.
MUST HAVES:
Palo Alto Networks NGFWs – Extensive experience with Palo Alto firewalls, including policy creation, advanced threat prevention, and traffic analysis.
Panorama Centralized Management – Proficiency in managing multiple firewalls using Panorama, including device groups, templates, and log analysis.
Firewall Security & Rule Management – Advanced understanding of firewall policies, access control lists, and best practices for network security enforcement.
Network Architecture & Security – Strong grasp of routing, switching, segmentation, and secure connectivity principles in complex enterprise environments.
Cloud & Hybrid Network Security – Understanding of firewall deployments in cloud environments (AWS, Azure, GCP) and integration with on-prem networks.