The Houston Information Technology Services (HITS) Network & Data Services team supports an infrastructure that consists of more than 350 sites spread across the City of Houston (COH). This includes thousands of network devices and multiple datacenters, which collectively support the needs of over 20,000 city employees and 23 city departments, including mission-critical public safety services. This Senior IT Professional position is crucial to helping the City of Houston to develop and maintain a robust, resilient, and secure network infrastructure. Serves as the senior technical lead for the organization’s firewall security infrastructure, overseeing design, configuration, and lifecycle management of Cisco Secure Firewall Management Center (FMC), Firepower Threat Defense (FTD) appliances, and cloud-native firewall solutions. Designs and implements advanced firewall policies—including Access Control, Intrusion Prevention (IPS), Security Intelligence, URL filtering, and SSL/ TLS decryption—to ensure secure, reliable access to critical business systems while maintaining least-privilege network segmentation. Administers and maintains FMC/ FTD platforms, including upgrades, patches, HA configurations, failover testing, health monitoring, performance tuning, and compliance with operational standards. Engineers and manages cloud-based firewall controls across Azure, AWS, and similar platforms, ensuring policy consistency, secure connectivity, and alignment with organizational cloud security frameworks. Leads threat-prevention tuning, log analysis, and event correlation, integrating firewall telemetry with SIEM/ SOAR platforms and supporting incident response through expert troubleshooting and containment actions. Designs, deploys, and supports site-to-site and remote-access VPN solutions, coordinating with network teams to ensure successful routing, NAT, and high-availability connectivity. Conducts firewall rule audits, cleanup initiatives, risk assessments, and change control reviews to maintain compliance with regulatory and internal security standards. Develops automation tools and scripts using APIs, Python, or PowerShell to streamline firewall operations, reduce manual effort, and enforce configuration consistency across on-prem and cloud environments. Works closely with networking, security, cloud, and application teams to support new project deployments, provide subject matter expertise, and ensure secure architecture decisions. Creates and maintains documentation, runbooks, topology diagrams, and operational processes, while mentoring junior staff and delivering knowledge-sharing sessions across the IT organization. The position requires familiarity with the following:Hands-on experience administering Cisco Secure Firewall technologies, including Firepower Threat Defense (FTD), Firepower Management Center (FMC), and Cisco Identity Services Engine (ISE) integrations. Strong background in designing, implementing, and maintaining enterprise firewall policies, IPS/ IDS tuning, URL filtering, threat-prevention controls, and secure segmentation strategies. Experience managing and engineering cloud-based firewall solutions within Microsoft Azure, Amazon Web Services (AWS), or other public cloud environments. Demonstrated proficiency in high-availability firewall deployments, failover testing, clustering, and performance optimization in mission-critical environments. Experience with site-to-site and remote-access VPN architecture, routing technologies (such as BGP), and NAT design across complex hybrid networks. Knowledge of SIEM/ SOAR integration, log analysis, traffic inspection, and network threat-hunting practices. Proficiency with automation or scripting (Python, PowerShell, API-based tools) for policy management, configuration standardization, and operational efficiency. Experience supporting large technology environments within government, public safety, utilities, transportation, or similarly complex organizations. Strong documentation skills, including the development of standard operating procedures, diagrams, and technical standards. WORKING CONDITIONS - This position is physically comfortable; the individual has discretion about walking, standing, etc. There are no major sources of discomfort in a normal office environment. May include planned after-hours changes and on-call rotation for critical incidents. Coordination across multiple teams and vendors; occasional travel for data center or cloud projects as required. MINIMUM REQUIREMENTS EDUCATION REQUIREMENTS - Requires a Bachelor's degree in Computer Science, Management and Information Systems (MIS) or a closely related field. Information systems-specific technical certifications may be substituted for 1 year of either the education or the experience requirement, as applicable. Related professional Information Systems experience may be substituted for the education requirement on a year-for-year basis. EXPERIENCE REQUIREMENTS - At least six (6) years of technology experience supporting IT infrastructure. System-specific technical certifications required. Advanced certifications and applicable work experience beyond six (6) years may be substituted for up to two (2) years of the education requirement. System-specific technical certifications may be considered for substitution for 1 year of experience. A Master’s degree in Computer Science, Management and Information Systems (MIS) or a closely related field may be substituted for two years of the experience requirement. LICENSE REQUIREMENTS - None PREFERENCES - - Preference shall be given to eligible veteran applicants provided such persons possess the qualifications necessary for competent discharge of the duties involved in the position applied for, such persons are among the most qualified candidates for the position, and all other factors in accordance with Executive Order 1-6. - - Preferences shall be given to those with the following:Preferred Certifications:Cisco CCNP Security. Cisco Certified Specialist – Firepower (FTD/ FMC)Cisco CCIE Security (highly preferred)Microsoft Azure Security Engineer Associate (AZ-500)AWS Security Specialty Certification. GIAC Firewall Analyst (GCFW) or similar security-focused certifications. Comp. TIA Security or Cy. SA (baseline security knowledge)

search terms: IT+Network