The specialist will be responsible for the installation, maintenance, and provision of hardware and software support of the HNEC data center. The specialist will carry out assessments to identify and address inefficiency in power and cooling systems. The specialist will implement data and system security measures in order to reduce exposure to downtime risks. The specialist will be in contact with the HNEC IT Department team to offer data and systems support services.
The specialist will mount a physical rack and implement a virtual LAN infrastructure, implement campus LAN connectivity, and implement a DMZ Security and Firewall connection.
The specialist will perform precautionary system maintenance to ensure that the center’s systems and network are functioning well. The specialist will develop and put in place policies so that work processes are executed efficiently and as per schedule.
The specialist will carry out procedures needed to maintain data, transactions, and reports from systems, supporting administrators and end-users, maintaining work registers, and documentation of processes, performing user administration tasks, such as adding, modifying, and removing disk space management, performing backups and file restores, and monitoring activity and access of the data center and its operations section to ensure that there is the compliance of security policies.
The IT Data Center Specialist will be hired on a fixed-period long-term consultancy contract with IFES based in Tripoli. The daily workplace will be the HNEC office in Tripoli.
Deliverables:
- Setup of the physical infrastructure for two firewalls, three servers, two switches.
- Configure the data center environment
- Provide professional structured cabling, rack and stack the equipment in the cabinets,
- Install all power strips/PDUs, cabinets, ladder rack, fiber tray, and security systems.
- Review the components and configuration of site-to-site VPN
Specific Tasks for User Acceptance Test:
Phase 1:
- Creating a Zone
- Creating a Sub-Interface
- Creating a Host Object
- Creating a Service Object
- Configuring Network Address Translation (NAT) Policies
- Configuring Access Rules
- Configuring Basic Threat Protection
- Configuring SonicWall Advanced Threat Protection
- Configuring the Global VPN Client
- Configuring Advanced Routing
- Setting Up an SSL Virtual Private Network
- Establishing a Route-Based VPN
- Managing User Authentication with Single Sign-On
- Creating App Rules
- Configure WAN ISP Failover
- Configuring Basic High Availability
- Layer 2 Switch Operation
- Control and Data Plane preparation
- Revisiting VLANs
- Trunking with 802.1Q
- Inter-VLAN Routing
- Building Redundant Switched Topology
- Spanning-Tree Protocol Operation
- Implementing Layer 2 Port Aggregation
- EtherChannel Mode Interactions
- Layer 2 EtherChannel Configuration
Phase 2:
- Install and configure VMware ESXi hosts
- Deploy and configure VMware vSphere Server
- Manage, monitor, back up, and protect vSphere hosts.
- Create virtual networks with vSphere standard switches
- Configure virtual storage using iSCSI and NFS storage
- Create and manage VMware vSphere VMFS datastores
- Use the vSphere Client to create virtual machines, templates, clones, and snapshots
- Manage virtual machine resource use
- Use VMware vSphere Update Manager to apply patches and perform upgrades to ESXi hosts and virtual machines
Phase 3:
Cabling Management inside each rack and S2S VPN
- Arrange a few online sessions to prepare the configuration
- Explore IPsec Technologies with other partners
- Implementing Site-to-Site VPN
- Implementing Cisco AnyConnect VPNs
- Initial Cisco Firepower Threat Defense device configuration and setup tasks
- Manage traffic and implement Quality of Service (QoS) using Cisco Firepower Threat Defense
- Implement NAT by using Cisco Firepower Threat Defense
- Perform an initial network discovery, using Cisco Firepower to identify hosts, applications, and services
- Implement and manage intrusion policies
- Review and configure a remote-access SSL VPN that uses Cisco AnyConnect
- Review SSL decryption capabilities and usage
Phase 4:
- Assets, Vulnerabilities, and Countermeasures
- Asset Denial of Service and Distributed Denial of Service Attacks
- Managing Risk
- Vulnerability Assessment
- Check Common Vulnerability Scoring System (CVSS)
- Check Common TCP/IP Attacks*
- Check Legacy TCP/IP Vulnerabilities
- Check IP Vulnerabilities
- Check Internet Control Message Protocol (ICMP) Vulnerabilities
- Check TCP Vulnerabilities
- Assets and review Man-in-the-Middle Attacks
- Reflection and Amplification Attacks
- Spoofing Attacks
- Domain Name System (DNS)-Based Attacks and DNS Tunneling
- Review Web-Based Attacks, Command Injections and SQL Injections
Applications:
Please send a CV and a letter of motivation in English to the following address: ifeslibyarecruitment@ifes.org with the subject line “IT Data Center Specialist– IFES Libya.”
Incomplete applications will not be considered.
Deadline for applications: December 27, 2020 (23:59 – Tripoli Time
لتقدم للوظيفة
أنتهت صلاحية الاعلان
