Senior Network Security Engineer

We are seeking a highly skilled Senior Network Security Engineer with deep expertise in Network Security technologies. This is a technical, hands-on role within the Network Security Engineering & Deployment team. The ideal candidate will possess Level 3/Subject Matter Expert (SME)-level knowledge and practical experience in managing, designing, and troubleshooting Network Security products such as Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS.

Roles & Responsibilities

Part of a team that is responsible for the Network Security Engineering & Deployment function and will play a key role in Datacenter Migration projects.

Network Transformation Architecture:

• Lead the design, engineering, and execution of next-generation network transformation solutions.

• Collaborate with internal teams, including cloud, security, and application stakeholders, to align network infrastructure with business needs.

• Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network environments.

Design, Deployment, and Operations:

• Architect and deploy advanced Network Security across datacenters (DC1 & DC2).

• Integrate network security products with Cisco ACI environments to deliver seamless and secure connectivity with optimal performance.

• Act as an escalation point for the Operations team on network security issues, providing Level 3 troubleshooting and SME-level support.

• Collaborate with vendors, TAC, and internal teams to resolve complex network & Security incidents and escalations.

Policy Management and Automation:

• Develop and enforce policy-driven network security architectures.

• Leverage automation tools (e.g., Ansible, Python, XSOR) to enhance operational efficiency and minimize manual interventions.

• Ensure compliance with industry standards and internal governance policies while aligning network security configurations with best practices.

Documentation and Governance:

• Maintain accurate network security diagrams, operational runbooks, and technical documentation.

• Ensure all security implementations adhere to governance frameworks and meet regulatory compliance requirements.

Mentorship and Knowledge Sharing:

• Provide Level3/SME-level support and guidance to peers and stakeholders within the organization.

• Lead knowledge transfer sessions on network security technologies and best practices.

Requirements

Technical Expertise: 10 to 15 years of experience in Network Security technologies like Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS

Firewall Technologies:

▪ Next-Generation Firewalls (NGFWs): Understanding of advanced features like Application Awareness, Intrusion Prevention, and Deep Packet Inspection.

▪ Checkpoint Firewall Architecture: Expertise in Threat Prevention, VPNs, and High Availability (HA) configuration.

▪ Palo Alto Networks NGFWs: Knowledge of App-ID, WildFire, and User-ID for enhanced security.

▪ Firewall Rule Optimization: Experience in defining and fine-tuning access control policies and inspecting network traffic for threats.

▪ Expertise in implementing DNS Security solutions to prevent attacks such as DNS Spoofing, Cache Poisoning, and DDoS attacks targeting DNS infrastructure.

Intrusion Detection and Prevention Systems (IDPS):

▪ Signature-Based IDS/IPS: Expertise in configuring and managing signature-based detection.

▪ Anomaly-Based IDS/IPS: Deep knowledge of Behavioral Analysis for detecting suspicious patterns and zero-day attacks.

▪ Integrated Security Operations: Integration of IDPS with SIEM systems for centralized log management and threat detection.

Web Application Security:

▪ Web Application Firewall (WAF): Expertise in configuring and managing F5 ASM or equivalent WAF solutions for protecting applications from vulnerabilities.

▪ Bot Protection and DDoS Mitigation: Knowledge of Bot Management and DDoS Defense strategies for protecting web applications.

Microsegmentation and Zero Trust Security:

▪ Microsegmentation: Proficiency in tools like Illumio or Guardicore for isolating and securing workloads within the data center and cloud environments.

▪ Zero Trust Architecture (ZTA): Expertise in defining and enforcing access policies based on identity and device posture, and validating every user and device before granting access.

Network Access Control (NAC): Aruba ClearPass:

Expertise in configuring role-based access control and integrating ClearPass with other network security solutions. Cisco Identity Services Engine (ISE): Knowledge of 802.1X, MAB (MAC Authentication Bypass), and Guest Access in NAC environments.

DNS & IP Address Management (IPAM):

Infoblox DDI (DNS, DHCP, IPAM): Experience in configuring and managing Infoblox for network address allocation, DNS resolution, and advanced DNS security. DNS Security: Expertise in securing DNS infrastructure through DNSSEC, DNS filtering, and DNS over HTTPS (DoH). Traffic Visibility & Monitoring:

Network Traffic Analysis:

Proficiency in using tools like Wireshark, Riverbed App Response , Cisco Thousand Eyes ,NetFlow, and sFlow for traffic analysis and anomaly detection.

Security Information and Event Management (SIEM): Expertise in integrating network devices with Splunk, Elastic or Equivalent for threat visibility and incident response.

Routing Protocols & VPNs: BGP (Border Gateway Protocol):

In-depth understanding of BGP routing policies, route filtering, and peering in large-scale network environments. OSPF (Open Shortest Path First): Expertise in dynamic routing configuration, including OSPF multi-area and OSPFv3 for IPv6 support. Site-to-Site and Remote Access VPNs: Knowledge of configuring IPSec VPNs and SSL VPNs for secure communications across branches and remote users.