Network Security Engineer

Kyivstar Tech is looking for a Network Security Engineer.
 About us 
Kyivstar.Tech is a Ukrainian hybrid IT company and a resident of Diia.City. We are a subsidiary of Kyivstar, one of Ukraine's largest telecom operators.  Our mission is to change lives in Ukraine and worldwide by creating technological solutions and products that unleash the potential of businesses and meet users' needs.  Over 600+ KS.Tech specialists work daily in various areas, including mobile and web solutions and the design, development, support, and technical maintenance of high-performance systems and services.  We believe in innovations that truly bring quality changes and constantly challenge conventional approaches and solutions. Each of us is an adherent of entrepreneurial culture, which allows us never to stop, to evolve, and to create something new. 

What you will do

• Operate, administer, and evolve the company’s network security infrastructure
• Automate routine firewall operations and policy management using Python and APIs
• Investigate network and security incidents; perform traffic analysis and root cause identification
• Collaborate with IT, DevOps, and Security teams to implement secure network designs
• Document configurations, topologies, and workflows for internal and audit use

Qualifications and experience needed

• Experience with Cisco ASA and Cisco Firepower Threat Defense (FTD) firewalls
• Managing and configuring security policies using Cisco Firepower Management Center (FMC)
• Experience administering and configuring Fortinet (FortiGate) security solutions
• Strong knowledge of VPN technologies (IPSec, SSL VPN), NAT, ACLs, routing, and IPS/IDS on Cisco and Fortinet platforms
• Deep understanding of network protocols and services: TCP/IP, UDP, DNS, DHCP, VLANs, STP, ARP, OSPF, BGP
• Excellent troubleshooting skills for network connectivity and security incident investigation
• Experience with traffic monitoring, packet capture (e.g., tcpdump, Wireshark), and log management tools
• Experience with cloud technologies, Azure, AWS
• Ability to maintain accurate technical documentation, including network diagrams and configuration records
• English proficiency is sufficient for technical documentation and communication with vendors/support
• Proficiency in Python for automation of security operations: 
• - scripting policy deployments, configuration validation, auditing, and integrations 
• - working with REST APIs, JSON/XML, and CLI tools 

A plus would be

• Exposure to Palo Alto, Check Point, or other NGFW platforms
• Knowledge of Zero Trust architecture, NAC, and microsegmentation
• Experience with log aggregation and SIEM tools (e.g., ELK, Splunk)

What we offer

• Office or remote – it’s up to you. You can work from anywhere, and we will arrange your workplace 
• Remote onboarding  
• Performance bonuses for everyone (annual or quarterly — depends on the role)  
• We train employees with the opportunity to learn through the company’s library, internal resources, and programs from partners   
• Health and life insurance  
• Wellbeing program and corporate psychologist  
• Reimbursement of expenses for Kyivstar mobile communication