Network Engineer (IP Networking & Security)

Role Overview

We are seeking a highly skilled and motivated Network Engineer to join our growing infrastructure team. This role is central to the design, deployment, and lifecycle management of our enterprise-grade IP networking and telecommunications infrastructure. You will be responsible for ensuring high availability, performance, and security across LAN, WAN, data center, and cloud-interconnect environments.

Key ResponsibilitiesIP & Telecom Networking

●      Design, configure, and maintain enterprise-grade routers, switches, and telecom network elements across LAN, WAN, MAN, and data center environments, ensuring carrier-class availability and performance.

●      Implement, optimize, and troubleshoot routing protocols — BGP (eBGP/iBGP, route policies, communities), OSPF (multi-area, redistribution), IS-IS, and EIGRP — across complex multi-vendor topologies.

●      Manage switching technologies including VLANs, 802.1Q trunking, STP/RSTP/MSTP, VTP, LACP/PAgP link aggregation, and MLAG for resilient access and aggregation layers.

●      Configure and operate telecom-specific protocols and technologies: MPLS (LDP, RSVP-TE, L2/L3 VPNs), Carrier Ethernet (MEF standards), and pseudowire services (VPLS, EVPN).

●      Deploy and manage SD-WAN overlays (Cisco Viptela, VMware VeloCloud, Fortinet SD-WAN) for optimized hybrid WAN connectivity, application-aware routing, and traffic steering.

●      Administer network services including DHCPv4/v6, DNS, NTP, NAT/PAT, QoS (DSCP marking, traffic shaping, policing, queuing), and IPv6 transition mechanisms (dual-stack, 6to4, NAT64).

●      Lead IP address management (IPAM) strategy, subnetting design, and IPv6 adoption planning aligned with organizational growth and telecom peering requirements.

●      Monitor and optimize network performance using tools such as SolarWinds NPM, PRTG, Nagios, Zabbix, or Kentik; proactively identify and resolve bottlenecks, capacity constraints, and service degradation.

●      Maintain accurate, version-controlled network documentation including topology diagrams, IP address plans, change records, and configuration baselines.

Network Security

●      Configure, manage, and perform regular audits of enterprise firewalls — including Cisco ASA/Firepower, Palo Alto Networks (PAN-OS, Panorama), Fortinet FortiGate, and Check Point — covering rule-base hygiene, policy optimization, and shadow-rule elimination.

●      Design and enforce network segmentation strategies using VLANs, VRFs, DMZs, micro-segmentation, and zero-trust network access (ZTNA) principles to minimize lateral movement risk.

●      Deploy, configure, and tune IDS/IPS systems (Cisco Secure IPS, Palo Alto Threat Prevention) to detect and block network-layer threats including DDoS, reconnaissance, and exploitation attempts.

●      Implement and manage site-to-site and remote access VPN solutions: IPSec IKEv1/v2, SSL-VPN, GRE tunnels, and DMVPN topologies with certificate-based or pre-shared key authentication.

●      Apply and maintain ACLs, prefix lists, route maps, and control-plane policing (CoPP) to protect network infrastructure from unauthorized access and resource exhaustion attacks.

●      Collaborate with the cybersecurity team on vulnerability assessments, penetration test remediation, and compliance reviews against frameworks including ISO 27001, PCI-DSS, NIST CSF, SOC 2, and GDPR.

●      Investigate network security incidents using packet captures (Wireshark, tcpdump), flow analysis (NetFlow/sFlow/IPFIX), and SIEM correlation (Splunk, IBM QRadar, or ELK stack).

●      Conduct regular firewall rule-base reviews, risk-based access certifications, and implement least-privilege access policies across all network tiers.

Telecom & Carrier Integration

●      Manage and optimize BGP peering sessions with upstream ISPs and carrier partners, including route filtering, AS-path manipulation, MED/LOCAL_PREF tuning, and prefix advertisement policies.

●      Support and maintain MPLS-based carrier services including L2VPN, L3VPN (VRF-Lite, MPLS VPNv4/VPNv6), and EVPN/VXLAN fabrics for data center interconnect.

●      Configure and troubleshoot WAN technologies: Metro Ethernet, leased lines, DWDM transport, DSL aggregation, and LTE/5G failover links.

●      Liaise with telecom vendors and carriers on circuit provisioning, SLA management, fault escalation, and capacity planning discussions.

●      Support Voice-over-IP (VoIP) and Unified Communications infrastructure — QoS for RTP/SIP traffic, jitter buffers, DSCP remarking — in close coordination with the UC team.

Cloud & Hybrid Connectivity

●      Design and support hybrid and multi-cloud network connectivity using AWS Transit Gateway, Azure Virtual WAN, and GCP Cloud Interconnect / Partner Interconnect.

●      Implement and manage cloud-native networking constructs: VPCs, private peering, security groups, network load balancers, and cloud-based SD-WAN integration.

●      Collaborate with DevOps and cloud architects on network automation and infrastructure-as-code using Ansible, Terraform, or Python (Netmiko, Nornir, NAPALM).

Operations & Collaboration

●      Serve as escalation point for L2/L3 network incidents; participate in on-call rotation and coordinate with NOC teams during major outages.

●      Drive proactive problem management: root-cause analysis, post-incident reviews, and implementation of preventive controls.

●      Mentor junior and mid-level network engineers; conduct knowledge-sharing sessions and contribute to team upskilling initiatives.

●      Author and maintain standard operating procedures (SOPs), runbooks, and network engineering playbooks.

●      Participate in change management (CAB) processes; assess risk, plan rollback strategies, and execute changes during approved maintenance windows.

●      Support procurement and vendor evaluation processes for network hardware, software licenses, and managed services.

Required QualificationsEducation

●      Bachelor's degree in Computer Science, Information Technology, Electronics & Communication Engineering, Telecommunications, or a closely related technical field.

Experience

●      5–8 years of hands-on, progressive experience in network engineering roles within enterprise, telecom, or carrier environments.

●      Demonstrated track record designing, deploying, and operating complex multi-vendor IP networks at scale.

●      Experience working in or with telecommunications service providers, or managing carrier-grade infrastructure, is strongly preferred.

Technical Skills — Networking

●      Advanced proficiency in configuring and managing Cisco IOS/IOS-XE/IOS-XR, Juniper JunOS, Arista EOS, or equivalent enterprise/carrier-class platforms.

●      Expert-level knowledge of BGP, OSPF, IS-IS, EIGRP, and static routing with route policy design and traffic engineering experience.

●      Strong expertise in Layer 2 technologies: VLANs, STP variants, LACP, Q-in-Q, and Carrier Ethernet (MEF/EVC).

●      Solid understanding of MPLS architecture including LDP, RSVP-TE, L2VPN, L3VPN, EVPN, and segment routing.

●      Proficiency in network services: DHCP, DNS, NAT, NTP, QoS (DiffServ/IntServ), IPv4/IPv6, and multicast (PIM-SM/SSM).

●      Hands-on experience with SD-WAN technologies and overlay network design.

●      Familiarity with network automation tools and scripting: Ansible, Python, Terraform, or equivalent.

Technical Skills — Security

●      Proven experience administering enterprise-grade firewalls from at least two vendors: Palo Alto (Panorama/PAN-OS), Fortinet FortiGate, Cisco ASA/Firepower, or Check Point.

●      Working knowledge of IPSec VPN, SSL-VPN, DMVPN, and certificate-based authentication.

●      Familiarity with IDS/IPS tuning, DDoS mitigation strategies, NAC (802.1X, Cisco ISE, Aruba ClearPass), and network access control.

●      Understanding of zero-trust network access (ZTNA) frameworks and network micro-segmentation.

●      Experience with SIEM integration, log forwarding, and correlation (Splunk, IBM QRadar, ELK) for network devices.

Tools & Diagnostics

●      Proficiency in network analysis tools: Wireshark, tcpdump, iperf, traceroute/tracert, ping, MTR.

●      Experience with monitoring platforms: SolarWinds NPM/NCM, PRTG, Nagios, Zabbix, Grafana, or equivalent.

●      Familiarity with flow analysis: NetFlow, sFlow, IPFIX; and traffic baselining methodologies.

Preferred Certifications

Required

CCNP Enterprise or CCNP Security (or equivalent Juniper JNCIP-SP / JNCIP-ENT)

Highly Desirable

PCNSE (Palo Alto Networks Certified Security Engineer)

NSE 4 / NSE 5 (Fortinet Network Security Expert)

CCSA / CCSE (Check Point Security Administrator / Expert)

Juniper JNCIS-SP or JNCIP-SP (Service Provider track)

Added Advantage

CISSP, CEH, or CompTIA Security+ (Security specializations)

AWS / Azure / GCP Networking Specialty certifications

CCIE Enterprise / Service Provider / Security — highly desirable for senior candidates

Professional & Soft Skills

●      Strong analytical mindset with a systematic, data-driven approach to diagnosing complex, multi-layer network issues across physical, logical, and application layers.

●      Excellent verbal and written communication skills; ability to produce clear technical documentation, executive summaries, and present findings to non-technical stakeholders.

●      Demonstrated ability to manage competing priorities, work independently under pressure, and deliver results in a fast-paced, 24/7 operational environment.

●      Strong sense of ownership and accountability with a proactive attitude toward identifying and resolving issues before they escalate.

●      Team-oriented collaborator with experience working across cross-functional teams including security, cloud, systems, applications, and vendors.

●      Commitment to continuous learning; actively engages with industry publications, vendor communities, and professional development opportunities.

• ●      Experience with ITIL-aligned processes (incident, change, problem, capacity management) in an enterprise or telecom environment.