Role summary
Seeking a highly skilled Network Security Engineer to lead the security architecture and operations for our hybrid infrastructure. This role is pivotal in securing the Data Center while designing and maintaining secure connectivity to our Public Cloud environments.
Core Responsibilities:
- Conduct comprehensive security reviews to identify security gaps in the Enterprise and data center network architecture.
- Provide security recommendations for designing, operating, and maintaining high-performing data centers and networks.
- Propose and implement risk-based mitigation strategies for securing data centers and network infrastructure.
- Deploy and manage Zero Trust security frameworks to strengthen the organization's security posture in complex environments.
- Design and implement Zero Trust segmentation within the Data Center to isolate critical workloads, utilizing VLANs, VRFs, and micro-segmentation techniques.
- Secure best practices for enterprise VPN solutions (Site-to-Site IPsec and SSL VPN), ensuring secure remote connectivity for the workforce.
- Administration and policy review of Next-Generation Firewalls (NGFW) This includes policy management, threat prevention, URL filtering, and decryption.
- Secure wired and wireless access through Network Access Controls.
- Manage secure hybrid connectivity between the Data Center and the Public Cloud using technologies such as Direct Connect, P2P, and MPLS.
- Infrastructure as Code (IaC): Automate network security provisioning using Terraform or Ansible, ensuring security policies are version-controlled and repeatable.
- Review of network traffic for anomalies using SIEM tools
- Participate in the Incident Response lifecycle by performing packet capture and root cause analysis during security incidents or network outages.
- Conduct regular firewall rule audits and vulnerability assessments to ensure compliance with industry standards (ISO 27001, SOC2, PCI-DSS).
Skills and Experience:
- 5+ years of experience in Network security.
- Deep hands-on experience with Palo Alto (Panorama), FortiGate, Sonicwall. Ability to troubleshoot complex issues through firewalls.
- Strong command of core networking protocols: BGP, OSPF, MPLS, and VLANs.
- Proven experience with at least one primary cloud provider in network security is an added advantage.
- Expertise in PAM, SSL, PKI, IPsec IKEv1/v2, DMVPN, and SSL VPNs.
- Proficiency in Python scripting or Terraform/Ansible for network automation.
- Experience with SD-WAN, F5 BIG-IP, and cloud-native technologies.
- Compliance Strong knowledge of compliance and regulatory requirements, such as ISO 27001, GDPR, and the ability to contribute to audit and reporting activities.
- Excellent communication and collaboration skills, with the ability to explain complex security risks and requirements clearly to both technical and business stakeholders.
Qualification:
- Education: Bachelor's degree in Computer Science, Information Security, or a relevant technical field.
- Certifications:
- Network security - CCNP Security, or equivalent
- Information security - CISM or equivalent.
- Demonstrated expertise in frameworks such as ISO/IEC 27017, ISO 27018, SOC 2, and PCI DSS is highly desirable.
