Senior Network Security Engineer

**Roles & Responsibilities**

Part of a team that is responsible for the Network Security Engineering & Deployment function and will play a key role in Datacenter Migration projects.

**Network Transformation Architecture**:

- Lead the design, engineering, and execution of next-generation network transformation solutions.
- Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network environments.

**Design, Deployment, and Operations**:

- Architect and deploy advanced Network Security across datacenters (DC1 & DC2).
- Integrate network security products with Cisco ACI environments to deliver seamless and secure connectivity with optimal performance.
- Act as an escalation point for the Operations team on network security issues, providing Level 3 troubleshooting and SME-level support.
- Collaborate with vendors, TAC, and internal teams to resolve complex network & Security incidents and escalations.

**Policy Management and Automation**:

- Develop and enforce policy-driven network security architectures.
- Leverage automation tools (e.g., Ansible, Python, XSOR) to enhance operational efficiency and minimize manual interventions.
- Ensure compliance with industry standards and internal governance policies while aligning network security configurations with best practices.

**Documentation and Governance**:

- Maintain accurate network security diagrams, operational runbooks, and technical documentation.
- Ensure all security implementations adhere to governance frameworks and meet regulatory compliance requirements.

**Mentorship and Knowledge Sharing**:

- Provide Level3/SME-level support and guidance to peers and stakeholders within the organization.
- Lead knowledge transfer sessions on network security technologies and best practices.

**Requirements**:
**Technical Expertise**: 10 to 15 years of experience in Network Security technologies like Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS

**Firewall Technologies**:

- Next-Generation Firewalls (NGFWs): Understanding of advanced features like Application Awareness, Intrusion Prevention, and Deep Packet Inspection.
- Checkpoint Firewall Architecture: Expertise in Threat Prevention, VPNs, and High Availability (HA) configuration.
- Palo Alto Networks NGFWs: Knowledge of App-ID, WildFire, and User-ID for enhanced security.
- Firewall Rule Optimization: Experience in defining and fine-tuning access control policies and inspecting network traffic for threats.
- Expertise in implementing DNS Security solutions to prevent attacks such as DNS Spoofing, Cache Poisoning, and DDoS attacks targeting DNS infrastructure.

**Intrusion Detection and Prevention Systems (IDPS)**:

- Signature-Based IDS/IPS: Expertise in configuring and managing signature-based detection.
- Anomaly-Based IDS/IPS: Deep knowledge of Behavioral Analysis for detecting suspicious patterns and zero-day attacks.
- Integrated Security Operations: Integration of IDPS with SIEM systems for centralized log management and threat detection.

**Web Application Security**:
**Microsegmentation and Zero Trust Security**:

- Microsegmentation: Proficiency in tools like Illumio or Guardicore for isolating and securing workloads within the data center and cloud environments.
- Zero Trust Architecture (ZTA): Expertise in defining and enforcing access policies based on identity and device posture, and validating every user and device before granting access.

**Network Access Control (NAC): Aruba ClearPass**:
Expertise in configuring role-based access control and integrating ClearPass with other network security solutions. Cisco Identity Services Engine (ISE): Knowledge of 802.1X, MAB (MAC Authentication Bypass), and Guest Access in NAC environments.

**DNS & IP Address Management (IPAM)**:
Infoblox DDI (DNS, DHCP, IPAM): Experience in configuring and managing Infoblox for network address allocation, DNS resolution, and advanced DNS security. DNS Security: Expertise in securing DNS infrastructure through DNSSEC, DNS filtering, and DNS over HTTPS (DoH). Traffic Visibility & Monitoring:
**Network Traffic Analysis**:
Proficiency in using tools like Wireshark, Riverbed App Response, Cisco Thousand Eyes ,NetFlow, and sFlow for traffic analysis and anomaly detection.

**Security Information and Event Management (SIEM)**:Expertise in integrating network devices with Splunk, Elastic or Equivalent for threat visibility and incident response.

**Routing Protocols & VPNs: BGP (Border Gateway Protocol)**:
In-depth understanding of BGP routing policies, route filtering, and peering in large-scale network environments. OSPF (Open Shortest Path First): Expertise in dynamic routing configuration, including OSPF multi-area and OSPFv3 for IPv6 support. Site-to-Site and Remote Access VPNs: Knowledge of configuring IPSec VPNs and SSL VPNs for secure communications across branches and remote users.