Security Engineer 1125

We are seeking a highly skilled Senior Network Security Engineer with deep expertise in Network Security technologies. This is a technical, hands-on role within the Network Security Engineering & Deployment team. The ideal candidate will possess Level 3/Subject Matter Expert (SME)-level knowledge and practical experience in managing, designing, and troubleshooting Network Security products such as Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS.

Roles & Responsibilities

• Part of a team that is responsible for the Network Security Engineering & Deployment function and will play a key role in Datacenter Migration projects.
  

Network Transformation Architecture:

• Lead the design, engineering, and execution of next-generation network transformation solutions.
• Collaborate with internal teams, including cloud, security, and application stakeholders, to align network infrastructure with business needs.
• Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network
  environments.

Design, Deployment, and Operations:

• Architect and deploy advanced Network Security across data centers (DC1 & DC2).
• Integrate network security products with Cisco ACI environments to deliver seamless and secure connectivity with optimal performance.
• Act as an escalation point for the Operations team on network security issues, providing Level 3 troubleshooting and SME-level support.
• Collaborate with vendors, TAC, and internal teams to resolve complex network & Security incidents and escalations.

Policy Management and Automation:

• Develop and enforce policy-driven network security architectures.
  Leverage automation tools (e.g., Ansible, Python, XSOR) to enhance operational efficiency and minimize manual interventions.
• Ensure compliance with industry standards and internal governance policies while aligning network security configurations with best practices.

Documentation and Governance:

• Maintain accurate network security diagrams, operational runbooks, and technical documentation.
• Ensure all security implementations adhere to governance frameworks and meet regulatory compliance
  requirements.

Mentorship and Knowledge Sharing:

• Provide Level3/SME-level support and guidance to peers and stakeholders within the organization.
• Lead knowledge transfer sessions on network security technologies and best practices.

Job Requirements:

Preferred qualifications :

Education:

• Bachelors or Masters degree in Computer Science, Information Technology, or related field.
• Certifications : CISSP,CCSA ,CCSE,PCNSE,ICE,BIG-IP ASM Specialist or equivalent will be preferred.
  

Technical Expertise:

• 10 to 15 years of experience in Network Security technologies like Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS.

Firewall Technologies:

• Next-Generation Firewalls (NGFWs): Understanding of advanced features like Application Awareness, Intrusion Prevention, and Deep Packet Inspection.
• Checkpoint Firewall Architecture: Expertise in Threat Prevention, VPNs, and High Availability (HA) configuration.
• Palo Alto Networks NGFWs: Knowledge of App-ID, WildFire, and User-ID for enhanced security.
• Firewall Rule Optimization: Experience in defining and fine-tuning access control policies and inspecting network traffic for threats.
• Expertise in implementing DNS Security solutions to prevent attacks such as DNS Spoofing, Cache Poisoning, and DDoS attacks targeting DNS infrastructure.

Intrusion Detection and Prevention Systems (IDPS):

• Signature-Based IDS/IPS: Expertise in configuring and managing signature-based detection.
• Anomaly-Based IDS/IPS: Deep knowledge of Behavioral Analysis for detecting suspicious patterns and zeroday attacks.
• Integrated Security Operations: Integration of IDPS with SIEM systems for centralized log management and threat detection.

Web Application Security:

• Web Application Firewall (WAF): Expertise in configuring and managing F5 ASM or equivalent WAF solutions for protecting applications from vulnerabilities. 
• Bot Protection and DDoS Mitigation: Knowledge of Bot Management and DDoS Defense strategies for protecting web applications.

Microsegmentation and Zero Trust Security:

• Microsegmentation: Proficiency in tools like Illumio or Guardicore for isolating and securing workloads within the data center and cloud environments.
• Zero Trust Architecture (ZTA): Expertise in defining and enforcing access policies based on identity and device posture, and validating every user and device before granting access.

Network Access Control (NAC):

• Aruba ClearPass: Expertise in configuring role-based access control and integrating ClearPass with other network
  security solutions.
• Cisco Identity Services Engine (ISE): Knowledge of 802.1X, MAB (MAC Authentication Bypass), and Guest Access in NAC
  environments.

DNS & IP Address Management (IPAM):

• Infoblox DDI (DNS, DHCP, IPAM): Experience in configuring and managing Infoblox for network address allocation, DNS resolution, and advanced DNS security.
• DNS Security: Expertise in securing DNS infrastructure through DNSSEC, DNS filtering, and DNS over HTTPS (DoH). Traffic Visibility & Monitoring:

Network Traffic Analysis:

• Proficiency in using tools like Wireshark, Riverbed App Response , Cisco Thousand Eyes ,NetFlow, and sFlow for traffic analysis and anomaly detection.

Security Information and Event Management (SIEM):

• Expertise in integrating network devices with Splunk, Elastic or Equivalent for threat visibility and incident response.

Routing Protocols & VPNs:

• BGP (Border Gateway Protocol): In-depth understanding of BGP routing policies, route filtering, and peering in largescale network environments.
  OSPF (Open Shortest Path First): Expertise in dynamic routing configuration, including OSPF multi-area and OSPFv3 for IPv6 support.
• Site-to-Site and Remote Access VPNs: Knowledge of configuring IPSec VPNs and SSL VPNs for secure communications across branches and remote users.

Soft Skills:

• Excellent analytical, problem-solving, and decision-making skills.
  Strong communication and collaboration skills, with the ability to engage with stakeholders across departments.
• Self-motivated with a continuous learning mindset and ability to work under pressure.