Lead systems engineer

We are seeking a senior engineer to lead the secure remote access platform supporting missioncritical banking and financial applications. The role focuses on F5 APM, enterprise VPN, identity integrations, and endtoend access controls aligned with regulatory standards such as PCIDSS, GDPR and internal cybersecurity guidelines.

You will own architecture, implementation, operations, resilience engineering, and compliance for the bank's remote access ecosystem.

Key Responsibilities

1. Remote Access Architecture & Design

• Architect secure, highavailability remote access services using F5 BIGIP APM/LTM, SSL/IPsec VPN, and multifactor authentication.
• Design resilient, DRready architectures across multiple data centers with GTM/DNS, failover, and session persistence.
• Build secure access flows for internal banking applications, core infrastructure, trading platforms, and privileged access.
• Ensure all designs comply with financial services cybersecurity standards (RBI, PCIDSS, SWIFT CSP).

2. Implementation & Operations

• Deploy and manage APM access profiles, SAML/OIDC integration, posture checks, Webtop resources, and perapp access policies.
• Operate enterprise VPN platforms used by employees, traders, branches, and privileged users.
• Manage certificates, TLS policies, cipher hardening, OCSP stapling, CRL checks.
• Lead L3 troubleshooting for authentication failures, VPN outages, APM issues, latency, and SSO failures.
• Handle change management in strict ITIL environments with CAB approvals and risk assessments.
• Contribute to disaster recovery drills, failover simulations, and capacity/load analysis.

3. Security, Compliance & Risk Management

• Enforce Zero Trust principles, leastprivilege access, and identityaware access segmentation.
• Maintain full compliance with internal and regulatory frameworks.
• Prepare audit evidence, design compensating controls, and remediate VAPT findings within SLA.
• Integrate with SIEM products for log retention, fraud monitoring, and anomalous access alerts.
• Conduct periodic access reviews, vaulting, PAM integration, and role segregation (RBAC).

Good to Have Skills:

Automation & Operational Excellence

• Automate deployments using AS3, DO, Terraform, Ansible, and REST APIs.
• Maintain configuration baselines and enforce immutable infrastructure patterns where possible.
• Act as the SME for all remote access and F5 APM topics.
• Guide L1/L2 teams, create SOPs, runbooks, and training.
• Collaborate with Security, IAM, Network, SOC, DevOps, and Application teams.
• Provide clear risk reporting, design decisions, and technical recommendations to senior leadership.

Required Skills & Qualifications

Core Technical Skills

• 7 years in network/security engineering with deep expertise in:
  • F5 BIGIP APM & LTM
  • SSL/IPsec VPN technologies
  • SAML/OIDC/LDAP/RADIUS authentication
  • MFA integrations.
  • PKI, TLS/SSL, certificates, cipher suites
• Strong networking foundation: IP, routing, NAT, DNS, load balancing, firewall zones.
• Experience with iRules (Tcl), automation (Ansible/Terraform), and F5 declarative tooling (AS3/DO/TS).
• Proficiency with monitoring and SIEM tools used in banking (Splunk/Sentinel/Elastic).
• Experience working in highly regulated, auditdriven environments.
• Strong understanding of Zero Trust, segmentation, device posture, and network access governance.

Soft Skills

• Ability to lead highseverity incident calls and coordinate across multiple teams.
• Strong documentation skills (HLD/LLD, risk signoff, compliance evidence).
• Excellent stakeholder communication-operations, security, app teams, auditors.