Network Engineer (IP Networking & Security)
Job Description
We are seeking a highly skilled and motivated Network Engineer to join our growing infrastructure team. This role is central to the design, deployment, and lifecycle management of our enterprise-grade IP networking and telecommunications infrastructure. You will be responsible for ensuring high availability, performance, and security across LAN, WAN, data center, and cloud-interconnect environments.
%CF; Design, configure, and maintain enterprise-grade routers, switches, and telecom network elements across LAN, WAN, MAN, and data center environments, ensuring carrier-class availability and performance.
%CF; Implement, optimize, and troubleshoot routing protocols — BGP (eBGP/iBGP, route policies, communities), OSPF (multi-area, redistribution), IS-IS, and EIGRP — across complex multi-vendor topologies.
%CF; Manage switching technologies including VLANs, 802.1Q trunking, STP/RSTP/MSTP, VTP, LACP/PAgP link aggregation, and MLAG for resilient access and aggregation layers.
%CF; Configure and operate telecom-specific protocols and technologies: MPLS (LDP, RSVP-TE, L2/L3 VPNs), Carrier Ethernet (MEF standards), and pseudowire services (VPLS, EVPN).
%CF; Deploy and manage SD-WAN overlays (Cisco Viptela, VMware VeloCloud, Fortinet SD-WAN) for optimized hybrid WAN connectivity, application-aware routing, and traffic steering.
%CF; Administer network services including DHCPv4/v6, DNS, NTP, NAT/PAT, QoS (DSCP marking, traffic shaping, policing, queuing), and IPv6 transition mechanisms (dual-stack, 6to4, NAT64).
%CF; Lead IP address management (IPAM) strategy, subnetting design, and IPv6 adoption planning aligned with organizational growth and telecom peering requirements.
%CF; Monitor and optimize network performance using tools such as SolarWinds NPM, PRTG, Nagios, Zabbix, or Kentik; proactively identify and resolve bottlenecks, capacity constraints, and service degradation.
%CF; Maintain accurate, version-controlled network documentation including topology diagrams, IP address plans, change records, and configuration baselines.
%CF; Configure, manage, and perform regular audits of enterprise firewalls — including Cisco ASA/Firepower, Palo Alto Networks (PAN-OS, Panorama), Fortinet FortiGate, and Check Point — covering rule-base hygiene, policy optimization, and shadow-rule elimination.
%CF; Design and enforce network segmentation strategies using VLANs, VRFs, DMZs, micro-segmentation, and zero-trust network access (ZTNA) principles to minimize lateral movement risk.
%CF; Deploy, configure, and tune IDS/IPS systems (Cisco Secure IPS, Palo Alto Threat Prevention) to detect and block network-layer threats including DDoS, reconnaissance, and exploitation attempts.
%CF; Implement and manage site-to-site and remote access VPN solutions: IPSec IKEv1/v2, SSL-VPN, GRE tunnels, and DMVPN topologies with certificate-based or pre-shared key authentication.
%CF; Apply and maintain ACLs, prefix lists, route maps, and control-plane policing (CoPP) to protect network infrastructure from unauthorized access and resource exhaustion attacks.
%CF; Collaborate with the cybersecurity team on vulnerability assessments, penetration test remediation, and compliance reviews against frameworks including ISO 27001, PCI-DSS, NIST CSF, SOC 2, and GDPR.
%CF; Investigate network security incidents using packet captures (Wireshark, tcpdump), flow analysis (NetFlow/sFlow/IPFIX), and SIEM correlation (Splunk, IBM QRadar, or ELK stack).
%CF; Conduct regular firewall rule-base reviews, risk-based access certifications, and implement least-privilege access policies across all network tiers.
%CF; Manage and optimize BGP peering sessions with upstream ISPs and carrier partners, including route filtering, AS-path manipulation, MED/LOCAL_PREF tuning, and prefix advertisement policies.
%CF; Support and maintain MPLS-based carrier services including L2VPN, L3VPN (VRF-Lite, MPLS VPNv4/VPNv6), and EVPN/VXLAN fabrics for data center interconnect.
%CF; Configure and troubleshoot WAN technologies: Metro Ethernet, leased lines, DWDM transport, DSL aggregation, and LTE/5G failover links.
%CF; Liaise with telecom vendors and carriers on circuit provisioning, SLA management, fault escalation, and capacity planning discussions.
%CF; Support Voice-over-IP (VoIP) and Unified Communications infrastructure — QoS for RTP/SIP traffic, jitter buffers, DSCP remarking — in close coordination with the UC team.
%CF; Design and support hybrid and multi-cloud network connectivity using AWS Transit Gateway, Azure Virtual WAN, and GCP Cloud Interconnect / Partner Interconnect.
%CF; Implement and manage cloud-native networking constructs: VPCs, private peering, security groups, network load balancers, and cloud-based SD-WAN integration.
%CF; Collaborate with DevOps and cloud architects on network automation and infrastructure-as-code using Ansible, Terraform, or Python (Netmiko, Nornir, NAPALM).
%CF; Serve as escalation point for L2/L3 network incidents; participate in on-call rotation and coordinate with NOC teams during major outages.
%CF; Drive proactive problem management: root-cause analysis, post-incident reviews, and implementation of preventive controls.
%CF; Mentor junior and mid-level network engineers; conduct knowledge-sharing sessions and contribute to team upskilling initiatives.
%CF; Author and maintain standard operating procedures (SOPs), runbooks, and network engineering playbooks.
%CF; Participate in change management (CAB) processes; assess risk, plan rollback strategies, and execute changes during approved maintenance windows.
%CF; Support procurement and vendor evaluation processes for network hardware, software licenses, and managed services.
%CF; Bachelor's degree in Computer Science, Information Technology, Electronics & Communication Engineering, Telecommunications, or a closely related technical field.
%CF; 5–8 years of hands-on, progressive experience in network engineering roles within enterprise, telecom, or carrier environments.
%CF; Demonstrated track record designing, deploying, and operating complex multi-vendor IP networks at scale.
%CF; Experience working in or with telecommunications service providers, or managing carrier-grade infrastructure, is strongly preferred.
%CF; Advanced proficiency in configuring and managing Cisco IOS/IOS-XE/IOS-XR, Juniper JunOS, Arista EOS, or equivalent enterprise/carrier-class platforms.
%CF; Expert-level knowledge of BGP, OSPF, IS-IS, EIGRP, and static routing with route policy design and traffic engineering experience.
%CF; Strong expertise in Layer 2 technologies: VLANs, STP variants, LACP, Q-in-Q, and Carrier Ethernet (MEF/EVC).
%CF; Solid understanding of MPLS architecture including LDP, RSVP-TE, L2VPN, L3VPN, EVPN, and segment routing.
%CF; Proficiency in network services: DHCP, DNS, NAT, NTP, QoS (DiffServ/IntServ), IPv4/IPv6, and multicast (PIM-SM/SSM).
%CF; Hands-on experience with SD-WAN technologies and overlay network design.
%CF; Familiarity with network automation tools and scripting: Ansible, Python, Terraform, or equivalent.
%CF; Proven experience administering enterprise-grade firewalls from at least two vendors: Palo Alto (Panorama/PAN-OS), Fortinet FortiGate, Cisco ASA/Firepower, or Check Point.
%CF; Working knowledge of IPSec VPN, SSL-VPN, DMVPN, and certificate-based authentication.
%CF; Familiarity with IDS/IPS tuning, DDoS mitigation strategies, NAC (802.1X, Cisco ISE, Aruba ClearPass), and network access control.
%CF; Understanding of zero-trust network access (ZTNA) frameworks and network micro-segmentation.
%CF; Experience with SIEM integration, log forwarding, and correlation (Splunk, IBM QRadar, ELK) for network devices.
%CF; Proficiency in network analysis tools: Wireshark, tcpdump, iperf, traceroute/tracert, ping, MTR.
%CF; Experience with monitoring platforms: SolarWinds NPM/NCM, PRTG, Nagios, Zabbix, Grafana, or equivalent.
%CF; Familiarity with flow analysis: NetFlow, sFlow, IPFIX; and traffic baselining methodologies.
Required
CCNP Enterprise or CCNP Security (or equivalent Juniper JNCIP-SP / JNCIP-ENT)
Highly Desirable
PCNSE (Palo Alto Networks Certified Security Engineer)
NSE 4 / NSE 5 (Fortinet Network Security Expert)
CCSA / CCSE (Check Point Security Administrator / Expert)
Juniper JNCIS-SP or JNCIP-SP (Service Provider track)
Added Advantage
CISSP, CEH, or CompTIA Security+ (Security specializations)
AWS / Azure / GCP Networking Specialty certifications
CCIE Enterprise / Service Provider / Security — highly desirable for senior candidates
%CF; Strong analytical mindset with a systematic, data-driven approach to diagnosing complex, multi-layer network issues across physical, logical, and application layers.
%CF; Excellent verbal and written communication skills; ability to produce clear technical documentation, executive summaries, and present findings to non-technical stakeholders.
%CF; Demonstrated ability to manage competing priorities, work independently under pressure, and deliver results in a fast-paced, 24/7 operational environment.
%CF; Strong sense of ownership and accountability with a proactive attitude toward identifying and resolving issues before they escalate.
%CF; Team-oriented collaborator with experience working across cross-functional teams including security, cloud, systems, applications, and vendors.
%CF; Commitment to continuous learning; actively engages with industry publications, vendor communities, and professional development opportunities.
- %CF; Experience with ITIL-aligned processes (incident, change, problem, capacity management) in an enterprise or telecom environment.
