Network Security Engineer

Social network you want to login/join with:

We are seeking a highly skilled and experienced Network Security Engineer to join our dynamic Operational Technology (OT) Infrastructure team at Thames Water.

As a Network Security Engineer, you will play a critical role in ensuring the reliability, availability, and security of our network infrastructure across both IT and OT environments. This position requires strong expertise in network security technologies, routing protocols, and firewall administration, along with a deep understanding of service delivery within a complex enterprise setting. You will work closely with key stakeholders, third-party suppliers, and internal teams to support BAU operations, contribute to the security strategy, and drive continual service improvement.

1. Network Security & System Reliability:
   • Act as SME for Network Security, delivering technical guidance across Digital and Operational teams.
   • Maintain and support all IT and OT Network Security assets, systems, and appliances to ensure 99.98% availability.
   • Deliver updates and upgrades to network components, including Switches, Routers, Firewalls and network security applications in line with defined schedules.
   • Ensure continuity of service and system performance through effective configuration management, firmware maintenance, and standards compliance.
2. Technical Development & Cyber Risk Mitigation:
   • Provide technical input to the development and maintenance of network security strategies, policies, and procedures.
   • Contribute to high- and low-level network security design documentation to support delivery across all environments.
   • Identify and escalate cyber and operational risks to ensure the integrity and resilience of the network.
   • Manage security appliances and platforms such as Fortinet, CheckPoint, Cisco Security, Ivanti Secure, NAC and PAM with technologies such as VPN, IPSec, and deep packet inspection.
3. Infrastructure Management & Operational Assurance:
   • Administer routing protocols (OSPF, RIP, BGP, MPLS, NAT) and switching technologies (STP, MRP, VLAN, ARP) in line with architecture standards.
   • Oversee the delivery and effectiveness of key security technologies, including DNS filtering, Proxy services, NAC, IDS, VPN, and SASE.
   • Support internal and external TLS certificate management, public certificate compliance, and machine-to-machine VPN configurations.
4. Stakeholder Engagement & Service Delivery:
   • Engage with Network Managers, Security Leaders, Architects, and Delivery teams to align services with business outcomes.
   • Act as a subject matter expert during incident and problem management activities, supporting bridge calls and root cause analysis.
   • Ensure all services meet defined SLAs and operational KPIs, maintaining accurate configuration and licensing records.
5. Audit, Compliance & Service Management:
   • Audit and manage all network security systems, licenses, and equipment to ensure compliance and reduce operational risk.
   • Collaborate with Service Management to support BAU delivery, capacity and availability planning, and risk mitigation.
   • Drive continual service improvement through reporting, stakeholder feedback, and the identification of improvement opportunities.
6. Collaboration & Knowledge Sharing:
   • Work closely with strategic suppliers and internal teams to ensure consistent delivery and effective risk governance.
   • Support knowledge sharing and change initiatives, promoting security awareness and operational excellence.

Base location: Hybrid – Clearwater Court, Reading.

Working pattern: 36 hours, Monday to Friday.

Must-have:

• Experience in both IT and OT network security environments.
• Security Clearance (SC) or the ability to obtain it.
• Strong stakeholder management and supplier engagement experience in a complex enterprise environment.
• Advanced knowledge and hands-on experience with Layer 2/3 technologies (VLAN, OSPF, BGP, RSTP, MRP) and vendors (Cisco, Fortinet, CheckPoint).
• Proficiency with core network security technologies, including SD-WAN, IPSEC, Cisco ISE, and cloud security services.
• Demonstrable problem-solving skills, with the ability to balance commercial, operational, and customer-focused outcomes.
• Strong communication and interpersonal skills to effectively engage with technical and non-technical stakeholders.
• Familiarity with service delivery frameworks such as ITIL, and experience working in both agile and waterfall delivery environments.

Desirable:

• Cisco certifications: CCNP, CCNA (minimum), and CheckPoint CCSE/CCSA.
• Experience with security technology vendors, including Meraki, Belden, and Fortinet.
• Previous experience in the utilities industry or within a large-scale enterprise (20,000+ devices).
• Understanding of strategic supplier management, business case development, and stakeholder analysis.
• Knowledge of cloud platforms such as Azure or AWS.

• Competitive salary up to £64,000 per annum, depending on experience
• Annual Leave - 26 days holiday per year, increasing to 30 with the length of service (plus bank holidays)
• Generous Pension Scheme through AON
• Access to benefits for health, wellbeing, and finances, including health MOTs, physiotherapy, counselling, Cycle to Work schemes, shopping vouchers, and life assurance.

We’re the UK’s largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We aim to build a better future, helping our customers, communities, people, and the planet to thrive. We seek passionate and skilled individuals committed to making a difference.

Thames Water offers fast-tracked career opportunities, flexible working arrangements, and excellent benefits. We value diversity and inclusion and support applicants throughout the recruitment process. We also offer opportunities to support our customers directly and earn extra income through training programs.

Note: Due to high application volume, the advert may close early. Apply promptly to avoid missing out.