Senior Network Security Engineer

Job Overview:

As a Network Security Engineering team member, the Senior Network Security Engineer will specialise in firewalls and routing. The ideal candidate is a flexible, self-motivated individual who excels at multitasking and thrives in a fast-paced, challenging environment.

This self-starter will bring ingenuity and expertise to design, implement, and maintain secure, scalable, high-performing network solutions that connect on-premises and public cloud environments. The role emphasises driving automation through Infrastructure-as-Code (IaC) and GitOps methodologies, ensuring optimal network performance, and integrating robust security measures.

Responsibilities:

Network Design and Implementation:

1. Design and implement secure, scalable, and high-performing network solutions bridging on-premises and public cloud environments.
2. Leverage routing and switching expertise (e.g., BGP, OSPF, MPLS) to ensure network performance and reliability across diverse environments.
3. Analyze operational needs and proactively develop creative network solutions to address security challenges.

Security and Firewall Management:

1. Manage firewall configurations for the Cyber Energia network based on operational requirements.
2. Develop and implement network security tools, produce threat models, and assess risks around existing configurations.
3. Provide subject matter expertise on network security, firewalls, and industry best practices.
4. Document and formalize security processes.

Automation and Infrastructure Management:

1. Drive automation initiatives using Infrastructure-as-Code (IaC) practices (e.g., Terraform, Ansible, Chef) and GitOps workflows to streamline network provisioning and enforce configuration consistency.
2. Develop CI/CD pipelines tailored for IT infrastructure to enhance deployment efficiency and integrate network security measures.
3. Build and maintain internal automation solutions (e.g., Slack bots and integrations) to streamline IT operations and business processes.

Monitoring and Maintenance:

1. Manage and maintain network security systems through system patches and periodic maintenance tasks.
2. Establish comprehensive observability and proactive issue-resolution strategies using tools like SNMP, Syslog, Netflow, Elasticsearch (ELK Stack), and Grafana.

Collaboration and Communication:

1. Work with Cyber Energia teams to identify functional needs, develop secure architectures, and communicate security best practices and policies.
2. Collaborate with security teams to align IT automation with Zero Trust principles and compliance frameworks.
3. Clearly explain technical concepts to both technical and non-technical audiences, demonstrating excellent stakeholder management skills.

Basic Qualifications:

1. 5+ years of experience in network security, IT infrastructure, applications, endpoints, and/or APIs.
2. 2+ years of experience hardening Windows, MacOS, and/or Linux operating systems.

Required Skills and Experience:

Technical Expertise:

1. Strong experience with enterprise network vendors (e.g., CheckPoint, Palo Alto).
2. Proficiency in routing and switching, including protocols like BGP, OSPF, and MPLS.
3. Deep understanding of network security principles (e.g., ACLs, firewalls, VPNs, 802.1x authentication, profiling, RBAC).
4. Familiarity with network monitoring tools/protocols and logging pipelines (e.g., SNMP, Syslog, Netflow, ELK Stack, Grafana).
5. Strong knowledge of cloud platforms (e.g., Azure, AWS, GCP) and infrastructure management.
6. Experience with network security technologies, including firewalls (Palo Alto, CheckPoint), IDS/IPS, NDR, switch/router ACLs, NAC solutions, IPSec/TLS VPNs, WAFs, email security, and SIEM logging/alerting.

Programming and Automation:

1. Proficiency in a modern programming language (e.g., Python).
2. Experience with IaC practices, GitOps workflows, and cloud automation best practices.
3. Proven ability to integrate corporate IT infrastructure with CI/CD pipelines and DevOps workflows.
4. Familiarity with networking protocols and the OSI model.

General Skills:

1. Strong Linux background and passion for open-source technology (a must).
2. Excellent analytical, problem-solving, and time-management skills.
3. Adept at learning new technologies and systems.
4. Experience testing and implementing changes in a production environment.
5. Exceptional communication skills (written and verbal) to work cross-functionally with IT, security, and business teams.

Preferred Attributes:

1. Demonstrated track record of developing and maintaining internal tools to optimize IT operations.
2. Ability to work independently as a self-starter with minimal supervision.