Senior Security Systems Engineer

We are seeking a highly skilled Senior Security Systems Engineer with deep expertise in Network Security technologies.

This is a technical, hands-on role within the Network Security Engineering & Deployment team. The ideal candidate will possess Level 3/Subject Matter Expert (SME)-level knowledge and practical experience in managing, designing, and troubleshooting Network Security products such as Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS.

Responsibilities

• Architect, engineer, and implement next-generation network transformation solutions.
• Collaborate with cloud, security, and application teams to align network infrastructure with business objectives.
• Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network environments.
• Architect and deploy advanced network security across data centers, integrating with Cisco ACI for optimal performance.
• Serve as the Level 3 escalation point for network security issues, providing SME-level support.
• Develop and enforce policy-driven network security architectures, leveraging automation tools (Ansible, Python, XSOR).
• Maintain accurate network security documentation and ensure compliance with industry standards and governance policies.
• Mentor peers and stakeholders, leading knowledge transfer on network security technologies and best practices.

Requirements

• Bachelor's or Master's degree in Computer Science, Information Technology, or a related field.
• 10+ years of experience in network security technologies, including firewalls, IDPS, WAF, micro-segmentation, web proxies, and DNS.
• Deep understanding of NGFW features (Application Awareness, IPS, DPI), Checkpoint (Threat Prevention, VPNs, HA), and Palo Alto Networks (App-ID, WildFire, User-ID). Proven ability in firewall rule optimization and DNS security implementation.
• Expertise in configuring and managing signature-based and anomaly-based IDPS, with experience integrating with SIEM for centralized threat management.
• Proficiency in configuring and managing WAFs (e.g., F5 ASM) and implementing bot protection and DDoS mitigation strategies.
• Experience with tools like Illumio or Guardicore for workload isolation and a strong understanding of Zero Trust Architecture principles and implementation.
• Expertise in configuring role-based access control using Aruba ClearPass and/or Cisco ISE (802.1X, MAB, Guest Access).
• Hands-on experience with Infoblox DDI configuration and management, including advanced DNS security measures (DNSSEC, DNS filtering, DoH).
• Proficiency in using tools like Wireshark, Riverbed App Response, Cisco ThousandEyes, NetFlow, and sFlow for traffic analysis and anomaly detection.
• Expertise in integrating network devices with SIEM platforms (Splunk, Elastic, or equivalent) for threat visibility and incident response.
• In-depth understanding of BGP routing policies and OSPF configuration (including multi-area and IPv6). Knowledge of configuring site-to-site and remote access VPNs (IPSec and SSL).