Network Engineer (IP Networking & Security)

We are seeking a highly skilled and motivated Network Engineer to join our growing infrastructure team. This role is central to the design, deployment, and lifecycle management of our enterprise-grade IP networking and telecommunications infrastructure. You will be responsible for ensuring high availability, performance, and security across LAN, WAN, data center, and cloud-interconnect environments.

Design, configure, and maintain enterprise-grade routers, switches, and telecom network elements across LAN, WAN, MAN, and data center environments, ensuring carrier-class availability and performance.

Implement, optimize, and troubleshoot routing protocols BGP (eBGP/iBGP, route policies, communities), OSPF (multi-area, redistribution), IS-IS, and EIGRP across complex multi-vendor topologies.

Manage switching technologies including VLANs, 802.1Q trunking, STP/RSTP/MSTP, VTP, LACP/PAgP link aggregation, and MLAG for resilient access and aggregation layers.

Configure and operate telecom-specific protocols and technologies: MPLS (LDP, RSVP-TE, L2/L3 VPNs), Carrier Ethernet (MEF standards), and pseudowire services (VPLS, EVPN).

Deploy and manage SD-WAN overlays (Cisco Viptela, VMware VeloCloud, Fortinet SD-WAN) for optimized hybrid WAN connectivity, application-aware routing, and traffic steering.

Administer network services including DHCPv4/v6, DNS, NTP, NAT/PAT, QoS (DSCP marking, traffic shaping, policing, queuing), and IPv6 transition mechanisms (dual-stack, 6to4, NAT64).

Lead IP address management (IPAM) strategy, subnetting design, and IPv6 adoption planning aligned with organizational growth and telecom peering requirements.

Monitor and optimize network performance using tools such as SolarWinds NPM, PRTG, Nagios, Zabbix, or Kentik; proactively identify and resolve bottlenecks, capacity constraints, and service degradation.

Maintain accurate, version-controlled network documentation including topology diagrams, IP address plans, change records, and configuration baselines.

Configure, manage, and perform regular audits of enterprise firewalls including Cisco ASA/Firepower, Palo Alto Networks (PAN-OS, Panorama), Fortinet FortiGate, and Check Point covering rule-base hygiene, policy optimization, and shadow-rule elimination.

Design and enforce network segmentation strategies using VLANs, VRFs, DMZs, micro-segmentation, and zero-trust network access (ZTNA) principles to minimize lateral movement risk.

Deploy, configure, and tune IDS/IPS systems (Cisco Secure IPS, Palo Alto Threat Prevention) to detect and block network-layer threats including DDoS, reconnaissance, and exploitation attempts.

Implement and manage site-to-site and remote access VPN solutions: IPSec IKEv1/v2, SSL-VPN, GRE tunnels, and DMVPN topologies with certificate-based or pre-shared key authentication.

Apply and maintain ACLs, prefix lists, route maps, and control-plane policing (CoPP) to protect network infrastructure from unauthorized access and resource exhaustion attacks.

Collaborate with the cybersecurity team on vulnerability assessments, penetration test remediation, and compliance reviews against frameworks including ISO 27001, PCI-DSS, NIST CSF, SOC 2, and GDPR.

Investigate network security incidents using packet captures (Wireshark, tcpdump), flow analysis (NetFlow/sFlow/IPFIX), and SIEM correlation (Splunk, IBM QRadar, or ELK stack).

Conduct regular firewall rule-base reviews, risk-based access certifications, and implement least-privilege access policies across all network tiers.

Manage and optimize BGP peering sessions with upstream ISPs and carrier partners, including route filtering, AS-path manipulation, MED/LOCAL_PREF tuning, and prefix advertisement policies.

Support and maintain MPLS-based carrier services including L2VPN, L3VPN (VRF-Lite, MPLS VPNv4/VPNv6), and EVPN/VXLAN fabrics for data center interconnect.

Configure and troubleshoot WAN technologies: Metro Ethernet, leased lines, DWDM transport, DSL aggregation, and LTE/5G failover links.

Liaise with telecom vendors and carriers on circuit provisioning, SLA management, fault escalation, and capacity planning discussions.

Support Voice-over-IP (VoIP) and Unified Communications infrastructure QoS for RTP/SIP traffic, jitter buffers, DSCP remarking in close coordination with the UC team.

Design and support hybrid and multi-cloud network connectivity using AWS Transit Gateway, Azure Virtual WAN, and GCP Cloud Interconnect / Partner Interconnect.

Implement and manage cloud-native networking constructs: VPCs, private peering, security groups, network load balancers, and cloud-based SD-WAN integration.

Collaborate with DevOps and cloud architects on network automation and infrastructure-as-code using Ansible, Terraform, or Python (Netmiko, Nornir, NAPALM).

Serve as escalation point for L2/L3 network incidents; participate in on-call rotation and coordinate with NOC teams during major outages.

Drive proactive problem management: root-cause analysis, post-incident reviews, and implementation of preventive controls.

Mentor junior and mid-level network engineers; conduct knowledge-sharing sessions and contribute to team upskilling initiatives.

Author and maintain standard operating procedures (SOPs), runbooks, and network engineering playbooks.

Participate in change management (CAB) processes; assess risk, plan rollback strategies, and execute changes during approved maintenance windows.

Support procurement and vendor evaluation processes for network hardware, software licenses, and managed services.

Bachelor's degree in Computer Science, Information Technology, Electronics & Communication Engineering, Telecommunications, or a closely related technical field.

58 years of hands-on, progressive experience in network engineering roles within enterprise, telecom, or carrier environments.

Demonstrated track record designing, deploying, and operating complex multi-vendor IP networks at scale.

Experience working in or with telecommunications service providers, or managing carrier-grade infrastructure, is strongly preferred.

Advanced proficiency in configuring and managing Cisco IOS/IOS-XE/IOS-XR, Juniper JunOS, Arista EOS, or equivalent enterprise/carrier-class platforms.

Expert-level knowledge of BGP, OSPF, IS-IS, EIGRP, and static routing with route policy design and traffic engineering experience.

Strong expertise in Layer 2 technologies: VLANs, STP variants, LACP, Q-in-Q, and Carrier Ethernet (MEF/EVC).

Solid understanding of MPLS architecture including LDP, RSVP-TE, L2VPN, L3VPN, EVPN, and segment routing.

Proficiency in network services: DHCP, DNS, NAT, NTP, QoS (DiffServ/IntServ), IPv4/IPv6, and multicast (PIM-SM/SSM).

Hands-on experience with SD-WAN technologies and overlay network design.

Familiarity with network automation tools and scripting: Ansible, Python, Terraform, or equivalent.

Proven experience administering enterprise-grade firewalls from at least two vendors: Palo Alto (Panorama/PAN-OS), Fortinet FortiGate, Cisco ASA/Firepower, or Check Point.

Working knowledge of IPSec VPN, SSL-VPN, DMVPN, and certificate-based authentication.

Familiarity with IDS/IPS tuning, DDoS mitigation strategies, NAC (802.1X, Cisco ISE, Aruba ClearPass), and network access control.

Understanding of zero-trust network access (ZTNA) frameworks and network micro-segmentation.

Experience with SIEM integration, log forwarding, and correlation (Splunk, IBM QRadar, ELK) for network devices.

Proficiency in network analysis tools: Wireshark, tcpdump, iperf, traceroute/tracert, ping, MTR.

Experience with monitoring platforms: SolarWinds NPM/NCM, PRTG, Nagios, Zabbix, Grafana, or equivalent.

Familiarity with flow analysis: NetFlow, sFlow, IPFIX; and traffic baselining methodologies.

Required

CCNP Enterprise or CCNP Security (or equivalent Juniper JNCIP-SP / JNCIP-ENT)

Highly Desirable

PCNSE (Palo Alto Networks Certified Security Engineer)

NSE 4 / NSE 5 (Fortinet Network Security Expert)

CCSA / CCSE (Check Point Security Administrator / Expert)

Juniper JNCIS-SP or JNCIP-SP (Service Provider track)

Added Advantage

CISSP, CEH, or CompTIA Security+ (Security specializations)

AWS / Azure / GCP Networking Specialty certifications

CCIE Enterprise / Service Provider / Security highly desirable for senior candidates

Strong analytical mindset with a systematic, data-driven approach to diagnosing complex, multi-layer network issues across physical, logical, and application layers.

Excellent verbal and written communication skills; ability to produce clear technical documentation, executive summaries, and present findings to non-technical stakeholders.

Demonstrated ability to manage competing priorities, work independently under pressure, and deliver results in a fast-paced, 24/7 operational environment.

Strong sense of ownership and accountability with a proactive attitude toward identifying and resolving issues before they escalate.

Team-oriented collaborator with experience working across cross-functional teams including security, cloud, systems, applications, and vendors.

Commitment to continuous learning; actively engages with industry publications, vendor communities, and professional development opportunities.

• Experience with ITIL-aligned processes (incident, change, problem, capacity management) in an enterprise or telecom environment.