Job Title: Senior Network Security Engineer

Experience: 8+

Job Purpose:We are looking for an experienced and proactive Senior Network Security Engineer with a strong foundation in network security architecture, SD-WAN, and datacenter operations. The role requires hands-on expertise with Fortinet SD-WAN, Check Point and Cisco firewalls, and a solid understanding of IPS/IDS, DNS security, ZTNA, and SASE principles. The ideal candidate will be adaptable to a dynamic work environment, capable of handling enterprise-scale operations, and flexible to support business-critical activities beyond standard hours.

Responsibilities:

1. SD-WAN & Network Security Operations

• Lead the design, deployment, and lifecycle management of Fortinet SD-WAN across enterprise locations.
• Ensure optimized routing, traffic segmentation, and secure interconnectivity for multi-site WAN environments.
• Integrate SD-WAN with broader SASE framework to ensure secure remote access and policy enforcement.

2. Firewall & Perimeter Security Management

• Administer, configure, and maintain Check Point and Cisco firewalls for high-availability enterprise networks.
• Review and optimize firewall rule bases, NAT configurations, and VPN policies for compliance and efficiency.
• Implement and fine-tune Intrusion Prevention and Detection Systems (IPS/IDS) for proactive threat mitigation.

3. Datacenter & Core Network Security

• Support and enhance datacenter network architecture, including segmentation, routing, and redundancy planning.
• Manage and secure DNS, DHCP, and IPAM services, ensuring integrity and protection against DNS-based threats.
• Coordinate planned changes, capacity expansions, and datacenter interconnect projects.

4. Advanced Security Technologies

• Implement and support Zero Trust Network Access (ZTNA) and SASE-based architectures for remote and hybrid work environments.
• Collaborate with security and infrastructure teams to align network access controls with organizational security posture.
• Participate in integration of next-generation solutions (ZTNA, SWG, CASB, DLP) under unified SASE frameworks.

5. Operational Excellence & Compliance

• Provide L3-level operational support for complex incidents and change management activities.
• Ensure detailed documentation, including network diagrams, SOPs, and change logs.
• Support internal/external audits, ensuring alignment with ISO 27001, NIST, or corporate compliance frameworks.

Coordinate with vendors and service providers for timely resolution of escalated network or security issues.

Mandatory:

• Proven hands-on experience with:
• Fortinet SD-WAN & Firewalls (NSE 4–7 preferred)
• Check Point & Cisco ASA/Firepower firewalls
• IPS/IDS solutions (Fortinet, Cisco, or equivalent)
• DNS Security and protection mechanisms (DNS filtering, RPZ, DoH/DoT)
• ZTNA & SASE concepts and practical deployments
• Deep understanding of LAN/WAN, routing protocols (BGP, OSPF), VPNs, VLANs, and datacenter security design.
• Experience integrating security tools such as SIEM, NAC, and endpoint protection platforms.
• Excellent troubleshooting and incident response capabilities under pressure.
• Certifications such as Fortinet NSE 4–7, CCNP Security, Check Point CCSA/CCSE, Zscaler ZCP, or SASE/Cloud Security certifications are highly desirable.