Infrastructure Security Engineer
Infrastructure Projects Delivery Unit is responsible for design and deployment security solutions protecting and managing the client network. An L3 resource is expected to function as the highest level of technical support and escalation for security related issues, incidents and initiatives. The person should be able to take the role of Subject Matter Expert in technical project deliverables and be responsible for end-to-end solution implementation. Network Security engineer should have sufficient networking experience to tightly cooperate with communications network team engineers to deliver the solutions on a wide scale covering all the networking aspects.
Due-diligence of existing client’s solution, analyzing physical topology, logical interconnectivity, service dependency, application flows and security constraints.
Attending meetings and workshops with the client to understand requirements, challenges and risks.
Successfully presenting and backing complex designs for critical infrastructure to senior client resources at formal review boards
Developing security solution in cooperation with Network and Application projects team for solid end-to-end secure communication using existing industry standards, best practices and know-hows fitting it into existing infrastructure and operations framework.
Creating designs and support documentation for the delivered infrastructure. Raising change records and executing activity while adhering to client’s processes and procedures.
Support and trouble-shooting of network security devices and systems delivered by the project to the client during transition/handover period. That includes firewalls, intrusion detection systems, virtual private networks (VPN), security device management platforms, etc.
Vulnerability management, platform selection, software production-feature set and load- testing for chosen platform.
Have 1+ year(s) of infrastructure security experience working with major firewall platforms (Palo Alto, Juniper, Cisco, Fortinet, etc.). Certificate for any of the platform is a plus.
Alternatively have 1+ year(s) experience in Data Centre Security and micro-segmentation (zero-trust model and core segmentation, NSX, ACI, Tetration, etc.)
Alternatively have 1+ year experience with Cloud Security platforms – either cloud edge IaaS firewall or Cloud SaaS solution (Cisco CSR/vMX, Cisco AMP/SIG, CheckPoint, zScaler, PRISMA, etc.)
Have a good knowledge of networking – either classic (switching, dynamic routing protocols, static and rule-based routing, etc.) or cloud (VPC, peering, gateways, SD-WAN secure fabric). Certificate in any networking area is a plus.
Have a good knowledge of encryption and tunneling protocols (PKI, IPSec, SSL VPN, TLS, IKE, IKEv2, etc.)
Understand application protocols in context of OSI network layers and content inspection (Load-balancing, WAF, IPS, IDS, etc.)
Understand cloud technologies and infrastructure virtualization (IaaS, PaaS, SaaS, NFV, SDN, SD-WAN)
Understand baseline security requirements and platform hardening principles.
Be flexible for international business trips to attend client meetings or workshops or perform remote site installation and configuration.
Have good verbal communication skills (English) in both technical and non-technical communications.
Have good experience creating design documents (HLD, LLD) diagrams (Visio) and presentations (PPT)
Have good analytical mindset for problem solving under stress and time pressure.
Cafeteria – Budget for benefits based on your choice
Refer-a-Friend – get a bonus in the employee referral program
Flexible working arrangements (Flex Work, Telework)
Wide range of leading-edge trainings (including language courses)
Family oriented benefits
Competitive compensation package, paid overtime and insurance
Company shares on discount price
Employee assistance program (psychologist support, legal or financial advice