Infrastructure Security Engineer_sk
Popis Pracovnej Pozície
Infrastructure Projects Delivery Unit is responsible for design and deployment security solutions protecting and managing the client network. An L3 resource is expected to function as the highest level of technical support and escalation for security related issues, incidents and initiatives. The person should be able to take the role of Subject Matter Expert in technical project deliverables and be responsible for end-to-end solution implementation. Network Security engineer should have sufficient networking experience to tightly cooperate with communications network team engineers to deliver the solutions on a wide scale covering all the networking aspects.
Due-diligence of existing client’s solution, analyzing physical topology, logical interconnectivity, service dependency, application flows and security constraints.
Attending meetings and workshops with the client to understand requirements, challenges and risks.
Successfully presenting and backing complex designs for critical infrastructure to senior client resources at formal review boards
Developing security solution in cooperation with Network and Application projects team for solid end-to-end secure communication using existing industry standards, best practices and know-hows fitting it into existing infrastructure and operations framework.
Creating designs and support documentation for the delivered infrastructure. Raising change records and executing activity while adhering to client’s processes and procedures.
Support and trouble-shooting of network security devices and systems delivered by the project to the client during transition/handover period. That includes firewalls, intrusion detection systems, virtual private networks (VPN), security device management platforms, etc.
Vulnerability management, platform selection, software production-feature set and load- testing for chosen platform.
Have 1+ year(s) of infrastructure security experience working with major firewall platforms (Palo Alto, Juniper, Cisco, Fortinet, etc.). Certificate for any of the platform is a plus.
Alternatively have 1+ year(s) experience in Data Centre Security and micro-segmentation (zero-trust model and core segmentation, NSX, ACI, Tetration, etc.)
Alternatively have 1+ year experience with Cloud Security platforms – either cloud edge IaaS firewall or Cloud SaaS solution (Cisco CSR/vMX, Cisco AMP/SIG, CheckPoint, zScaler, PRISMA, etc.)
Have a good knowledge of networking – either classic (switching, dynamic routing protocols, static and rule-based routing, etc.) or cloud (VPC, peering, gateways, SD-WAN secure fabric). Certificate in any networking area is a plus.
Have a good knowledge of encryption and tunneling protocols (PKI, IPSec, SSL VPN, TLS, IKE, IKEv2, etc.)
Understand application protocols in context of OSI network layers and content inspection (Load-balancing, WAF, IPS, IDS, etc.)
Understand cloud technologies and infrastructure virtualization (IaaS, PaaS, SaaS, NFV, SDN, SD-WAN)
Understand baseline security requirements and platform hardening principles.
Be flexible for international business trips to attend client meetings or workshops or perform remote site installation and configuration.
Have good verbal communication skills (English) in both technical and non-technical communications.
Have good experience creating design documents (HLD, LLD) diagrams (Visio) and presentations (PPT)
Have good analytical mindset for problem solving under stress and time pressure.
- From 1800-3000 EUR/month
• Guaranteed paid overtime or overtime vacation
• German language bonus up to 400€ monthly/gross depending on language proficiency and level of seniority
• Flexible Benefit System - budget to be spent on services of your choice
• Competitive bonus structure
• Refer-a-Friend – get a bonus in the employee referral program
• Loyalty rewards
• Flexible working arrangements (time & place of work)
• Wide range of trainings and expert lectures
• Regular performance review and career growth possibilities
• Ongoing career guidance and mentoring (Global Mentoring Program, Lean In)
• Employee share purchase plan
Family & Health:
• 3 extra days off
• Sick leave salary compensation (up to 90%)
• Home-office equipment
• Family oriented benefits (Wedding, Parental and Baby days-off and bonuses)
• Employee assistance services (professional psychological, financial and legal help)
• Multisport card
• 24/7 Telehealth support
• Bereavement Leave (up to 4 weeks)