Network Security Engineer
The Network Engineer/Network Security Consultant will be in charge of planning, implementing, upgrading and monitoring security measures for the protection of compute, storage and networks within the Sapphire-Anywhere estate. Ensuring appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure associated to the Sapphire-Anywhere estate and will be the primary point of contact for security breaches and virus protection/attacks. As part of a dynamic team the NSE will also need to be able to give support to the broader team for network configuration best practice, network analysis and general platform availability and troubleshooting as well as setting up, developing and maintaining Infrastructure networks within the business and between the Sapphire Anywhere customers
The NSE will report directly to the Global Head of Cloud Services and will play an integral role in advising and defining the network structure, security policies, best practices and required accreditations for the Sapphire-Anywhere and support environments.
Job responsibilities include but are not exclusive to the following.
- Establish the networking environment by designing system configuration, directing system installation and defining, documenting and enforcing system standards
- Design and implement new solutions and improve resilience of the current environment
- Maximise network performance by monitoring performance, troubleshooting network problems and outages, scheduling upgrades and collaborating with network architects on network optimisation
- Undertake data network fault investigations in local and wide area environments using information from multiple sources
- Secure network systems by establishing and enforcing policies, and defining and monitoring access
- Support and administer firewall environments in line with IT security policy
- Report network operational status by gathering and prioritising information and managing projects
- Upgrade data network equipment to the latest stable firmware releases
- configure routing and switching equipment, hosted IP voice services and firewalls
- Provide remote support to on-site engineers and end users/customers during installation
- Provide remote troubleshooting and fault finding if issues occur upon initial installation
- Undertake capacity management and audit of IP addressing and hosted devices within data centres
- Liaise with project management teams, third-line engineers and service desk engineers on a regular basis
- Speak to customers via email and phone for initial requirement capture.
- Confer with management and/or users to discuss issues such as computer data access needs, security violations, and configuration changes.
- Document computer security and emergency measures policies, procedures, and tests.
- Coordinate implementation of computer system plan with establishment personnel and outside vendors.
- Monitor use of data files and regulate access to safeguard information in computer files.
- Modify computer security files to incorporate new software, correct errors, or change individual access status.
- Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
- Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
- Monitor current reports of computer viruses to determine when to update virus protection systems.
- Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
- Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
- Act as the designated Sapphire-Anywhere SIRR (Security Incident Response Representative) communicating incident and remedial action information to the Global Heard of Cloud Services and customer representatives.
- Stay up to date with industry best practices and standards around Network Security ensuring a continued dialogue with peers and management to share relevant updates.
- Ownership of the ManageEngine reporting solution for Sapphire-Anywhere platform, production of relevant availability reports for management and end user consumption.
The successful candidate must be able to display strong competencies and understanding in the following areas.
- Proven hands-on network engineering experience
- In-depth knowledge and experience of Routing and Switching,
- In-depth knowledge of configuring Cisco/ForcePoint Firewalls, VPNs, and QoS
- Good experience in configuring Load Balancers (Preferably F5)
- Solid understanding of the OSI or TCP/IP model
- Deep understanding of networking protocols (e.g., IPSEC, HSRP, BGP, OSPF, 802.11, QoS)
- Cisco CCNA qualified
- Web Application Firewall such as Barracuda
- Hands-on experience with monitoring, network diagnostic and network analytics (such as Manage Engine (preferable), Solar Winds or SCOM
- Ransomware prevention technologies such as Crowdstrike (preferable)
- Good knowledge Intrusion detection systems (IDS) and Intrusion prevention systems (IPS)
· Strong Microsoft Power Shell skills
- Microsoft Windows Core (2012 R2 or 2016)
- Microsoft Hyper-V (2012 R2 or 2016) *
- Microsoft High Availability Clustering*
- VM Ware ESXi*
- DDOS protection and prevention
- Experience in delivering ISO 27001 and SOC Compliance certifications
- Experience in managing Penetration Tests
- ITIL v3 Foundation or above certified
- SUSE Enterprise or similar LINUX platform knowledge*
- Working Knowledge of Citrix XenApp 7.15*
- Working Knowledge of Citrix NetScaler*
- Strong analytical and written presentation skills
· University degree in Computer Science or a related subject*
(*) desirable but not essential.