Job Description -Network Security Engineer
Role Overview
We are seeking a highly experienced Network Security Engineer with mandatory CCIE certification to design, implement, secure, and support on-premise enterprise network and security infrastructures.
This role focuses exclusively on physical data centers, campus networks, and WAN environments.
The ideal candidate will have deep hands-on expertise in routing & switching, next-generation firewalls, access control, VPNs, and enterprise wireless within mission-critical, high-availability on-prem environments.
Mandatory Requirements
- Active CCIE Certification (Mandatory) – Security / Enterprise / Collaboration accepted
- 8–15+ years of hands-on experience in on-premise enterprise networks
- Strong experience working in UAE enterprise, government, banking, or system integrator environments
Key Responsibilities
- Design, deploy, and support on-premise LAN/WAN and Data Center network security architectures
- Implement and manage Next-Generation Firewalls (NGFW) including policy design, IPS, application control, and threat prevention
- Architect, configure, and troubleshoot Site-to-Site VPN, Remote Access VPN, DMVPN, IPsec, and GRE
- Design and implement high-availability (HA), redundancy, and failover solutions
- Implement Network Access Control (NAC) using 802.1X and Cisco ISE
- Secure east-west and north-south traffic within data centers
- Lead PoC, migrations, firewall replacements, and infrastructure upgrades
- Prepare and maintain HLD, LLD, As-Built diagrams, and implementation documents
- Perform advanced L2/L3 troubleshooting and root-cause analysis
- Ensure compliance with security standards, audit requirements, and operational best practices
Technical Skills – Mandatory
Routing & Switching
- BGP, OSPF, EIGRP, RIP
- VLAN, STP / RSTP / MSTP, VTP
- HSRP, VRRP, GLBP
- Cisco Catalyst (9K series), Nexus (NX-OS)
- vPC, VDC, FabricPath
- Policy-Based Routing (PBR)
Network Security
- Firewalls:
- Cisco ASA / Firepower (FPR + FMC)
- Palo Alto
- FortiGate
- Firewall clustering and high availability
- IPS, Antivirus, Web Filtering, Application Control
- Secure perimeter and internal segmentation design
VPN & Secure Connectivity
- Site-to-Site IPsec VPN
- Remote Access VPN (AnyConnect or equivalent)
- DMVPN, GRE
- Secure WAN interconnects (MPLS, leased lines)
Access Control & NAC
- Cisco ISE
- 802.1X (Wired & Wireless)
- Guest & Sponsored access
- Role-based and policy-driven access control
Wireless (On-Prem Controllers)
- Cisco Wireless (9800 WLC)
- Aruba Controllers
- Enterprise WLAN security design
Email & Web Security (On-Prem Appliances) – Preferred
- Secure Email Gateways
- Web Security Appliances
- DLP, HTTPS inspection, URL filtering
Documentation & Professional Skills
- Strong experience producing:
- High-Level Design (HLD)
- Low-Level Design (LLD)
- Network diagrams and As-Built documentation
- Excellent troubleshooting and analytical skills
- Strong customer-facing communication
- Ability to work independently in critical environments
