Lead Network Security Engineer

We are looking for a skilled and strategic Lead Network & Security Engineer to architect, manage, and secure enterprise-wide network systems. This senior role demands deep technical expertise across firewalls, VPN, IPS, Zscaler cloud security, switching technologies, SD-WAN, and wireless solutions. Youll lead design initiatives, mentor engineers, and ensure robust security postures across complex hybrid environments.

Responsibilities :

- Design and manage firewall deployments using Cisco ASA, Fortinet FortiGate, and Checkpoint, including advanced rulebase optimization and threat mitigation

- Architect, configure, and monitor VPN solutions (IPsec, SSL VPN) for secure connectivity across global networks

- Oversee implementation and tuning of Intrusion Prevention Systems (IPS) to defend against evolving threats

- Administer and optimize Zscaler Internet Access (ZIA) and Private Access (ZPA) policies for cloud security and access control

- Lead Layer 2/3 switching operations, including VLAN configuration, Spanning Tree Protocol (STP) tuning, and traffic segmentation

- Deploy and maintain Fortinet SD-WAN solutions for resilient connectivity and bandwidth optimization

- Manage enterprise wireless infrastructure across Cisco Wireless LAN Controller (WLC), Aruba, and Meraki platforms for performance and security

- Ensure reliable and secure operation of network services like DNS, DHCP, NTP, including redundancy and fault-tolerance

- Conduct network risk assessments, penetration testing coordination, and remediation planning

- Collaborate with cross-functional teams on security posture improvements, incident response strategy, and zero-trust architecture

- Document network diagrams, policies, procedures, and change requests with a focus on audit readiness

Qualifications :

- Advanced experience in firewall rule audits, traffic shaping, and security policy enforcement

- Strong knowledge of Zscaler cloud security architecture and integration ; Scripting or automation (Python, Bash, PowerShell) is a plus

- Proficiency in VLAN routing, trunking, STP troubleshooting, and link redundancy

- Solid command of SD-WAN architectures, overlay networks, and branch-office deployments

- Familiarity with wireless authentication protocols, RF optimization, and controller-based management

- Competent in core services like DNS zone management, DHCP scopes, and NTP synchronization