Senior Network Security Engineer

Purpose: Seeking highly skilled Subject Matter Expert (SME)- Security engineer to perform obsolete hardware replacements, code upgrades, and configuration compatibility validation for both physical and virtual appliances. The role includes expertise in multi-context firewalls, IDS/IPS configurations, DDOS (Arbor) solutions, conducting pre- and post- validation testing, and ensuring operational stability in critical production environments. Engineer must have expertise in Cisco Firewalls/Palo Alto/FortiGate/ Check points and IDS/IPS & DDOS (Arbor). Years of experience needed – 9-10Years Technical Skills:

• Expertise in upgrading and managing code, image, firmware, bootstrap programs, software and security patches for network security devices like Firewalls/IDS/IPS (Cisco/Palo Alto/Juniper/Forti Gate/Check points), DDOS (Arbor) deployed in on-premises, remote and third-party data centers.
• Demonstrated ability to replace obsolete hardware and virtual appliances through detailed planning, including pre-upgrade checks, backup strategies, testing procedures, and rollback plans for both physical and virtual components.

• Firewalls & IDS/IPS:

1. Plan and implement the lifecycle replacement of end-of-support (EOS) and end-of-life (EOL) security appliance, optimizing infrastructure resilience.
2. Analyze configuration compatibility between old and new firmware versions or hardware models, identifying and resolving conflicts to ensure seamless transition.
3. Migrate and validate configurations, including NAT policies, VPN tunnels, IDS/IPS rules and muti-context setups, to new hardware or virtual appliances.
4. Conduct rigorous pre-upgrade and post-upgrade testing, including failover scenarios and security rule verification, to ensure operational stability and policy consistency.

• DDOS Protection (Arbor Networks):

1. Proficient in upgrading and replacing DDOS mitigation hardware and virtual appliances, such as Arbor Edge Defense (AED).
2. Ability to analyze network flow, configure threshold policies, and test mitigation strategies to ensure uninterrupted services.
3. Skilled in integrating DDOS Protection with upstream and downstream devices during replacement/ upgrades.

• Capability to implement and validate the configurations, Security policies and Application policies post-upgrade.
• Documentation and compliance - Define lifecycle management strategies for hardware and software. Maintain comprehensive documentation of upgrade activities, including change management logs and compliance reports.

• Good to Have: Knowledge on ansible/python (For automation and troubleshooting), cloud-native networking services and tools (AWS, AZURE).