Senior Network Engineer

The role is split between BAU responsibilities and the design and implementation.BAU responsibilities include but are not limited to:Maintaining compliance across the network estate by working to agreed baselines, in accordance with NIST and Centre for Internet Security standards, baselining configurations and identifying configuration drift, using tools such as Solarwinds NCM.Defining reporting on the above with identification and remediation, should it to be agree and re baseline or to revoke. Assist with facing off against CLS Audit on the many audits that take place during the year.Patching of the network estate including SolarWinds Orion NPM, RSA Security Manager, ISE and other devices such as ASA, Riverbed, ACI spine and leaf and Cisco switches and routers etc.Design and Implementation:With design and implementation at the forefront this should include authoring and/or maintaining governance documentation such as High-Level Designs and Solution Outlines whilst writing and maintaining internal documentation, such as low-level design, technical implementation and verification plans. The role is very much 'hands on'' so whilst the candidate will have a strong technical knowledge around the design, they will also need to be able to implement this or direct others to implement, remotely via a WebEx. The ability to use Visio for network schematics is essential. This role will form part of team who are subject matter experts in fields such as Storage, Windows, VMWare and Citrix. Essential Function / major duties and responsibilities of the jobStrategicAssist in the development of the overall strategy and architecture definition for the CLS internal technology infrastructure, remote access and collaboration tools.Design technical infrastructure solutions that meet service delivery needs and provisions for the future needs of the business based on IT Strategy. This should include all governance and non-governance design and support documentation.Research and undertake vendor and product reviews.OperationalProvide last line support for solutions delivered by the engineering function in line with existing IT service management processes. Act as an escalation point, for the managed service, for problems pertaining to network technology and with a view to re-engineering.Build proof of concept within a lab environment and then rollout into production.Successfully transition the support of new network technologies to support partners.Maintain familiarity with business continuity procedures and take part in 'Controlled'' and 'Uncontrolled'' disaster failover testing. This is in conjunction with the Engineering and support teams.Full understanding of Cisco ASA and Firepower FTD and operate CSM and FMC to push firewall rules where required.Assist in the Network Audit''s.Participate in the development of performance and capacity requirements.Participate in the transformation of documentation. This is to assist in building a set of 'best practice'' documents in relation to Network Security.Actively participate in the 'path to green'' for all network compliance area''s including vulnerability management and full baseline of all components.LeadershipDeliver projects in line with the engineering function''s overall program and aligned to the corporate strategy as a technical resource or as a technical lead, where required.Provide technical design authority over new or changing solutions, in conjunction with other team members.Act as Technical Lead for Infrastructure projects. Ensure delivery by teams composed of CLS Technical Analysts and external consultant and contractors.Experience / essential and desired for successful job performanceSolid understanding of datacenter networking technologies, such as ACI, with strong WAN and LAN technologies and the technology that drives cloud architecture. This requires extensive knowledge in this field with the ability to make decisions and drive through from initial concept to full deployment. This will include collaboration with other teams, such as architecture and security and third parties. Qualifications / certifications:Engineering Degree or industry related qualifications in the respective area, such as CCNA, CCDA, CCNP (R&S), CCNP (Security), CCNP (Voice), CCDP, CISSP, CCSA and AWS advanced networking qualifications.Knowledge, skills and abilities / competencies required for successful job performanceIn-depth knowledge of design, implementation, configuration and testing of the following:Routing Protocols - OSPF, BGP.WAN media, such as MPLS, Internet, VPN, SSL.Encryption of circuits using IPsec site-to-site VPN, DMVPN using tunneling technology, e.g GREoverIPsec, IKE, ISAKMP, DH etc. Be able to deploy a site-to-site VPN out to a third party.Switching and L3 - NXoS, HSRP, VRRP, GBLP, NTP, STP, RSTP, QoS, CoS, SVI, VLAN''s, ACL''s.Firewalls - Cisco ASA, Cisco FirePOWER, Checkpoint, Fortinet, ACL''s, CSM and FMC.Environments - Data Centre including ACI Fabric, Enterprise Edge, DMZ, SP Edge, Web Hosting.Cloud - ExpressRoute and AWS advanced networking including deployment of firewalls such as ASAv and Fortigate.Wireless - Cisco Wireless LAN controllers and AP''s. Configuration of CATWAP.Tools/Appliances - Solarwinds Orion (NPM and NCM), Cisco Prime Infrastructure, RSA, ACS, CSM, FMC and ISE.Knowledge on patching applications such as Solarwinds and RSA Security Manager but also have skills to patch ASA, IOS, ACI etc.Success factors / 'How''. Personal characteristics contributing to an individual''s ability to excel in the position A polished individual who has the 'hit the floor running'' and 'can do'' approach. The sort of person who can tease out requirements from stakeholders and then design and implement world class, simple, elegant, and secure solutions whilst adhering to the strategic goals. - provided by Dice

Created: 2025-11-15