Requirements

Key Experience/Competencies/Skillsets:

The following Experience/Competencies/Skillsets are applicable to this Role.

The Client IT Department is looking for a dedicated resource with strong network cybersecurity and networking skills.

The emphasis is on protecting and operating the network (WAN/LAN/WLAN and perimeter).

Specifically focusing on the following:

1.        Core Network Design & Operations (WAN / LAN / WLAN)

·         Strong experience with Cisco (IOS/NX-OS) and Meraki; strong CLI skills and template-driven configs.

·         Familiarity with core routing and switching protocols (e.g., OSPF, BGP, STP, VLANs, EtherChannel, QoS) and scalable enterprise design principles.

·         Experience designing and operating wireless networks, including capacity planning, authentication, and guest access controls (e.g., WPA2/WPA3-Enterprise with RADIUS).

·         Provider interaction & WAN management (e.g., Virgin Media): SLAs, QoS, failover behaviour, performance troubleshooting.

·         Understanding of IP addressing, subnetting, and integration of core IP services (DNS, DHCP, IPAM).

2.        Perimeter & Edge Security (Firewalls, VPN, DDoS)

·         Strong knowledge of next-generation firewalls administration (e.g., Cisco & Palo Alto) and security policy lifecycle (design, hygiene, review).

·         Experience with high-availability firewall designs, upgrade strategies, and deterministic failover for predictable resilience.

·         Proficiency with remote access and site-to-site VPNs using robust authentication (RADIUS/Entra ID), posture checks, and split-tunnel design.

·         Competence in secure service publication, minimal/auditable exceptions, egress controls, and GEO / IP reputation use.

·         Awareness of DDoS exposure and layered mitigations across provider, edge, and on-premise controls.

3.        Secure Architecture & Network Segmentation

·         Ability to design outcome-driven segmentation aligned to Zero-Trust principles (VLANs, ACLs, firewalled inter-segment flows).

·         Experience implementing Layer-2 protections (e.g., DHCP snooping, Dynamic ARP Inspection, IP source guard, port security).

·         Clean IP plan and deterministic routing between segments policy enforcement tied to identity and roles.

·         Safe patterns for guest/BYOD and third-party connectivity with appropriate isolation and controls.

·         Ability to review current design architectures, articulate risks/trade-offs, and recommend pragmatic improvements.

4.        Configuration Management & System Hardening

·         Experienced in maintaining network equipment, servers, and Dell SAN infrastructure, ensuring secure configuration, consistent baselines, and optimal performance across environments.

·         Skilled in virtual machine lifecycle management, provisioning, tuning, and securing guest/host systems within VMware and Hyper-V platforms.

·         Implemented standardised configuration management practices, including RBAC enforcement, encrypted management access (SSH/TLS), automated configuration backups, and drift detection across infrastructure layers.

·         Proficient in implementing configuration validation and version control, ensuring traceability, compliance, and rapid recovery from misconfiguration without service disruption.

5.        Monitoring, Telemetry & Incident Response (SOC/SIEM & Threat Intel)

·         Proven experience in real-time security monitoring and incident response within SOC/SIEM environments, including alert triage, correlation, enrichment, and continuous rule tuning.

·         Skilled in investigating security incidents using logs, network telemetry, and packet captures to identify root causes, scope impact, and execute effective containment and remediation.

·         Strong understanding of network observability sources (NetFlow/sFlow, syslog, SNMP, SPAN/ERSPAN) and their role in threat detection and investigations.

·         Proficient in threat intelligence integration (STIX/TAXII, vendor feeds) and transforming intelligence into actionable detections and control improvements.

·         Experienced in developing and maintaining incident response playbooks, managing evidence, and conducting post-incident reviews to enhance detection and response maturity.

6.        Vulnerability, Patch & Platform Lifecycle Management

·         Strong experience in vulnerability assessment and remediation, performing regular scans of network, server, and application layers with CVSS- and risk-based prioritisation.

·         Experienced in coordinating and tracking patch compliance across firewalls, routers, switches, servers, and virtual environments, ensuring timely updates and controlled rollout of changes.

·         Skilled in hardware and software lifecycle governance, maintaining EOS/EOL visibility, upgrade scheduling, and clear communication of operational risk to support replacement planning.

·         Proficient in applying secure configuration benchmarks (vendor/CIS) and tracking variance to maintain compliance and reduce attack surface.

·         Experienced in exception and risk acceptance management, documenting compensating controls and defined remediation timelines to uphold governance integrity.

7.        Resilience, Backup & Disaster Recovery Readiness

·         Strong knowledge and practical experience in designing resilient network and system architectures, implementing HSRP/VRRP, ECMP, dual-homing, and redundant wireless designs for high availability.

·         Experienced in failover and recovery validation, conducting scheduled failover/failback testing, verifying expected behaviours, and documenting outcomes for operational assurance.

·         Skilled in backup and recovery integration, aligning network paths, authentication, and topology awareness to ensure backup reliability across servers, applications, and databases.

·         Experienced in cyber-resilient backup strategies, maintaining immutable and off-site copies, secure “break-glass” access, and minimal viable connectivity for disaster recovery and incident response.

8.        Cloud Foundations & Hybrid Connectivity (Azure)

·         Experienced in designing and establishing foundational Azure environments, including initial network design, identity integration, and governance setup for secure cloud adoption.

·         Strong knowledge of Azure networking components such as VNets, subnets, NSGs/ASGs, Azure Firewall and Virtual WAN (vWAN), and Private DNS/Private Link for building resilient and secure connectivity frameworks.

·         Skilled in designing and implementing hybrid connectivity, including IPSec VPN and ExpressRoute configurations, BGP routing, and split-horizon DNS for seamless on-premises integration.

·         Familiar with cloud governance and cost management practices, incorporating tagging, budgets, and compliance controls within early-stage network and policy designs.

9.        Governance, Change Control, Documentation & Risk

·         Experienced in establishing and maintaining structured technical governance, ensuring all network, security, and cloud activities align with organisational policies, compliance standards, and risk frameworks.

·         Skilled in developing and maintaining comprehensive, version-controlled documentation, including network diagrams, configurations, inventories, and design records that accurately represent live environments.

·         Strong background in risk identification and management, maintaining an actionable risk register that prioritises operational and security risks with clear ownership, tracking, and mitigation measures.

·         Experienced in disciplined change control, implementing peer-reviewed, auditable change processes with verification, rollback readiness, and full traceability for production modifications.

·         Promotes a knowledge-sharing and foster mentoring, cross-team collaboration, and post-incident or post-change reviews to strengthen organisational capability and resilience.