Job Title: ICT Technical Resource – Networking and Cybersecurity
Location: Dublin 4, (Remote working may be agreed for part of the engagement, subject to operational requirements)
Contract / Permanent: 6 Months, With further extension.
Start date: January 2026
· It is a mandatory requirement that the Resource proposed has the equivalent of Grade 2 Intermediate Resource.
· It is a mandatory requirement that the Resource proposed hold the following qualifications or equivalents:
o Have a degree equivalent to level 8 or higher on the National Framework of Qualifications in a relevant discipline as may be considered appropriate in the discretion of Client.
The following non-exhaustive list of Key Deliverables are applicable to this Role.
· Current Network Assessment: Topology diagrams, IP/VLAN schema, device inventory, and configuration baseline with risk-ranked findings.
· Risk & Gap Analysis: Network-centric security risks and gaps vs best practice; prioritised remediation items.
· Best-Practice Standards: Firewall, switching, WLAN, NAC configuration standards; naming/IPAM standards; change-control templates.
· Standardisation Pack: Repeatable templates (e.g., switch port profiles, firewall rule taxonomy), golden configs, and as-built documentation.
· Remediation Plan: Sequenced plan with timelines, dependencies, and required maintenance windows.
· Playbooks & Runbooks: Incident response for network threats; routine operations (backup/restore, change, DR failover tests).
· Monitoring & Logging Plan: Telemetry sources, thresholds, log routing/retention, and health dashboards.
· Weekly Status Reports: Progress, risks/issues, metrics, and next steps.
· Cloud Readiness Assessment: Inventory of infrastructure, dependencies, compliance, risks, and workload readiness scoring.
· Digital strategy enablement: Contribute to the CLIENT’s digital transformation by ensuring network and security practices extend seamlessly to SaaS, IaaS, and PaaS environments, enabling scalable, cloud-first services.
The following Experience/Competencies/Skillsets are applicable to this Role.
The Client IT Department is looking for a dedicated resource with strong network cybersecurity and networking skills.
The emphasis is on protecting and operating the network (WAN/LAN/WLAN and perimeter).
Specifically focusing on the following:
1. Core Network Design & Operations (WAN / LAN / WLAN)
· Strong experience with Cisco (IOS/NX-OS) and Meraki; strong CLI skills and template-driven configs.
· Familiarity with core routing and switching protocols (e.g., OSPF, BGP, STP, VLANs, EtherChannel, QoS) and scalable enterprise design principles.
· Experience designing and operating wireless networks, including capacity planning, authentication, and guest access controls (e.g., WPA2/WPA3-Enterprise with RADIUS).
· Provider interaction & WAN management (e.g., Virgin Media): SLAs, QoS, failover behaviour, performance troubleshooting.
· Understanding of IP addressing, subnetting, and integration of core IP services (DNS, DHCP, IPAM).
2. Perimeter & Edge Security (Firewalls, VPN, DDoS)
· Strong knowledge of next-generation firewalls administration (e.g., Cisco & Palo Alto) and security policy lifecycle (design, hygiene, review).
· Experience with high-availability firewall designs, upgrade strategies, and deterministic failover for predictable resilience.
· Proficiency with remote access and site-to-site VPNs using robust authentication (RADIUS/Entra ID), posture checks, and split-tunnel design.
· Competence in secure service publication, minimal/auditable exceptions, egress controls, and GEO / IP reputation use.
· Awareness of DDoS exposure and layered mitigations across provider, edge, and on-premise controls.
3. Secure Architecture & Network Segmentation
· Ability to design outcome-driven segmentation aligned to Zero-Trust principles (VLANs, ACLs, firewalled inter-segment flows).
· Experience implementing Layer-2 protections (e.g., DHCP snooping, Dynamic ARP Inspection, IP source guard, port security).
· Clean IP plan and deterministic routing between segments policy enforcement tied to identity and roles.
· Safe patterns for guest/BYOD and third-party connectivity with appropriate isolation and controls.
· Ability to review current design architectures, articulate risks/trade-offs, and recommend pragmatic improvements.
4. Configuration Management & System Hardening
· Experienced in maintaining network equipment, servers, and Dell SAN infrastructure, ensuring secure configuration, consistent baselines, and optimal performance across environments.
· Skilled in virtual machine lifecycle management, provisioning, tuning, and securing guest/host systems within VMware and Hyper-V platforms.
· Implemented standardised configuration management practices, including RBAC enforcement, encrypted management access (SSH/TLS), automated configuration backups, and drift detection across infrastructure layers.
· Proficient in implementing configuration validation and version control, ensuring traceability, compliance, and rapid recovery from misconfiguration without service disruption.
5. Monitoring, Telemetry & Incident Response (SOC/SIEM & Threat Intel)
· Proven experience in real-time security monitoring and incident response within SOC/SIEM environments, including alert triage, correlation, enrichment, and continuous rule tuning.
· Skilled in investigating security incidents using logs, network telemetry, and packet captures to identify root causes, scope impact, and execute effective containment and remediation.
· Strong understanding of network observability sources (NetFlow/sFlow, syslog, SNMP, SPAN/ERSPAN) and their role in threat detection and investigations.
· Proficient in threat intelligence integration (STIX/TAXII, vendor feeds) and transforming intelligence into actionable detections and control improvements.
· Experienced in developing and maintaining incident response playbooks, managing evidence, and conducting post-incident reviews to enhance detection and response maturity.
6. Vulnerability, Patch & Platform Lifecycle Management
· Strong experience in vulnerability assessment and remediation, performing regular scans of network, server, and application layers with CVSS- and risk-based prioritisation.
· Experienced in coordinating and tracking patch compliance across firewalls, routers, switches, servers, and virtual environments, ensuring timely updates and controlled rollout of changes.
· Skilled in hardware and software lifecycle governance, maintaining EOS/EOL visibility, upgrade scheduling, and clear communication of operational risk to support replacement planning.
· Proficient in applying secure configuration benchmarks (vendor/CIS) and tracking variance to maintain compliance and reduce attack surface.
· Experienced in exception and risk acceptance management, documenting compensating controls and defined remediation timelines to uphold governance integrity.
7. Resilience, Backup & Disaster Recovery Readiness
· Strong knowledge and practical experience in designing resilient network and system architectures, implementing HSRP/VRRP, ECMP, dual-homing, and redundant wireless designs for high availability.
· Experienced in failover and recovery validation, conducting scheduled failover/failback testing, verifying expected behaviours, and documenting outcomes for operational assurance.
· Skilled in backup and recovery integration, aligning network paths, authentication, and topology awareness to ensure backup reliability across servers, applications, and databases.
· Experienced in cyber-resilient backup strategies, maintaining immutable and off-site copies, secure “break-glass” access, and minimal viable connectivity for disaster recovery and incident response.
8. Cloud Foundations & Hybrid Connectivity (Azure)
· Experienced in designing and establishing foundational Azure environments, including initial network design, identity integration, and governance setup for secure cloud adoption.
· Strong knowledge of Azure networking components such as VNets, subnets, NSGs/ASGs, Azure Firewall and Virtual WAN (vWAN), and Private DNS/Private Link for building resilient and secure connectivity frameworks.
· Skilled in designing and implementing hybrid connectivity, including IPSec VPN and ExpressRoute configurations, BGP routing, and split-horizon DNS for seamless on-premises integration.
· Familiar with cloud governance and cost management practices, incorporating tagging, budgets, and compliance controls within early-stage network and policy designs.
9. Governance, Change Control, Documentation & Risk
· Experienced in establishing and maintaining structured technical governance, ensuring all network, security, and cloud activities align with organisational policies, compliance standards, and risk frameworks.
· Skilled in developing and maintaining comprehensive, version-controlled documentation, including network diagrams, configurations, inventories, and design records that accurately represent live environments.
· Strong background in risk identification and management, maintaining an actionable risk register that prioritises operational and security risks with clear ownership, tracking, and mitigation measures.
· Experienced in disciplined change control, implementing peer-reviewed, auditable change processes with verification, rollback readiness, and full traceability for production modifications.
· Promotes a knowledge-sharing and foster mentoring, cross-team collaboration, and post-incident or post-change reviews to strengthen organisational capability and resilience.