Role: IP Operations Engineer
Hours: 37.5 hrs per week, Monday to Friday, there will also be a requirement to be part of an on-call rota and provide out-of-hours support during implementation and change activities.
This is a hands-on role for an experienced network security and operations engineer able to work as part of a team and on a self starter basis. The main aspects of the role will be to work alongside a Virtual Security team, providing expert contribution and analysis on network security and DDOS vulnerability concerns. The role also encompasses 24/7 support of the Core IP Network in conjunction with a team of skilled engineers. A good, solid background in IP Network Security is required, combined with exposure to both Service Provider and Multi-Vendor environments.
Must be a self-starter, proactive, highly organized, and capable of working well with individuals at all levels in the organization. Will possess good interpersonal, written, oral, and analytical skills, as well as being innovative and dedicated.
Assess Vendor Advisory and Vulnerability notices and work with Engineering and operational teams to provide detailed risk assessments/analysis to the Virtual Security Team.
Work with Engineering and operational teams to test and validate patches (upgrades) and/or workarounds.
Provide the expertise required to continually assess and update the Device/Software Vulnerability and DDOS policies/strategy, in line with current requirements.
Ensure device security templates (hardening) and compliance policies align with both Engineering/Vendor and NCSC recommendations.
Knowledge of both the HSCN Framework and GPG13 PMCs (not-mandatory).
Provide in depth technical assistance across a range of vendor hardware & configurations in support of the Gamma Operational IP network.
Support the technical interface between Operations, Network Engineering and other Technical Support Teams.
Ability to work under pressure and in a fast moving and changeable environment
Self-motivated and very flexible with a “can do” attitude
Strong technical skills within a multi-disciplined environment.
Applicants will typically be CCSP, CCNP and/or JNCIP accredited, with multivendor experience. Technologies & vendor experience that would be required/desirable:
Fortigate (800C/3000D), Fortimanager and Fortianalyzer
MPLS VPN Architectures:
Configuring and supporting all flavours of L2VPNs, L3VPNs and Inter-AS NNIs (Option A/B/C) across Cisco and Juniper Core Networks employing Full Mesh or Route Reflectors within the BGP core.
Routing and Switching:
Extensive experience with configuring and supporting the following protocols/technologies – BGP, OSPF, CLNS/ISIS, RSVP, BFD, VRRP, HSRP, 802.1q,Q-in-Q, L2TP (LAC/LNS) PVST+/MST, Switch-Stacks (Cisco and Juniper)
Experience with configuring and supporting DC Technologies – FabricPath, OTV and Multicast
Network and Firewall Security:
Configuring and Supporting Cisco and Fortigate firewalls.
Operational understanding of DDOS attack vectors and mitigation solutions including RTBH and Scrubbing.
Operational experience of deploying JUNOS Flowspec rules for traffic filtering and suppression/rate limiting.
Experience with Configuring and Supporting BGP Routing and Traffic Policies/Objects on Fortigate Firewall Clusters.
Experience with Configuring and Supporting NGFW Features on Fortigate Firewalls, to include: IPS, Application Control, Web Filtering and AV protection.
Configuring and supporting all aspects of QOS on vendor equipment as specified above (Traffic Shaping/Policing/Scheduling/Congestion Management and Avoidance). Specific experience with deploying QOS in a voice and/or converged environment would be advantageous (using both IPv4 and IPv6).
Experience with configuring/using Solarwinds Orion NPM/NCM and Cacti/WeatherMap packages and hands on experience with using JDSU Network test equipment.