About the role
The candidate should have 5+ of progressive experience in firewall configuration, IP routing troubleshooting and switching maintenance.
Responsibilities
Policy Lifecycle Management: Regularly auditing, optimizing, and cleaning up firewall security policies (removing shadow rules, expired rules, and unused objects) to maintain performance and compliance. NAT & PAT Administration: Configuring and troubleshooting complex Source NAT, Destination NAT, and Static NAT mappings for internal and DMZ services. VPN Management: Establishing, monitoring, and troubleshooting Site-to-Site IPsec VPNs and Remote Access SSL VPNs, including phase 1/phase 2 negotiation troubleshooting. HA Cluster Maintenance: Managing firewall clusters in Active/Passive or Active/Active modes, ensuring stateful session synchronization, and executing hitless firmware upgrades. Protocol Tuning & Maintenance: Managing and optimizing core routing protocols (BGP, OSPF, IS-IS). This includes adjusting BGP attributes (Local Pref, AS-Path) for traffic engineering and managing OSPF area boundaries. Route Policy Management: Implementing and maintaining complex prefix-lists, route-maps, and policy-based routing to control traffic flow and prevent routing loops during redistribution. High Availability Routine: Conducting regular failover testing of redundant routing protocols (VRRP, HSRP) to guarantee sub-second convergence during link failures. Layer 2 Loop Prevention: Monitoring and troubleshooting Spanning Tree Protocol (STP/RSTP/MSTP) environments to prevent broadcast storms. Link Aggregation & Stacking: Configuring and maintaining Ether Channel/LACP, switch stacks, and multi-chassis link aggregation tech. VLAN & Segment Management: Maintaining VLAN databases, trunking protocols (802.1Q), and implementing strict VLAN pruning to optimize broadcast domains. Lifecycle & Patch Management: Planning and executing OS/firmware upgrades across routers, switches, and firewalls to patch vulnerabilities while minimizing maintenance-window downtime. Backup & Recovery: Ensuring automated, daily configuration backups are successful and maintaining a verified Disaster Recovery (DR) restoration playbook. Root Cause Analysis (RCA): Leading technical investigations for major network or security incidents, utilizing packet captures (Wireshark) and log analysis (Syslog) to identify the true root cause.