NOC Engineer: Incident Response & Network Observability

We are seeking a NOC Engineer to monitor and operate Cloud Gateway’s managed network and security services, triaging incidents, executing standard changes with strong change discipline, and improving runbooks/monitoring to reduce repeat issues and improve MTTR.

Operate and support Cloud Gateway’s customer-facing network and security services to agreed service levels, monitoring, triaging, and resolving incidents and service requests, and executing controlled changes, while contributing to continuous improvement and the shift from bespoke operations to repeatable, productised service delivery.

This role is a frontline contributor to our Connect–Protect–Observe operating model: keeping services stable (“Connect/Protect”) and ensuring issues are detectable, diagnosable, and evidenced (“Observe”).

Key responsibilities

• Monitor and triage (Connect–Protect–Observe)
  • Monitor networks and security services using CG’s observability tooling and vendor platforms.
  • Identify incidents quickly, assess impact, classify severity, and initiate response.
  • Correlate alerts with service context (customer, service tier, dependencies) to reduce false escalations.
• Incident response and resolution
  • Perform first-line technical triage: identify probable cause, gather evidence (logs, metrics, configs), and attempt resolution.
  • Execute standard remediation actions using approved runbooks and “golden path” workflows.
  • Escalate effectively to Product Engineering/Platform with complete context and artefacts (what changed, what failed, what we observed).
• Service requests and standard changes
  • Fulfil service requests and standard changes within scope (e.g., approved configuration changes, access requests, routine firewall rule changes where authorised).
  • Follow change control: approvals, maintenance windows, pre-checks/post-checks, rollback readiness.
  • Record evidence in ITSM (tickets, approvals, outputs, validation).
• Customer communication and stakeholder coordination
  • Provide timely and accurate incident and change communications, aligned to severity and customer expectations.
  • Coordinate with carriers, vendors, datacentre partners, and internal teams during incidents and outages.
  • Support customer service reviews with operational insights when required.
• Continuous improvement and operational hygiene
  • Identify recurring failure modes and raise problem tickets with data-backed recommendations.
  • Contribute to improving runbooks, knowledge articles, monitoring thresholds, and automation opportunities.
  • Participate in post-incident reviews and implement agreed corrective actions.
• Security and compliance by default
  • Operate with least privilege, secure handling of credentials, and disciplined evidence capture.
  • Follow security procedures for suspicious activity, policy violations, or customer-impacting security events.
  • Support audit/assurance needs through consistent recordkeeping and process adherence.

Must-have capabilities

• Experience in a NOC/service operations environment supporting networked services.
• Solid fundamentals in IP networking (TCP/IP, routing/switching concepts, VPNs, DNS, DHCP).
• Familiarity with firewall concepts and troubleshooting (rules, NAT, sessions, logs) and security operations basics.
• Strong incident handling discipline: severity triage, structured troubleshooting, clear comms.
• Comfort working in ITSM tools (ticket quality, categorisation, SLA awareness, change records).
• Ability to work calmly under pressure and follow runbooks/processes precisely.

Nice-to-have

• Experience with Fortinet (FortiGate) and/or common network vendors (Cisco, Juniper, etc.).
• Experience with SD-WAN/SASE/SSE concepts in a managed services context.
• Scripting/automation literacy (basic Python, Ansible awareness) to support “automation-first” ops.
• Familiarity with observability tooling (Grafana, alerting, log platforms) and good monitoring hygiene.
• Experience coordinating with carriers and datacentre providers during outages.
• Operational discipline: rigorous ticketing, evidence capture, and process adherence.
• Customer-aware: communicates clearly and avoids speculation, sets expectations appropriately.
• Continuous improver: fixes root causes via problem management, not just symptoms.
• Team-first: escalates early with context; collaborates across Platform and Product Engineering.
• Calm under pressure: reliable during incidents and major outages.