Senior Network Security Engineer

Join to apply for the Senior Network Security Engineer role at Natobotics.

Role: Senior Network Security Engineer (L4)

Experience: 10 years

Location: Guildford, UK

Work mode: Onsite

Key Responsibilities

• Manage, configure, and troubleshoot Cisco ISE (TACACS+, RADIUS, Dot1X, CoA, Profiling). Administer and support Cisco ASA/FTD firewalls including ACLs, NAT, VPN, failover, clustering, and upgrades. Manage Check Point (R80.x) firewalls – policy management, clustering, VPN, logging, and health checks. Handle F5 APM for remote access VPN, SSO, authentication, and application access. Support data center network security architecture (firewalls, segmentation, VRF, routing, switching security).
• Implement, install, and decommission security devices (ASA/FTD, Check Point, ISE nodes, F5 APM). Lead hardware refresh, firewall replacement, and migration projects. Execute device decommissioning, including cleanup, rule removal, rack removal, documentation, cutover activities, change execution, and post‑implementation validation.
• Participate in designing secure network architectures for enterprise and data center environments. Work with cross‑functional teams to review network and security requirements and create HLDs/LLDs, network diagrams, migration plans, and SOPs.
• Act as L4 SME for escalations related to network security issues. Troubleshoot identity/authentication failures, VPN issues, firewall packet drops, and routing conflicts. Perform root‑cause analysis (RCA), remediation plans, long‑term fixes, and monitor system health, logs, and alerts across multiple platforms.
• Ensure compliance with security standards (ISO 27001, NIST, PCI‑DSS, CIS benchmarks). Conduct rule/policy optimisation, cleanup, audits, and maintain device firmware/software at secure and supported versions. Document procedures and provide knowledge transfer to L1/L2 teams.

Technical Skills & Experience

• Cisco ISE (expert level) – Authentication policies, authorization profiles, profiling, certificates, device onboarding.
• Cisco ASA/FTD – VPN, NAT, ACL, clustering, routing, packet tracer, FMC.
• Check Point R80.x – SmartConsole, VPN, IPS, rule optimisation, HA/cluster.
• F5 APM – Access policy creation, VPN configuration, SAML/OAuth integration.
• Cisco Switching/Routing in DC – Nexus (5k/7k/9k), VLANs, VPC, OSPF/BGP basics.
• Packet capture tools: Wireshark, tcpdump.
• Cloud networking (AWS/Azure) – plus.
• Automation/Scripting: Python, Ansible – preferred.

Experience

• 6–10+ years in enterprise Network Security.
• Experience in distributed, high‑availability environments.
• Proven track record of leading install, upgrade, migration, and decommission projects.
• Experience handling major incidents and RCA documentation.

Soft Skills

• Excellent communication and documentation skills.
• Strong analytical and troubleshooting capability.
• Ability to lead changes independently and collaborate with global teams.
• Ability to mentor junior engineers.