The Network Security Engineer is responsible for operating, maintaining, securing, and evolving the client Network Secure Access (NSA) infrastructure. This includes Firewalling, VPNs, identity services, proxies, DNS, anti-DDoS, and secure connectivity across all client sites. The engineer ensures confidentiality, integrity, and availability of the network by implementing robust security controls, monitoring threats, and supporting critical operational services.
Responsibilities
- Network Security services operations:
- Operate multi-vendor Firewall infrastructures (CheckPoint clusters, Fortinet clusters, standalone FortiGate appliances).
- Manage advanced Firewall features: stateful inspection, application control, IPS/IDS, threat prevention, SD‑WAN, anti‑spoofing, DNS security.
- Maintain secure network segmentation across Internet, LAN, DMZ, Cybernet, datacenters, Testa, and EP Cloud environments.
- Security policy management (AlgoSec):
- Operate and optimise AlgoSec for automated policy analysis, risk reporting, and compliance.
- Support network topology visualisation and security rule lifecycle.
- Manage audit reports and security postures for multiple Firewall platforms.
- Identity & secure Access services:
- Operate Cisco ISE: authentication (802.1X, VPN, extranet), device profiling, TACACS+.
- Manage RSA SecurID MFA, including tokens, PIN management, enrollment, and server upgrades.
- Support Cisco ASA VPN infrastructure, including AnyConnect, strong authentication, split‑tunneling, and connection profiling.
- Operate site‑to‑site IPsec VPNs (Fortinet‑based) for cloud private environments.
- Network external Access services:
- Support anti‑DDoS protections (AWS‑based + ISP‑managed solutions).
- Manage WAF deployments (F5 / NetScaler) for Layer‑7 application protection.
- Operate DNS, DHCP, and IPAM services based on Vitalqip and Infoblox platforms.
- Manage forward proxies, CAS (Content Analysis Systems), reverse proxies, and extranet gateways.
- Maintain SSL Offloading reverse proxy appliances.
Operational responsibilities
- Security, performance, and accounting management.
- Incident & problem management including troubleshooting and RCA/PIR reporting.
- Change & configuration management, including upgrades, patches, and controlled rollouts.
- Monitoring, alerting, and dashboards for NSA systems.
- Maintain and update operational documentation, architecture diagrams, and inventories.
- Manage capacity, obsolescence plans, and lifecycle management for all appliances.
- Vendor and third‑party coordination for TAC escalations, managed services, and ISP services.
Experience
- 7+ years of experience in network security operations.
- Extensive hands‑on experience with Firewalls (Fortinet, CheckPoint), VPNs, proxies, DNS, and WAF.
- Strong knowledge of authentication services (RSA, Cisco ISE) and secure access architectures.
- Experience with multi‑site, multi‑zone enterprise environments.
- Key competencies:
- Firewalling: CheckPoint clusters, Fortinet FortiGate, FortiManager/FortiAnalyzer.
- Secure Access: Cisco ASA/AnyConnect, RSA MFA, Cisco ISE.
- Threat Protection: Anti‑DDoS systems, IPS/IDS, CAS, proxy‑based malware inspection.
- Secure DNS/IPAM: Vitalqip, Infoblox.
- External Access: WAF (F5 / NetScaler), reverse proxies, extranet gateways.
- Operational excellence: incident/change/problem management, documentation, automation.
- Fluent in English, knowledge of French.
Our offer
- An attractive salary package with or without a company car
- 5 additional vacation days each year
- A dedicated training program with personal development plans
- Extra-legal advantages (IT material, banks, ...)
- Regular events with the CTG team : learning lunchs, team buildings, fun events, Xmas, Marathons, ...
If you like multicultural teams and want to join a company with open communication, then apply right now !Please note that a criminal record will be asked for this position.
