الوصف الوظيفي:
أحدث معلومات الوظائف من Itsecurityct لمنصب Network Security Engineer-L3-Saudi National. If the Network Security Engineer-L3-Saudi National الشاغرة في المملكة العربية السعودية تتوافق مع مؤهلاتك، يرجى تقديم أحدث طلب أو سيرة ذاتية مباشرة من خلال بوابة وظائف Jobkos المحدثة.
يرجى ملاحظة أن التقديم على وظيفة قد لا يكون سهلاً دائماً، حيث يجب على المرشحين الجدد استيفاء مؤهلات ومتطلبات معينة تحددها الشركة. نأمل أن تكون الفرصة المهنية في Itsecurityct لمنصب Network Security Engineer-L3-Saudi National أدناه تتوافق مع مؤهلاتك.
Network Security Engineer – L3 – Saudi National
Full-time
Job Summary
The L3 Network Security Engineer is responsible for advanced design, operation, and optimization of the bank’s network security controls. This includes التالي generation firewalls, VPN, web proxy, SSL inspection, IPS, DDoS protection, and network advanced threat protection. The role acts as the final escalation point for complex incidents, leads incident response, and provides expert guidance to improve security posture, performance, and resilience across the in-scope technologies.
Primary Technology Scope
- SSL inspection – Gigamon
- Web proxy – Forcepoint Web Security
- DDoS protection – Arbor
- IPS or network ATP – Cisco IPS, Trellix or FireEye NX
- Integrations with SIEM and monitoring platforms
The engineer works closely with the F5 or Edge Security tower, L3 Email Security Engineer, SOC, and infrastructure teams.
Key Responsibilities 1. Advanced Support and Escalation Management
- Act as the final escalation point for complex incidents affecting firewalls, VPN, proxy, IPS, SSL inspection, DDoS, and network ATP.
- Perform deep troubleshooting, packet analysis, and protocol level investigations for critical issues.
- Own root cause analysis for recurring or high impact incidents and define corrective and preventive actions.
2. Configuration, Optimization and Maintenance
- Design, implement, and tune policies on Palo Alto, Cisco ASA or FTD, and Fortinet firewalls, including segmentation, zero‑trust style rules, NAT, and security policies.
- Manage VPN services for remote access and site‑to‑site connectivity, including authentication, MFA integration, and high availability.
- Administer Forcepoint Web proxy and SSL decryption policies, including safe bypass lists, categories, and exception handling.
- Operate Gigamon SSL inspection, Arbor DDoS, and network IPS or ATP solutions, ensuring signatures, profiles, and protections are updated and tuned.
- Own backup, restore, and lifecycle tasks for all network security devices, including upgrades, certificate rotations, and HA testing.
3. Architecture and Design
- Contribute to low‑level designs, network security architectures, and change plans for new services and projects.
- Recommend improvements in zoning, traffic flows, and control placement to align with SAMA CSF and NCA ECC requirements for network and perimeter security.
4. Incident Response and Reporting
- Lead network security incident response during major events, coordinating with SOC, infrastructure, and application owners.
- Produce detailed RCAs, including packet captures, logs, timeline, business impact, and hardening recommendations.
- Provide dashboards and reports on policy changes, rule usage, blocked traffic trends, and attack statistics.
5. Technical Leadership and Mentoring
- Mentor L2 Network Security Engineers on troubleshooting methods, tooling usage, and SOPs.
- Review and approve L2 changes for complex or high‑risk activities.
- Contribute to runbooks, hardening guides, and standard templates for network security changes.
6. Governance, Compliance and ITIL
- Ensure all work is executed under formal Change and Incident Management with CAB ready plans, test cases, and rollback procedures.
- Map device configurations and monitoring to SAMA Cybersecurity Framework and NCA ECC technical controls for network security, perimeter defense, and secure remote access.
- Maintain audit‑ready evidence, approvals, logs, configuration exports, and RCAs.
7. Collaboration and Stakeholder Engagement
- Work closely with F5 Application Security tower for traffic flows, VIPs, and DDoS or WAF interactions.
- L3 Email Security Engineer – handoffs for network‑centric issues.
- SOC and SIEM teams – rule tuning and log quality.
- Infrastructure and application teams – secure and stable deployments.
Tooling Scope – Must have strong hands‑on expertise in most of
- Palo Alto NGFW and GlobalProtect
- Cisco ASA or FTD and Cisco IPS
- Fortinet FortiGate
- Forcepoint Web Security and SSL interception
- Gigamon SSL inspection
- Arbor DDoS
- Trellix or FireEye NX or equivalent network ATP
Good to have
- Experience with automation or scripting around these tools, plus strong packet analysis using tools such as Wireshark or vendor‑built captures.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
- Minimum 7 years in network security engineering, with at least 3 to 5 years managing multi‑vendor firewalls, VPN, proxy, IPS, DDoS, and SSL inspection in large enterprises.
- Deep understanding of TCP or IP, routing, VPN protocols, TLS, HTTP/HTTPS, DNS, and common attack techniques against network and perimeter infrastructure.
- Proven track record leading incident response and complex troubleshooting in high‑availability environments.
Desired Skills and Certifications
- Palo Alto PCNSE or PCNSA, Cisco CCNP Security or equivalent, Fortinet NSE4 or higher.
- ITIL Foundation or experience operating under ITIL processes.
- CISSP, CISM, or equivalent is a plus for seniority and governance alignment.
#J-18808-Ljbffr
معلومات الوظيفة:
- الشركة: Itsecurityct
- المنصب: Network Security Engineer-L3-Saudi National
- مكان العمل: المملكة العربية السعودية
- الدولة: SA
كيفية تقديم الطلب:
بعد قراءة وفهم المعايير ومتطلبات الحد الأدنى من المؤهلات الموضحة في معلومات الوظيفة Network Security Engineer-L3-Saudi National at the office المملكة العربية السعودية أعلاه، أكمل فوراً ملفات طلب الوظيفة مثل خطاب التقديم، السيرة الذاتية، نسخة من الشهادة الجامعية، كشف الدرجات، والملاحق الأخرى كما هو موضح أعلاه. أرسلها عبر رابط الصفحة التالية أدناه.
الصفحة التالية »