Network Security Engineer

Network Security Engineer

Middlesex, UK (4 days from office weekly)

Contract

"Seeking a Network Security Engineer with expertise in identifying, prioritizing, and remediating network vulnerabilities, including zero-day threats.

• Role requires a strong security mindset and hands-on experience in securing hybrid infrastructure, including on-premises, cloud, and SD-WAN environments.
• Candidate must analyze vulnerability reports from tools such as Tenable, Qualys, AWS Inspector, and implement corrective actions.
• Expected to remediate common network issues such as IP spoofing, default credentials, open ports, unencrypted protocols, and missing firmware patches.
• Must be familiar with insecure legacy protocols like Telnet and SNMPv1 and enforce secure alternatives like SSH and SNMPv3.
• Will apply hardening techniques using CIS Benchmarks, NIST standards, and industry best practices across firewalls, routers, and switches.
• Responsible for configuring and maintaining network security controls including ACLs, VLANs, DMZs, and micro-segmentation.
• Ensures management interfaces for network equipment follow least-privilege principles and are protected using strong encryption like TLS 1.2 or 1.3.
• Requires deep understanding of cloud networking components including AWS VPCs, Azure NSGs, and GCP firewall rules.
• Must design and enforce segmentation and egress control in cloud and hybrid environments to reduce lateral movement risks.
• Supports security incident response by investigating and remediating network-level threats and anomalies.
• Collaborates with penetration testers and vulnerability scanning team to validate vulnerabilities and ensures fixes are properly implemented and verified.
• Works with GRC and compliance teams to align network configurations with frameworks like PCI-DSS, ISO 27001 etc.
• Preferred certifications include CCNP Security, CISSP, AWS Security Specialty, OSCP, or CEH, with scripting experience as a bonus.