Job Summary

We are seeking a seasoned Network & Cloud Security SME to lead the design, implementation, and optimization of security architectures across hybrid environments (on-prem, private cloud, and public cloud). This role will partner with Infrastructure, CloudOps, DevOps, and IT Services teams to define secure reference architectures, harden enterprise networks, implement Zero Trust, and operationalize cloud-native security controls at scale. The SME will be accountable for end-to-end solutioning—from requirements and threat modeling through deployment, tuning, documentation, and handover.

Key Responsibilities

• Lead the design of Zero Trust network security architectures.
• Architect and implement Next-Gen Firewalls, IDS/IPS, WAF, DDoS protection, VPN/SD‑WAN, and SASE solutions across sites and cloud edges.
• Design secure landing zones and cloud security controls across AWS/Azure/GCP:
• Network security (VPC/VNet, routing, security groups/NSGs, private endpoints, NAT, firewall policies).
• IAM (RBAC, ABAC, least privilege, service identities), PAM for privileged access.
• CASB, CSPM, CIEM, CNAPP (visibility, misconfig detection, posture management).
• Understanding of network segmentation/microsegmentation (east-west traffic control, identity-based policies).
• Conduct threat modeling, risk assessments, security reviews for new projects; produce security architecture artifacts and design decisions.

• Brief knowledge on different security standards/frameworks : ISO 27001, NIST CSF/800‑53, SOC 2, CIS Benchmarks, PCI‑DSS (as applicable).
• Define baselines, hardening guides, and secure configuration standards for network and cloud services.

• Develop runbooks, standard operating procedures (SOPs), architecture diagrams, and high-quality documentation.
• Vendor engagement: evaluate products, PoCs, and manage integrations.

Skill Requirements

Required Qualifications

• 9+ years in network and cloud security with hands-on design and implementation in enterprise/hybrid environments.
• Strong expertise in:
• Network security: NGFW (Palo Alto/Checkpoint/Fortinet), IDS/IPS, WAF, DDoS, VPN, SD‑WAN, NAC (802.1X), RADIUS/TACACS+, BGP/OSPF fundamentals.
• Cloud security (AWS/Azure/GCP): IAM/RBAC, network security, key management, logging/monitoring, CSPM/CIEM/CNAPP, workload protection.
• Zero Trust/SASE architectures; (Zscaler/Prisma/Netskope).
• SIEM/SOAR (Microsoft Sentinel/Splunk/QRadar), EDR/XDR (Defender, CrowdStrike, etc.).
• Proven delivery of end-to-end security projects: requirements → design → build → test → deploy → transition.
• Strong documentation skills (HLD/LLD, diagrams, SOPs, runbooks).
• Excellent stakeholder communication; ability to influence design decisions.

Tools & Technology Stack

• Firewalls/WAF/DDoS: Palo Alto, Fortinet, Check Point, F5, Cloudflare/Akamai.
• Cloud: Azure, AWS, GCP; native security (Defender for Cloud, Security Hub, SCC).
• Posture: Prisma Cloud, Wiz, Lacework, Orca, Tenable/Qualys.
• SASE : Zscaler, Prisma, Netskope

Other Requirements

Preferred/Good-to-Have

• Experience implementing  ZTNA, CASB, SWG.
• Exposure to Data Security: DLP, tokenization, masking, data classification.
• Experience with certificate management/PKI (internal CA, mTLS).
• Experience with Compliance audits and evidence collection.
• Prior work in managed services/IT services environments with multi-tenant security.