Lead Engineer

Job Description

The L3 Network & Security Engineer (Shift Lead) is a senior technical authority responsible for expert-level troubleshooting, operational leadership within the shift, and end-to-end management of complex network and security environments. The role requires strong hands-on capabilities in firewalls, load balancers, SASE/Zscaler, Sectona PAM, routing & switching, and enterprise infrastructure security.

As a Shift Lead, the engineer is also responsible for managing operational workflows, mentoring the shift team, coordinating major incidents, and ensuring adherence to SLA-driven service delivery.

Responsibilities

1. Shift Management & Leadership

Act as Shift Lead for assigned operations shift and ensure all operational tasks are executed efficiently.

Manage and oversee L1/L2 engineers, providing guidance, technical support, and task allocation.

Perform shift planning, assignment of daily activities, and monitoring of shift workload.

Conduct shift handover meetings ensuring accurate communication of ongoing issues, risks, and planned changes.

Ensure compliance with internal processes, SOPs, SLAs, and escalation guidelines.

Review shift performance metrics and provide improvement recommendations.

Act as the primary escalation point during the shift for all high-severity (P1/P2) incidents.

Coordinate with cross-functional teams (SOC, Cloud, Infra, App teams) during incident bridges.

Provide training, mentoring, and knowledge-transfer sessions to strengthen shift competency.

2. Firewall Management & Troubleshooting

Expert-level management of:
Palo Alto, FortiGate, Check Point, Cisco ASA/FTD, Meraki firewalls.

Deep troubleshooting including packet captures, session analysis, routing/NAT issues, URL/Threat prevention, IPS/IDS issues.

Manage HA failures, VPN outages, policy conflicts, routing loops, and platform performance issues.

3. Load Balancer (ADC) Operations

Configure and troubleshoot F5 LTM/GTM/APM, Citrix ADC/NetScaler.

Manage VIPs, SSL offloading, persistence, health monitors, and traffic policies/iRules.

Troubleshoot application performance or failover issues.

4. Zscaler & SASE Platforms

Support ZIA, ZPA, Client Connector, cloud firewalling, CASB, DLP, SSL inspection.

Troubleshoot authentication, tunnels, policy enforcement, application access, and traffic forwarding issues.

Operate broader SASE ecosystems such as Netskope or Prisma Access.

5. Sectona PAM Operations

Manage full lifecycle of privileged access: onboarding assets, workflows, session recordings, vaulting, and password rotation.

Troubleshoot Sectona session broker issues, workflow failures, or access provisioning problems.

Coordinate with SOC for privileged access alerts or policy violations.

6. Routing & Switching

Troubleshoot advanced L2/L3 designs: VLANs, STP, OSPF, BGP, VRRP/HSRP, ECMP.

Support FortiSwitch, Cisco, Aruba switching environments.

Identify and resolve routing issues, loops, drops, MTU problems, and segmentation issues.

7. Escalations & Incident Management

Act as the highest point of escalation within the shift.

Lead incident bridges for major outages or customer-impacting events.

Perform deep RCA (Root Cause Analysis) and create detailed incident reports.

Validate changes before implementation and approve complex technical changes.

8. Continuous Improvement & Documentation

Regularly audit configurations, improve security posture, and optimize performance.

Develop and maintain high-quality documentation, workflows, and runbooks.

Lead initiatives for automation, monitoring improvements, and process optimization.

Essential Skills

Expert knowledge of firewalls, load balancers, SASE/Zscaler, routing & switching, and PAM platforms.

Hands-on experience with:

Palo Alto, FortiGate, Check Point, ASA/FTD

F5/Citrix ADC

Zscaler (ZIA/ZPA)

Sectona PAM or equivalent

Cisco/FortiSwitch/Aruba switching

Strong skills in packet capture tools (Wireshark, tcpdump), log analysis, SIEM event understanding.

Additional Desired Skills

Strong leadership and ownership mindset

Ability to mentor junior engineers

Excellent communication and customer handling skills

Calm and structured approach during high-pressure incidents

Documentation discipline and process-oriented thinking

Certification Requirements & Experience

Experience Requirements:

510 years in Network & Security Engineering roles.

Prior experience in a Managed Services or MSSP environment preferred.

Proven track record handling escalations and major incidents.

Firewall Certifications (at least one):

Palo Alto PCNSE

Fortinet NSE4/NSE5/NSE7

Check Point CCSE/CCSM

Cisco CCNP Security / CCIE Security (preferred)

SASE / Cloud Security Certifications (choose at least one):

Zscaler ZCCA-IA / ZCCA-PA / ZCP

Netskope NSP

Prisma Access PSE - SASE

Load Balancer / Networking Certifications (choose at least one):

F5 CTS-LTM / CA

Citrix ADC CCA-N / CCP-N

Cisco CCNP Enterprise

Juniper JNCIS/JNCIP

Note: Candidate must possess at least three certifications across three different technology areas.

Why This Role is Critical?

As a Lead Engineer(L3), you will ensure technical stability, rapid escalation handling, and operational excellence across complex customer environments. The role directly impacts service quality, incident response efficiency, customer satisfaction, and security posture.