Network Engineer

The Network Engineer will be responsible for managing and securing the bank’s network infrastructure while ensuring compliance with regulatory, security, and audit requirements. This role includes maintaining secure connectivity across branches, data centers, CBS, ATM networks, digital banking platforms, and third-party integrations. The engineer will work closely with the Information Security, IT Infrastructure, Audit, and Compliance teams. Key Responsibilities 1. Network Infrastructure Management • Manage, configure, and maintain routers, switches, firewalls, load balancers, WAF, VPN, and SD-WAN across branches and data centers. • Ensure 24×7 availability of critical banking network components (CBS, ATM Switch, UPI, Internet Banking, Mobile Banking, API gateways). • Perform network performance monitoring, optimization, capacity planning, and traffic analysis. • Implement segmentation for internal, DMZ, ATM, CBS, and vendor networks. 2. Security Operations & Control Implementation • Configure and maintain firewalls, IPS/IDS, NAC, DLP, Proxy, VPN, and endpoint security controls. • Ensure adherence to RBI Cyber Security Framework, Baseline Cyber Security Controls, PCI-DSS, ISO 27001, SWIFT CSCF, and NPCI security guidelines. • Maintain and enforce network security policies, access controls, and least-privilege principles. • Monitor for anomalies, unauthorized access, and suspicious activities. 3. Compliance & Audit Management • Maintain compliance with RBI, NPCI, CERT-In, DIT, and internal IS Audit requirements. • Prepare network-related audit evidence, configuration snapshots, logs, hardening reports, DR/BCP evidence, and patch reports. • Support internal/external audits, VAPT, compliance reviews, and gap assessments. • Track and close audit observations related to network and security infrastructure. • Ensure timely implementation of CERT-In, OEM security advisories, patches, and updates. 4. Vendor & Third-Party Connectivity Management • Manage vendor connectivity for ATM, POS, IMPS/UPI, bill payments, CBS vendors, SOC, SIEM, cloud service providers, etc. • Implement secure VPN/MPLS/SD-WAN connectivity with adequate firewall rules and monitoring. • Ensure compliance with third-party risk management guidelines (RBI, ISO27036). 5. Change, Incident & Problem Management • Manage network change requests (CRs) following ITIL change management processes. • Perform root cause analysis (RCA) for network and security incidents. • Maintain detailed documentation for topology, firewall rules, configuration baselines, and change logs. • Support DR drills, failover testing, and high-availability architecture. 6. Monitoring, Alerting & Reporting • Monitor all network devices through NMS, SIEM, SOC dashboards, and OEM tools. • Respond to network/security alerts within SLA. • Maintain daily/weekly/monthly network health reports and compliance dashboards. • Track link utilization, uptime, and security event trends. Required Skills & Qualifications Technical Skills • Strong hands-on with Cisco/Juniper/Checkpoint/Fortinet/ Palo Alto network & security appliances. • Expertise in routing, switching, BGP, OSPF, MPLS, SD-WAN. • Strong knowledge of firewall policies, NAT, VPN, SSL/TLS, IPS/IDS. • Experience with Syslog, SIEM tools, NMS, SOC workflows. • Knowledge of DDoS protection, WAF, Proxy, NAC solutions. • Familiarity with server, virtualization, and cloud network concepts. Compliance & Regulatory Skills • Understanding of: • RBI Cyber Security Framework & Baseline Controls • Gopalakrishna Committee guidelines • NPCI Guidelines: UPI, IMPS, AEPS, BBPS, NFS • ISO 27001, ISO 27002, PCI DSS • CERT-In guidelines & security advisories • Experience preparing audit evidence, risk registers, and compliance documentation. Professional Experience • 3–10 years of experience in banking network administration, network security, or compliance-driven IT operations. • Experience handling audits (IS Audit, RBI, ITGC, VAPT, SOC) preferred. • Certifications preferred: • CCNA/CCNP • CEH / CompTIA Security+ • Palo Alto PCNSE / Fortinet NSE • ISO 27001 LA/LI (added advantage)