The role of Cloud Network Security Engineer is to design, implement, maintain and improve security compliance protecting our organization's network infrastructure from Cyber Threats, vulnerabilities, and unauthorized access. This role is primarily responsible for rolling our network security monitoring and visibility tools along with implementing Cloud Access Security Broker (CASB), Hands-on experience in designing, implementing, and managing Google Cloud Platform (GCP) network security or Azure orAWS components. You will be responsible for securing on-prem and cloud network infrastructure and ensuring compliance with organizational and industry security standards.This focuses on ensuring that security technologies are optimized for detecting, preventing, and responding to security threats in real-time. This also involves collaboration with Network engineers, IT, and security operations to deploy and support enterprise-level Cyber security platforms and solutions.
Responsibilities
- Define and enforce network security policies, standards, and best practices.
- Design, deploy, and manage security solutions such as firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS) and endpoint protections.
- Strong experience in Cloud security tools and platforms (GCP, AWS, Azure) and their security models.
- Configure and maintain VPC Service Controls (VPC-SC) to protect sensitive data and prevent data exfiltration across GCP services.
- Configure and maintain Cloud Armor for application-level protection and DDoS mitigation.
- Manage Cloud Firewalls and enforce network segmentation, ingress/egress policies, and traffic filtering.
- Implement and monitor Cloud Logging, Cloud Audit Logs, and Cloud Trail (operations logging) for network security visibility and incident investigation.
- Configure and manage Identity-Aware Proxy (IAP) for secure access to applications and internal tools.
- Collaborate with architecture, DevOps, and compliance teams to integrate security best practices across cloud workloads.
- Conduct periodic network security assessments, vulnerability reviews, and incident response for cloud environments.
- Support automation and Infrastructure as Code (IaC) practices for consistent and repeatable network security deployments (e.g., using Terraform).
- Maintain up-to-date documentation including policies, incident reports, and network diagrams.and continuously improve security posture aligned with organizational policies.
- Design, implement, and manage CASB solutions to secure cloud applications and services and enforce cloud security policies, including data loss prevention (DLP), access controls, and threat detection.
- Integrate enterprise controls such as URL filtering, secure DNS, policy enforcement, and logging.
- Perform root cause analysis on incidents and coordinate incident response and remediation efforts to improve security posture and prevent security breaches.
- Collaborate with stakeholders, network and cross-functional teams to align security with organizational goals and compliance requirements.
- Lead or participate in security projects, disaster recovery planning, and business continuity initiatives..
- Optimize network security tools and platforms for performance and effectiveness, ensuring they meet compliance and organizational requirements.
- Maintain comprehensive documentation for network configurations, troubleshooting guides, and operational procedures.
Qualifications
- Technical Skills :
- Strong knowledge of secure coding practices, encryption protocols (TLS/SSL), and sandboxing techniques.
- Strong experience in Cloud security tools and platforms (GCP, AWS, Azure) and their security models.
- Hands-on experience with leading CASB solutions like MCAS, Netskope, Prisma Clouds, etc.
- Understanding API-based and proxy-based CASB deployment modes (Forward Proxy, Reverse Proxy, API Integration).
- Strong hands-on experience with GCP networking and security services (VPC, VPC-SC, PSC, Firewalls, Cloud Armor, IAP).
- Deep understanding of VPC design, subnetting, Shared VPCs, Private connectivity, and Service perimeter configurations.
- Experience managing Cloud Firewalls and security policies at both network and application layers.
- Knowledge of IAM, service accounts, and resource hierarchy policies.
- Working experience with Terraform or other IaC tools for network security automation.
- Strong problem-solving, communication, and analytical skills.
- Experience with IDS/IPS, and security frameworks (e.g., NIST, ISO 27001).
- Exposure with network monitoring tools such as Gigamon, Viavi, Arista or equivalent, NDR tools like Arista, Cisco or equivalent, NetOps like Plixer and SIEM tools like (e.g., Splunk, QRadar, SecOps or equivalent).
- Understanding of network architectures, protocols (TCP/IP, UDP), routing, switching, and load balancing.
- Experience in firewall technologies (e.g., Check Point, Cisco, Fortinet), VPNs (SSL, IPSec), authentication protocols (LDAP, RADIUS), load balancers and cloud security.
- Strong scripting skills in Python, PowerShell, or Bash for automation and tool integration.
- Experience in Observability tools (Dynatrace, Splunk, Prometheus Grafana).
- Familiarity with ITSM processes, Agile practices, ServiceNow, JIRA.
- Experience :
- Bachelor's or Master’s degree in Computer Science, Information Security, or related field, or equivalent practical experience.
- Minimum 5-10 years of experience in network engineering and security management.
- Proven experience in managing security platforms and tools in a large, complex environment.
- Experience with Network and Cloud security, analysis, and response, including knowledge of common attack vectors.
- Certifications :
- Relevant certifications such as CISSP, CEH, CCNA/CCNP Security, NSE (Fortinet), or equivalent.
- GCP Professional Cloud Security Engineer Certification or equivalent.
- Cybersecurity certificates (preferred)
