Network Engineer (Firepower + AWS)

description: Network Engineer Hybrid (2 days a week) Contract (6+ Months) Inside IR35 Canary Wharf, UK Knowledge, skills, and abilities A solid network/security/cloud engineer with a strong focus on cloud hosted environments within AWS and Azure as well as excellent skills in firewall deployment, routing and switching. In-depth knowledge of design, implementation, configuration and testing of the following: Routing – OSPF, BGP, knowledge of route redistribution and manipulation. WAN - MPLS, Internet, VPN, SDWAN, understanding of circuit commissioning. Datacenter – ACI spine and leaf, APIC, VxLAN and distribution switching. Encryption - IPsec VPN, MACSec, configuring site-to-site VPN on routers and firewalls. Switching and L3 - HSRP, VRRP, GBLP, NTP, STP, RSTP, QoS, CoS, SVI, VLAN’s, ACL’s. WiFi – Cisco Meraki and Cisco Wireless LAN controllers with Lightweight APs. Firewalls – Cisco ASA/FirePOWER, Conversion from ASA code to Firepower, Checkpoint, Fortigate, ACL’s, CSM/FMC. Job purpose Provide last line support for solutions delivered by the engineering function in line with existing IT service management processes. Act as an escalation point, for the managed service, for problems pertaining to network technology and with a view to re-engineering. Perform all changes to organisation standards across the whole network stack, including cloud, on-premises datacenters, including internet edge and ACI Fabric, branch, WAN, and operate CSM/FMC to deploy firewall rules where required. To design and implement network connectivity between on premise datacenters and the cloud and within the cloud. This will require an extensive knowledge of Direct Connect, leveraged through Equinix Fabric and familiar with AWS DX gateways, AWS Transit Gateways (TGW) and site-to-site VPN, to connect other third parties into the cloud and the on-premises networks to the cloud. A thorough understanding of VPC and VPC peering is essential. Through knowledge of products across the AWS Market Place and familiar with setting up Cloud Services Routers (CSR’s) and firewalls from multiple vendors. These firewalls could be dual stack with separate vendors with HA being essential. This may extend to Autoscaling. Experience of AWS Firewall is preferred. Knowledge of IPS at all layers across the firewalls is required along with an understanding of FirePOWER services. Experience of implementing ExpressRoute within a hybrid Exchange environment, using a combination of on-premises servers and M365 SaaS. Comfortable with firewall platforms such as Cisco ASA/FirePOWER, CheckPoint, multiple context firewalls from Cisco and CheckPoint and the tools used to deploy the rules such as Cisco CSM (Cisco Security Manager), Cisco FMC (FirePOWER Management Centre), Fortigate/Fortinet etc. Strong debugging skills are required with the ability to run packet captures and wireshark traces. Good working knowledge of ACL’s. Good understanding of BGP and OSPF along with policy-based routing and prefixes lists. This routing knowledge should be across ASR/ISR and IOS-XE. A good understanding of NX-OS is required and any knowledge of ACI is preferred. Python and Postman is a bonus. Datacenter switching and routing comprises Cisco ACI Fabric with a spine and leaf topology. The engineer should be familiar with operation of ACI deployed within the core infrastructure. The datacenter also features firewalling between Tenants, such as Production, Secure Management and Dev/Test. Partners and vendors are connected via a separate VRF on the WAN and the webhosting environment features three tiered stacks (Cisco ASA, CheckPoint, Cisco ASA). Throughout this architecture, there are many DMZ’s so there should be a thorough understanding of all these technologies. The engineer will also need to have a good knowledge of the tools used within the network, such as CMC for Riverbed, CSM for Cisco ASA, Voyager and CheckPoint Manager for CheckPoint, CPI for WiFi, ISE for NAC and future deployment of technology, such as TrustSec, RSA tools, Solarwinds Orion, Cisco ACS and Infoblox etc. A strong knowledge of WireShark is also required. Qualifications / certifications: · Engineering/Computer Science Degree or industry related qualifications, such as AWS and Cisco Certifications.