Senior Security Network Engineer – Safeguarding the Core of Belgium’s Financial Sector

The role of a security network engineer is versatile and is carried out in collaboration with a senior system engineer of a strong player within the Belgian Banking industry, who coordinates all activities within the environment regarding:

1. Network architecture design: managing the secure network architecture and ensuring its gradual evolution.
2. Daily configuration: configuring the different security network devices (installation, upgrades, patches, coding firewall rules, proxy policies, etc.).
3. Troubleshooting and fault analysis: resolving failures of security network devices and malfunctioning application flows.
4. Communication: representing the network group in internal and external technical project meetings, working within a multidisciplinary technical team, participating in international video/audio conferences, providing strong reporting skills towards managers, internal and external clients or suppliers, and non-IT departments.
5. Technical writing: manuals, procedure descriptions, project documentation, etc.

The main tasks of a security network engineer consist of ensuring the daily management of the firewall, network, and proxy infrastructure of the Bank.

Daily management includes:

• Implementing changes to the existing configuration
• Applying patches and upgrades
• Troubleshooting and fault analysis
• Reviewing the existing configuration and proposing improvements

At a later stage, the engineer may also be asked to contribute to:

• Organizing the segmentation of the large internal network.
• Designing secure application services available via the internet.

Skills:

• Bachelor’s degree or equivalent, or higher
• At least 5 years of proven experience as a network engineer in large and complex IT network environments.
• Ability to translate a high-level security policy into concrete architecture components and procedures.
• Oral and written technical English is mandatory.
• Oral and written French OR Dutch is mandatory.
• Ability to work independently on projects.
• Ability to function within a multidisciplinary technical team.
• Documentation skills.
• Ability to organize and follow up meetings and presentations.

Experience in projects within large financial organizations relating to network segmentation and the setup of secure internet services is crucial (requirements analysis, market analysis, product selection, proof of concept, operational implementation, documentation and presentation, etc.).

A recent or expected vendor engineer-level certification is required (certificates should mention the product, version, and certification date where applicable).

Technical tools:

• Palo Alto PanOS
• Datacenter firewall clusters with IDS/IPS, decryption, and sandboxing.
• Dynamic routing protocols.
• PCNSE certification expected.
• Cisco
• In-depth knowledge of and experience with Umbrella.
• Knowledge of WIFI, Cisco ISE, IPSec.
• Algosec
• Thorough knowledge of Algosec (Firewall Analyzer and Fireflow).
• Knowledge of integration with SNOW.
• Automation
• Knowledge of Terraform, Gitlab, Ansible, …

The security network engineer must have in-depth knowledge of network protocols and will provide second- and third-line support for network issues.

Excellent knowledge is required of:

• IPv4/IPv6, HTTP(S), FTP(S), SMTP,
• Secure transfer protocols such as SSH, SSL/TLS, …
• Dynamic routing protocols (BGP),
• Internal management/authentication protocols such as Syslog, SNMP, LDAP, Radius, …
• High-availability protocols such as HSRP, VRRP, …