Sr. Network Engineer - Greater London, United Kingdom - Persistent Systems

    Persistent Systems
    Persistent Systems Greater London, United Kingdom

    2 weeks ago

    Default job background
    Description

    Job Description

    About Persistent

    We are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients anticipate what's next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them the power to see beyond and rise above. We work with many industry-leading organizations across the world including 14 of the 30 most innovative US companies, 80% of the largest banks in the US and India, and numerous innovators across the healthcare ecosystem.

    Our disruptor's mindset, commitment to client success, and agility to thrive in the dynamic environment have enabled us to sustain our growth momentum by reporting $291.71M revenue in Q2FY24, delivering 14.1% Y-o-Y growth. Our 22,800+ global team members, located in 21 countries, have been instrumental in helping the market leaders transform their industries. We're also pleased to share that Persistent won the 2023 Golden Peacock Award for Excellence in Corporate Governance within the IT sector. Acknowledging our cloud expertise, we were named a Challenger in the 2023 Gartner Magic QuadrantTM for Public Cloud IT Transformation Services. Throughout this market-leading growth, we've maintained strong employee satisfaction - over 94% of our employees approve of the CEO, and 89% would recommend working at Persistent to a friend.

    Job purpose

    A solid network/security/cloud engineer with a strong focus on cloud hosted environments within AWS and Azure as well as excellent skills in firewall deployment, routing and switching.

    Operational

    • Provide last line support for solutions delivered by the engineering function in line with existing IT service management processes.
    • Act as an escalation point, for the managed service, for problems pertaining to network technology and with a view to re-engineering.
    • Successfully transition the support of new network technologies to the support team.
    • This will include preparing written documentation, such as a 'Handover to Support' document, and include product training, where required.
    • Perform all changes to CLS standards across the whole network stack, including cloud, on-premises datacenters, including internet edge and ACI Fabric, branch, WAN, and operate CSM/FMC to deploy firewall rules where required.
    • Assist in the network audits and any security compliance reporting or adherence to security or compliance related processes.
    • Participate in the transformation of documentation.
    • This is to assist in building a set of 'best practice' documents in relation to Network Security.
    • Engage with third parties, assisting on high impact network issues.
    • This would entail joining a bridge and working with vendors.
    • Engage with third party vendors, such as Cisco TAC or other.
    • Have familiarity with Network Admission Control products such as Cisco Identity Services Engine.
    • Solid troubleshooting skills with the ability to provide a packet capture on the FW and debugging thereafter.
    • Solid understanding of routing and switching.
    • Understanding of QoS.
    • Understanding of Unified Communications.

    Cloud

    To design and implement network connectivity between on premise datacenters and the cloud and within the cloud. This will require an extensive knowledge of Direct Connect, leveraged through Equinix Fabric and familiar with AWS DX gateways, AWS Transit Gateways (TGW) and site-to-site VPN, to connect other third parties into the cloud and the on-premises networks to the cloud.

    A thorough understanding of VPC and VPC peering is essential.

    Through knowledge of products across the AWS Marketplace and familiar with setting up Cloud Services Routers (CSR's) and firewalls from multiple vendors.

    These firewalls could be dual stack with separate vendors with HA being essential.

    This may extend to Autoscaling.

    Experience of AWS Firewall is preferred.

    Knowledge of IPS at all layers across the firewalls is required along with an understanding of FirePOWER services.

    Experience of implementing ExpressRoute within a hybrid Exchange environment, using a combination of on-premises servers and M365 SaaS.

    Network Security

    • Comfortable with firewall platforms such as Cisco ASA/FirePOWER, CheckPoint, multiple context firewalls from Cisco and CheckPoint and the tools used to deploy the rules such as Cisco CSM (Cisco Security Manager), Cisco FMC (FirePOWER Management Centre), Fortigate/Fortinet etc.
    • Strong debugging skills are required with the ability to run packet captures and wireshark traces.
    • Good working knowledge of ACL's.

    Routing and Switching

    • Good understanding of BGP and OSPF along with policy-based routing and prefixes lists. This routing knowledge should be across ASR/ISR and IOS-XE.
    • A good understanding of NX-OS is required and any knowledge of ACI is preferred. Python and Postman is a bonus.
    • Datacenter switching and routing comprises Cisco ACI Fabric with a spine and leaf topology.
    • The engineer should be familiar with operation of ACI deployed within the core infrastructure.
    • The datacenter also features firewalling between Tenants, such as Production, Secure Management and Dev/Test.
    • Partners and vendors are connected via a separate VRF on the WAN and the webhosting environment features three tiered stacks (Cisco ASA, CheckPoint, Cisco ASA).
    • Throughout this architecture, there are many DMZ's so there should be a thorough understanding of all these technologies.
    • The engineer will also need to have a good knowledge of the tools used within the network, such as CMC for Riverbed, CSM for Cisco ASA, Voyager and CheckPoint Manager for CheckPoint, CPI for WiFi, ISE for NAC and future deployment of technology, such as TrustSec, RSA tools, Solarwinds Orion, Cisco ACS and Infoblox etc.
    • A strong knowledge of WireShark is also required.
    • The role is predominantly project focused with project design and delivery but there is also a requirement to assist the support function in situations determined by the Engineering Lead.
    • Other duties should include authoring and/or maintaining governance documentation such as High-Level Designs and Solution Outlines whilst authoring and maintaining internal documentation, such as Low Level Design, technical implementation and verification plans and Tech Specs.
    • The ability to use Visio for network schematics is essential.
    • This role will form part of Network Engineering team who are part of the wider Global Infrastructure Engineering function who are subject matter experts in fields such as Storage, Windows, VMWare, Unified Communications, Citrix, UNIX and Linux.

    Strategic

    • Assist in the design and implementation of the overall cloud strategy and assist in the deployment of technical solutions into the cloud and on-premises networks.
    • Design technical infrastructure solutions that meet Technology and Service Delivery needs and provision for the future requirements of the business, based on IT Strategy. This should include all governance and non-governance design and support documentation.

    Leadership

    • Effectively deliver projects as a technical lead, where required to do so, in line with the engineering function's overall programme and aligned to the corporate strategy.
    • Provide technical design authority over new or changing solutions, in conjunction with other team members.

    Knowledge, skills, and abilities

    In-depth knowledge of design, implementation, configuration and testing of the following:

    Routing: OSPF, BGP, knowledge of route redistribution and manipulation.

    WAN: MPLS, Internet, VPN, SDWAN, understanding of circuit commissioning.

    Datacenter: ACI spine and leaf, APIC, VxLAN and distribution switching.

    Encryption: IPsec VPN, MACSec, configuring site-to-site VPN on routers and firewalls.

    Switching and L3: HSRP, VRRP, GBLP, NTP, STP, RSTP, QoS, CoS, SVI, VLAN's, ACL's.

    WiFi: Cisco Meraki and Cisco Wireless LAN controllers with Lightweight APs.

    Firewalls: Cisco ASA/FirePOWER, Conversion from ASA code to Firepower, Checkpoint, Fortigate, ACL's, CSM/FMC.

    Qualifications / certifications

    Engineering/Computer Science Degree or industry related qualifications, such as AWS and Cisco Certifications.

    Benefits:

    • Competitive salary and benefits package
    • Culture focused on talent development with quarterly promotion cycles and company-sponsored higher education and certifications
    • Opportunity to work with cutting-edge technologies
    • Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards
    • Annual health check-ups
    • Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents

    Our company fosters a values-driven and people-centric work environment that enables our employees to:

    • Accelerate growth, both professionally and personally
    • Impact the world in powerful, positive ways, using the latest technologies
    • Enjoy collaborative innovation, with diversity and work-life wellbeing at the core
    • Unlock global opportunities to work and learn with the industry's best

    Let's unleash your full potential at Persistent-

    "Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind."