Network Security Engineer

Job Title: Network Security Engineer
Location: Full Remote / outside IR35
Contract Type: 6-Month Initial Term (with potential for extension)

________________________________________
Role Overview:
We are seeking an experienced Network Security Engineer to support a strategic data centre migration project involving the transition to a segmented VRF architecture. The ideal candidate will have deep expertise in Palo Alto firewall technologies and knowledge with Cisco VXLAN EVPN, and will be instrumental in implementing secure, scalable network solutions during this transformation.

________________________________________
Key Responsibilities:
- Lead the migration of legacy data centre environments into segmented VRFs, ensuring secure and efficient traffic separation via Palo Alto Infrastrcuture.
- Design, deploy, and manage Palo Alto Next-Generation Firewalls (PA-Series, Panorama, GlobalProtect).
- Configure and troubleshoot Cisco VXLAN EVPN overlays, including BGP EVPN control plane and VTEP deployments.
- Implement network segmentation aligned with zero-trust principles.
- Collaborate with infrastructure, cloud, and application teams to ensure secure connectivity during migration.
- Perform firewall rule optimization, threat prevention tuning, and performance monitoring.
- Document migration plans, network designs, and operational procedures.
- Provide expert-level support for network and security incidents during the contract term.
- Participate in scheduled out-of-hours migration activities, including implementation, testing, and troubleshooting.
________________________________________
Required Skills & Experience:
- 5+ years of hands-on experience with Palo Alto Networks firewalls.
- Proven experience in data centre migrations, especially involving VRF segmentation.
- Strong understanding of Cisco VXLAN EVPN, including multi-tenancy and BGP EVPN.
- Solid knowledge of routing protocols (BGP, OSPF) and Layer 2/3 switching.
- Familiarity with network automation tools (e.g. Ansible, Python, Terraform) is a plus.
- Relevant certifications such as PCNSE, CCNP/CCIE (Data Center or Security) are highly desirable.
- Strong documentation and troubleshooting skills.
- Willingness and availability to work outside standard business hours as required by migration schedules.
________________________________________
Preferred:
- Experience in hybrid cloud environments (AWS, Azure, GCP, OCI).
- Knowledge of SD-WAN and SASE architectures.
- Exposure to NAC solutions (e.g., Cisco ISE).
________________________________________

If this sounds like you, please get in touch.