Network Security Lead

Key Skills: Network Security, Security

Roles and Responsibilities:

• Define, design, and govern enterprise security architecture across network, infrastructure, perimeter, application, and cloud environments.
• Architect and implement enterprise security solutions including Firewalls, WAF, IPS/IDS, Proxy, Endpoint Security, API Gateway Security, and Microservices Security.
• Define and enforce Authentication and Authorization frameworks, including OAuth, OpenID Connect, RBAC, token-based security, and identity federation models.
• Lead the design and implementation of secure network architectures across Data Center (DC), Disaster Recovery (DR), and cloud environments.
• Drive network segmentation, firewall policy optimization, security orchestration, and access control initiatives to strengthen the organization's security posture.
• Plan, coordinate, and support BCP and DC-DR drills from a security perspective, ensuring resilience, secure failover, and compliance readiness.
• Conduct security architecture reviews, risk assessments, vulnerability assessments, and remediation planning.
• Collaborate with SOC teams, auditors, OEM vendors, infrastructure teams, and business stakeholders to implement security controls and governance frameworks.
• Design and govern TLS, certificate management, encryption standards, and secure communication frameworks across enterprise systems.
• Lead technical security design reviews and provide architectural guidance for new projects, technologies, and transformation initiatives.
• Evaluate and implement Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE), and cloud security solutions.
• Act as the escalation point for complex security architecture challenges and mentor junior security architects and engineers.
• Support security audits, compliance assessments, and regulatory requirements through effective governance and documentation.

Skills Required:

• Strong experience in enterprise Network Security Architecture and Cyber Security Operations.
• Expertise in Firewall technologies, WAF, IPS/IDS, DDoS protection, Proxy solutions, and Secure Web Gateways.
• Experience with network security orchestration platforms such as AlgoSec, Tufin, or Skybox for firewall audit, policy management, and optimization.
• Strong knowledge of Authentication and Authorization frameworks including OAuth, OpenID Connect, RBAC, JWT, and Identity Federation.
• Experience securing API Gateways, Microservices architectures, and containerized environments.
• Hands-on experience with network automation tools and scripting using Python, Ansible, Chef, or similar technologies.
• Knowledge of Load Balancers, API Gateways, and network security technologies from vendors such as F5, Cisco, Fortinet, and Palo Alto.
• Experience implementing Network Access Control (NAC) solutions such as Aruba ClearPass.
• Strong understanding of WLAN security architecture and secure wireless network implementations.
• Experience evaluating and implementing XDR solutions such as CrowdStrike Falcon, Trend Micro, or Carbon Black.
• Expertise in Public Cloud and Private Cloud Network Security assessments, architecture reviews, and security recommendations.
• Deep understanding of Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE), and modern access security frameworks.
• Strong knowledge of TLS, PKI, certificate lifecycle management, and secure communication protocols.
• Experience conducting vulnerability assessments, security audits, and remediation programs.
• Excellent stakeholder management, communication, analytical, and leadership skills.

Preferred Certifications (Valid)

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• ISO 27001 Lead Auditor (ISO 27001 LA)
• TOGAF Certification
• OEM Security Certifications such as Palo Alto, Fortinet, Check Point, AlgoSec, Tufin, F5, or equivalent

Preferred Domain Experience

• Network Security Orchestration and Firewall Governance
• Zero Trust Security Architecture
• Secure Access Service Edge (SASE)
• Cloud Security Architecture
• API and Microservices Security
• Network Access Control (NAC)
• Security Compliance and Audit Management
• Enterprise Security Transformation Programs
• Business Continuity and Disaster Recovery Security Planning

Education:

• Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, Information Technology, Electronics, or a related field.
• BE, B.Tech, M.Tech, MCA (Computer Science/Electronics), or equivalent qualification