Network Engineer
  • Ukraine Kyiv
  • Luxoft Ukraine
1 year before
31.01.2024
Protect and Defend
Cyber Defense Infrastructure Support
Job Description

Project Description:
IT Department is looking for experienced network engineer with at least 2 years working experience in ISP or big enterprise. Our team is responsible for network services in all Luxoft locations (45+) and Public Clouds (AWS, Azure).

Responsibilities:

1. Eastern Europe and MS Azure network maintenance
a. Routers, firewalls, switches and wireless devices configuration.
b. Keep network documentation in actual state.
c. Support devices monitoring in actual state.
d. Troubleshooting occurred problems (including communication with internal users and ISPs).
2. Participate in Global IT projects (automation, public clouds, upgrades, new systems implementation)

Mandatory Skills Description:

1. Working experience with distributed network from 2 years. Preferable to have experience in ISP or system integrator.
2. Working experience with Cisco ASA/Cisco FirePower (clustering, IPSec configuration, context, ACL, NAT).
3. Working experience with Cisco ASR/ISR.
4. Working experience with Cisco ISE.
5. General knowledge about Internet and ISPs interconnection.
6. Knowledge of OSI model and TCP/IP.
7. Working experience with wireless network based on Cisco equipment. Experience with planning and troubleshooting.
8. Knowledge about following protocols and technologies:
• HSRP;
• BGP (best path selection algorithm, difference between iBGP and eBGP, redistribution, Rote-Reflector);
• EtherChannel (modes, load balancing types);
• OSPF;
• IPSec (route based);
• GRE;
• PBR;
• NAT;
• SSL VPN.

Nice-to-Have Skills:
Python, HashiCorp Terraform, Ansible, Linux, Azure Networking, CI/CD

Languages:
English: B1 Intermediate

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0058   Knowledge of network traffic analysis methods.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0104   Knowledge of Virtual Private Network (VPN) security.
  • K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0205   Knowledge of basic system, network, and OS hardening techniques.
  • K0274   Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0334   Knowledge of network traffic analysis (tools, methodologies, processes).
Required Skills
  • S0007   Skill in applying host/network access controls (e.g., access control list).
  • S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
  • S0077   Skill in securing network communications.
  • S0079   Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • S0121   Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
  • S0124   Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).