Senior network Security Engineer

Description Job Title: Senior Network & Security Engineer Purpose of Role: To design, implement, maintain, troubleshoot and support all aspects of network and security on the Options PIPE network infrastructure. As a member of the UK Networks team, the senior network engineer will work closely with the global network team (US and Asiapac). They will be responsible for the timely delivery of changes to the network environment to facilitate the onboarding of new clients, to deliver new features or service to the PIPE platform or to correct production issues. Key Tasks: The role requires a flexible, highly skilled engineer who is capable of managing multiple work streams in a fast-paced service provider environment. Teamwork and ability to work on own initiative is imperative for the role which includes (but is not restricted to the following key areas): New Client Solutions/Designs: Involves design and implementation of new client network architecture ready for client on-boarding in to our private cloud, the Options PIPE®. These designs range from (but are not limited to) redundant Gig-E connections to multiple OTL datacentres, site to site VPNs, data centre x-connects, secure web hosting services and layered firewall security, through to software VPN access, and home/office network connectivity using site-to-site Internet VPNs. Ideally the candidate will have performed firewall migrations in the past. Evolution of PIPE services: Example projects include data centre Greenfield builds, data centre relocation projects, and global deployments of new network/application services. In doing so, you will use a wide range of enterprise-level network and security technologies including Catalyst switches, Cisco routers (39xx/29xx) and Nokia Checkpoint firewalls. 3rd Party Network Connections: Options provides broker/venue connectivity as part of its PIPE Core® offering, typically to Tier 1 Investment Banks, brokers or pools of liquidity. We deliver these either via direct fibre circuits, via x-connects, or through the use of global MSP networks (e.g. BT Radianz, TNS). Direct Exchange Connectivity: Options provides connectivity to and market data services from the global catalogue of stock exchanges and venues/MTFs. We deliver ultra-low latency market data and on-exchange trading services. Currently connected exchanges include Nasdaq, NYSE, CME/CBOT, LSE, Deutsche Börse (Xetra/Eurex) as well as MTFs such as BATS Chi-X Europe and Direct Edge. Technical Skills should include most of the following: Security Platforms: Fortinet Fortigates – in depth experience. Checkpoint NGX R70/R75/R77 and Management Suite (SmartCenter, SmartUpdate, SmartView Tracker) Nokia firewall platforms - experience implementing/installing/troubleshooting on Linux Will ideally be comfortable on a Linux platform and be able to install and maintain Linux based applications eg Cacti, Rancid etc Scripting/coding Will ideally have experience with scripting. Python preferred. WAN Technologies: IPSEC, GRE, E1/T1, ATM, PPP, HDLC, SONET, xDSL, WES/LES, SDSH, Dark fibre LAN Technologies: Gigabit Ethernet (GigE etc), TenGig Ethernet, Multicast (PIM/IGMP), Spanning-Tree (+extensions), switching, Vlan trunking EtherChannel (PAgP, LACP), SVI’s and inter-vlan routing, VOIP, QoS and DiffServ Routing Protocols: OSPF, BGP,RIP (v2), static routes, route re-distribution, policy-based routing Multicast: PIM-SM, MSDP NMS and Troubleshooting Tools: tcpdump, fwmonitor, Wireshark WLAN Technologies: Cisco Aironet deployment in either root or repeater mode Familiarity with wireless security (WEP/WPA/WPA2) Hardware: Experience with our common platforms would be useful: Fortinet – 30d, 60d, 200d, 1000d, 1500d Cisco Catalyst switches – 65xx, 45xx, 3750, 3560 – 6500 platform particularly desirable Cisco routers – 39xx, 38xx, 28xx, 88x, 87x Arista switches – 7124, 7150 Juniper EX4200 series switches Cisco 10Gb line modules SolarFlare 10Gb network cards Nokia Checkpoint firewalls – IP3xx, IP5xx, 46xx, 48xx Fortinet FIrewalls F5 BigIP DNS Load Balancers (GTM) Wireless access points - 3560, 2950, Aironet 1242ag Accreditation: Fortinet Firewall accreditation (desirable) Checkpoint accredited CCSA and above (desirable) Cisco accreditation (desirable)