Networking and Cybersecurity

JobTitle: ICT Technical Resource – Networking and Cybersecurity

Location: Dublin 4 (Remote working may be agreed for part of the engagement, subject to operational requirements)

Contract/Permanent: 6 months, with further extension

Start date: January 2026

Experience Level Required

- Resource must have the equivalent of Grade 2 Intermediate Resource

- Resource must hold a degree equivalent to level 8 or higher on the National Framework of Qualifications in a relevant discipline

Key Deliverables

- Current Network Assessment: Topology diagrams, IP/VLAN schema, device inventory and configuration baseline with risk‑ranked findings

- Risk & Gap Analysis: Network‑centric security risks and gaps vs best practice; prioritised remediation items

- Best‑Practice Standards: Firewall, switching, WLAN, NAC configuration standards; naming/IPAM standards; change‑control templates

- Standardisation Pack: Repeatable templates (switch port profiles, firewall rule taxonomy), golden configs, as‑built documentation

- Remediation Plan: Sequenced plan with timelines, dependencies and required maintenance windows

- Playbooks & Runbooks: Incident response for network threats; routine operations (backup/restore, change, DR failover tests)

- Monitoring & Logging Plan: Telemetry sources, thresholds, log routing/retention and health dashboards

- Weekly Status Reports: Progress, risks/issues, metrics and next steps

- Cloud Readiness Assessment: Inventory of infrastructure, dependencies, compliance, risks and workload readiness scoring

- Digital Strategy Enablement: Contribute to the client’s digital transformation by ensuring network and security practices extend seamlessly to SaaS, IaaS and PaaS environments, enabling scalable, cloud‑first services

Requirements

- Core Network Design & Operations (WAN / LAN / WLAN)

- Strong experience with Cisco (IOS/NX‑OS) and Meraki; CLI skills and template‑driven configs

- Familiarity with core routing and switching protocols (OSPF, BGP, STP, VLANs, EtherChannel, QoS) and scalable enterprise design principles

- Experience designing and operating wireless networks including capacity planning, authentication and guest access controls (WPA2/WPA3 Enterprise with RADIUS)

- Provider interaction & WAN management (Virgin Media): SLAs, QoS, failover behaviour and performance troubleshooting

- Understanding of IP addressing, subnetting and integration of core IP services (DNS, DHCP, IPAM)

- Perimeter & Edge Security (Firewalls, VPN, DDoS)

- Strong knowledge of next‑generation firewalls administration (Cisco & Palo Alto) and security policy lifecycle (design, hygiene, review)

- Experience with high‑availability firewall designs, upgrade strategies and deterministic failover for predictable resilience

- Proficiency with remote access and site‑to‑site VPNs using robust authentication (RADIUS/Entra ID), posture checks and split‑tunnel design

- Competence in secure service publication, minimal/auditable exceptions, egress controls and GEO/IP reputation use

- Awareness of DDoS exposure and layered mitigations across provider, edge and on‑premise controls

- Ability to design outcome‑driven segmentation aligned to Zero‑Trust principles (VLANs, ACLs, firewalled inter‑segment flows)

- Experience implementing Layer‑2 protections (DHCP snooping, Dynamic ARP Inspection, IP source guard, port security)

- Clean IP plan and deterministic routing between segments policy enforcement tied to identity and roles

- Safe patterns for guest/BYOD and third‑party connectivity with appropriate isolation and controls

- Monitoring, Telemetry & Incident Response (SOC/SIEM & Threat Intel)

- Proven experience in real‑time security monitoring and incident response within SOC/SIEM environments including alert triage, correlation, enrichment and continuous rule tuning

- Skilled in investigating security incidents using logs, network telemetry and packet captures to identify root causes, scope impact and execute effective containment and remediation

- Strong understanding of network observability sources (NetFlow/sFlow, syslog, SNMP, SPAN/ERSPAN) and their role in threat detection and investigations

- Proficient in threat intelligence integration (STIX/TAXII, vendor feeds) and transforming intelligence into actionable detections and control improvements

- Experienced in developing and maintaining incident response playbooks, managing evidence and conducting post‑incident reviews to enhance detection and response maturity

- Vulnerability, Patch & Platform Lifecycle Management

- Strong experience in vulnerability assessment and remediation performing regular scans of network, server and application layers with CVSS‑ and risk‑based prioritisation

- Experienced in coordinating and tracking patch compliance across firewalls, routers, switches, servers and virtual environments ensuring timely updates and controlled rollout of changes

- Skilled in hardware and software lifecycle governance maintaining EOS/EOL visibility, upgrade scheduling and clear communication of operational risk to support replacement planning

- Proficient in applying secure configuration benchmarks (vendor/CIS) and tracking variance to maintain compliance and reduce attack surface

- Experienced in exception and risk acceptance management documenting compensating controls and defined remediation timelines to uphold governance integrity

- Resilience, Backup & Disaster Recovery Readiness

- Strong knowledge and practical experience designing resilient network and system architectures implementing HSRP/VRRP, ECMP, dual‑homing and redundant wireless designs for high availability

- Experienced in failover and recovery validation conducting scheduled failover/failback testing verifying expected behaviours and documenting outcomes for operational assurance

- Skilled in backup and recovery integration aligning network paths authentication and topology awareness to ensure backup reliability across servers applications and databases

- Experienced in cyber‑resilient backup strategies maintaining immutable and off‑site copies secure “break‑glass” access and minimal viable connectivity for disaster recovery and incident response

- Cloud Foundations & Hybrid Connectivity (Azure)

- Experienced designing and establishing foundational Azure environments initial network design identity integration and governance setup for secure cloud adoption

- Strong knowledge of Azure networking components VNets subnets NSGs ASGs Azure Firewall Virtual WAN vWAN Private DNS Private Link building resilient secure connectivity frameworks

- Skilled designing and implementing hybrid connectivity including IPSec VPN ExpressRoute configurations BGP routing split‑horizon DNS for seamless on‑premises integration

- Familiar with cloud governance and cost management practices incorporating tagging budgets and compliance controls within early‑stage network and policy designs

- Governance, Change Control, Documentation & Risk

- Experienced establishing and maintaining structured technical governance ensuring network security cloud activities align organisational policies compliance standards risk frameworks

- Skilled developing and maintaining comprehensive version‑controlled documentation network diagrams configurations inventories design records accurately representing live environments

- Strong background in risk identification and management maintaining actionable risk register prioritising operational and security risks clear ownership tracking mitigation measures

- Experienced disciplined change control implementing peer‑reviewed auditable change processes verification rollback readiness full traceability production modifications

- Promotes knowledge sharing collaboration mentoring post‑incident post‑change reviews strengthening resilience capability

#J-18808-Ljbffr