About this Network Security Engineer role at Qode
Job Description — Confidential
hr@ithr360.com | www.ithr360.com
Network Security Engineer
Professional Services · Network Security Practice
Location: UAE / Middle East (On-site)
Employment Type: Full-Time
Department: Professional Services – Network Security
Experience: 4–8 Years (Network / Network Security)
Reports To: Head of Technical Delivery
ABOUT ITHR
ITHR is a technology consulting and professional services organisation supporting enterprises across the UAE and Middle East with digital transformation, cybersecurity, ERP implementation, talent solutions, and managed technology services. We partner with organisations to design, implement, and optimise secure and scalable technology environments that enable business growth and operational resilience.
Our Network Security Practice delivers enterprise-grade security solutions spanning next-generation firewalls, secure connectivity, zero trust architectures, cloud-delivered security, and managed network security services. As organisations continue to modernise their infrastructure, network security remains a critical pillar of our delivery capability and an important area of strategic growth.
ROLE OVERVIEW
We are looking for an experienced Network Security Engineer to join our technical delivery team. This is a hands-on role spanning the full project lifecycle — from pre-sales Proof-of-Concept (PoC) environments and solution design through to deployment, integration, and post-go-live support across enterprise customer environments.
You will be the technical authority on network security engagements, working directly with customers onsite and remotely to deliver firewall deployments, policy migrations, network segmentation programmes, and secure access solutions. You will also contribute to our managed network security service, where ongoing policy management, health monitoring, and incident escalation are part of the scope.
The role requires deep expertise in at least one major firewall vendor ecosystem, strong networking fundamentals, and the confidence to lead technical conversations and produce customer-ready documentation independently.
KEY RESPONSIBILITIES
- Design, deploy, and configure next-generation firewalls (NGFW) across enterprise customer environments — including Palo Alto Networks, Fortinet FortiGate, and Cisco platforms.
- Design, build, and execute PoC environments for prospective customers during the pre-sales stage — defining success criteria, standing up the solution, running demonstrations, and producing outcome reports to support deal progression.
- Develop key project deliverables: High-Level Designs (HLDs), Low-Level Designs (LLDs), project plans, firewall ruleset documentation, and network security policy frameworks.
- Perform firewall policy reviews, rule base optimisations, and security posture assessments — identifying unnecessary exposure, rule bloat, and misconfigurations in existing customer environments.
- Configure and manage site-to-site and remote access VPN solutions — IPSec, SSL/TLS, and zero trust network access integrations.
- Implement network segmentation and micro-segmentation strategies — designing zone-based architectures, DMZ configurations, and east-west traffic controls.
- Deploy and tune Intrusion Prevention Systems (IPS), URL filtering, application control, SSL inspection, and threat prevention profiles.
- Integrate network security platforms with SIEM, SOAR, and log management infrastructure — ensuring relevant telemetry flows to the SOC for monitoring and alerting.
- Configure and support SD-WAN solutions and their integration with cloud-delivered security services where applicable.
- Support integration of SASE/SSE platforms (Zscaler, Netskope, or similar) alongside or in place of traditional perimeter controls where customer architecture demands it.
- Conduct technical workshops, customer onboarding sessions, and knowledge transfer with customer network teams post-deployment.
- Produce thorough as-built documentation and operational runbooks suitable for customer sign-off and ongoing managed service handover.
- Provide post-deployment support, troubleshoot complex network security issues, and act as technical escalation during the warranty and stabilisation phase.
- Contribute to internal delivery standards, PoC playbooks, and best-practice guides as the network security practice matures.
REQUIRED QUALIFICATIONS (MUST-HAVE)
- 4–8 years of hands-on experience in network security or network engineering roles, with a strong delivery track record in enterprise environments.
- Deep practical expertise with at least one major NGFW platform — Palo Alto Networks (PAN-OS), Fortinet (FortiOS), or Cisco (FTD/ASA) — including design, deployment, and advanced feature configuration.
- Strong networking fundamentals: routing (BGP, OSPF, static), switching, VLANs, NAT, QoS, spanning tree, and packet-level troubleshooting.
- Hands-on experience with VPN technologies — IPSec IKEv1/v2, SSL VPN, and remote access architectures.
- Practical knowledge of network security architecture principles — zone design, least privilege, defence-in-depth, and perimeter versus zero trust models.
- Experience performing firewall policy reviews and rule optimisation in live customer environments.
- Ability to develop HLDs, LLDs, and customer-facing documentation to a professional standard independently.
- Comfortable working onsite with enterprise customers, leading technical workshops, and managing stakeholder expectations.
- At least one of the mandatory certifications listed below must be held at the time of application.
CERTIFICATIONS
Candidates must hold at least one mandatory certification. Additional certifications — particularly from multiple vendor ecosystems — are a strong differentiator.
Alto Networks Certified Network Security Engineer (PCNSE) Palo Alto Networks Mandatory (one required)
Cisco CCNP Security Cisco Mandatory (one required)
Fortinet NSE 7 / FCSS – Secure Networking FortinetMandatory (one required)
Zscaler Certified Administrator (ZCCA-IA / ZCCA-PA / ZCP) Zscaler Good to Have
Netskope Administrator / Integrator Accreditation Netskope Good to Have
Palo Alto PCNSA Palo Alto Networks Good to Have
Fortinet NSE 4 / NSE 5 Fortinet Good to Have
Cisco CCNA / CCNA Security Cisco Good to Have
Check Point CCSA / CCSE Check Point Good to Have
PREFERRED QUALIFICATIONS (NICE-TO-HAVE)
- Hands-on experience with Zscaler (ZIA/ZPA) or Netskope as part of a SASE/SSE architecture.
- Experience with Check Point firewalls, SmartConsole, policy management, and R8x administration.
- Familiarity with network access control solutions such as Forescout, Cisco ISE, or Aruba ClearPass.
- Experience with SD-WAN platforms including Fortinet Secure SD-WAN, Palo Alto Prisma SD-WAN, Cisco Meraki, or similar technologies.
- Exposure to cloud networking and security including Azure Virtual WAN, AWS Transit Gateway, cloud-native security groups, and cloud firewall deployments.
- Familiarity with packet capture and traffic analysis tools such as Wireshark and tcpdump.
- Scripting or automation experience using Python, Ansible, or REST APIs.
- Prior delivery experience in the UAE or broader Middle East region.
SOFT SKILLS & PROFESSIONAL ATTRIBUTES
- Technically rigorous with a strong focus on secure architecture and attention to detail.
- Customer-confident and comfortable leading workshops, presentations, and design discussions.
- Methodical under pressure with structured troubleshooting capabilities.
- Clear communicator able to explain technical concepts to business stakeholders.
- Collaborative and delivery-focused, working effectively with project managers, pre-sales teams, and operations groups.
WHAT WE OFFER
- Competitive Compensation — Strong base salary with incentives linked to delivery quality and project outcomes.
- Training & Certification Budget — Dedicated annual budget for certifications, vendor training, and lab environments.
- Multi-vendor Exposure — Work across Palo Alto, Fortinet, Cisco, SASE, and cloud security platforms.
- Regional Delivery — Exposure to projects across the UAE and wider Middle East region.
- Growth Path — Clear progression into Senior Network Security Engineer, Solutions Architect, or Practice Lead roles.
- Culture — A collaborative technology-focused team that values technical excellence, ownership, customer success, and execution.