Network Manager
Mastek · Mumbai, Maharashtra, India
Mastek · Mumbai, Maharashtra, India
Role Overview: The L3 Network Manager will serve as highest operational escalation point for the enterprise network security stack, providing third-level technical leadership across incident management, problem resolution, change execution, and service improvement for the following primary technology domains: Domain Key Platforms / Technologies - Next-Generation Firewalls Palo Alto Networks, HPE / Aruba, or equivalent enterprise NGFW - SD-WAN Application-aware routing, path selection, hub-spoke / full-mesh, MPLS, broadband, DIA, LTE - Web Proxy / Secure Web - Gateway - URL filtering, SSL inspection coordination, authentication integration, policy enforcement - Routing & Switching BGP, OSPF, static routing, NAT, VLANs, ACLs, QoS, IPSec VPN, HA, DNS / DHCP - Security Operations Support Segmentation, zero trust, IPS/IDS, SIEM/NMS, secure remote connectivity Key Responsibilities: The engaged resource will be expected to perform the following, without limitation: Own L3 support for enterprise firewalls, SD-WAN, and web proxy platforms, including incident handling, deep-dive troubleshooting, and permanent resolution of complex network and security issues. • Act as the highest operational escalation point for critical outages, security events, and performance degradation related to internet breakout, branch connectivity, remote access, and secure web access. • Design, review, implement, and optimize firewall rules, NAT policies, VPN tunnels, segmentation controls, URL filtering, proxy policies, application-aware rules, and threat prevention configurations. • Manage SD-WAN policies for application-aware routing, path selection, failover, SLA-based steering, site bring-up, branch migrations, and performance optimization across all WAN link types. • Administer and optimize web proxy / secure web gateway services including internet access policies, authentication integration, category filtering, SSL inspection coordination, and user access troubleshooting. • Lead root cause analysis for recurring incidents and drive problem management actions to improve service stability, resilience, and end-user experience. • Plan and execute standard and major changes including software upgrades, patching, rule reviews, certificate renewals, policy clean-up, and technology refresh activities — all aligned to PPL's change management framework. • Monitor health, availability, capacity, and security posture of managed platforms using SIEM/NMS tools, dashboards, OEM consoles, and alerting systems. • Coordinate with OEMs, ISPs, and managed service partners for TAC cases, RMA handling, bug resolution, advisory review, and support lifecycle management. • Maintain technical documentation including topology diagrams, policy standards, SOPs, build/run books, known error records, and disaster recovery procedures. • Provide technical mentoring and knowledge transfer to L1/L2 engineers and support continuous capability building within the network operations team. • Support audits and compliance requirements by ensuring evidence readiness, policy review records, secure configuration baselines, and timely remediation of audit observations. • Participate in project transitions from implementation to operations, validating design standards, support readiness, monitoring coverage, and completeness of operational documentation. • Produce automation / scripting improvements for network operations using Python, Ansible, or API-based administration where applicable. Required Qualification and Skills: Skill / Competency: - Next-generation firewall operations — Palo Alto, HPE/Aruba, or equivalent; rule management, VPN, threat prevention - SD-WAN architecture, overlay/underlay, application-aware routing, path selection, branch management - Web proxy / SWG — URL filtering, authentication, SSL inspection, policy enforcement, user troubleshooting - Routing & switching — BGP, OSPF, NAT, VLAN, ACL, QoS, IPSec VPN, HA, DNS/DHCP - Network troubleshooting — packet capture, flow analysis, syslog, SNMP, SIEM/NMS, OEM consoles - Network security — segmentation, zero trust, least privilege, IPS/IDS, secure remote access - ITSM/ITIL processes — incident, problem, change, service request, knowledge management - Automation / scripting — Python, Ansible, REST API-based network administration Experience Requirements: - Total Enterprise Network / Security Experience - 8 – 12 years - L3 Support / Technical Leadership Experience - Minimum 3 – 5 years - Firewall, SD-WAN & Secure Web Access Handson - Minimum 3 – 5 years - Multi-site Enterprise / 24x7 Operations Exposure Preferred - Managed Services Governance Experience Preferred - Pharma / Manufacturing Sector Experience Advantageous Preferred Certifications - PCNSE (Palo Alto Networks Certified Network Security Engineer) - CCNP Security / CCNP Enterprise or equivalent - SD-WAN vendor certification (e.g., Aruba SD-WAN, Cisco SDWAN / Viptela) - ITIL Foundation v4 or above - AWS / Azure cloud networking certifications are an advantage