Network Security (VPN/Proxy / Firewall / F5)
CGI · Bengaluru, Karnataka, India - Chennai, Tamil Nadu, India
CGI · Bengaluru, Karnataka, India - Chennai, Tamil Nadu, India
**Key Responsibilities** Architecture & Design . Design cloud and hybrid network topologies (hub and spoke/vWAN), IP addressing, UDRs/route tables, and peering aligned to zero trust principles. - Design, implement, and support hybrid/cloud network architectures with Cisco routing (BGP, OSPF, route redistribution, ECMP, VRFs). . Define egress/ingress patterns with Azure Firewall, NSGs, and route control; standardize segmentation and inspection points. Build/Maintain Azure networking: VNets, subnets, route tables, UDRs, NSGs/ASGs, Private Links, Load Balancers, and ExpressRoute/SD-WAN connectivity. . Architect Azure Front Door for global load balancing, path-based routing, health probes, origin groups, and custom domains; align Azure CDN caching strategies (TTL, rules engine, compression) to app patterns. . Establish secure internet access patterns via Skyhigh Proxy (SWG) including SSL inspection, category policies, PAC files, and exceptions. **Implementation & Operations** . Configure advanced Cisco routing (BGP/OSPF, redistribution, filtering, ECMP) across cloud edge and hybrid connectivity (VPN/ExpressRoute). . Deploy/manage Azure Firewall (policy, rule collection groups, DNAT/SNAT, Threat Intelligence, IDPS/TLS inspection where applicable) with logging to Azure Monitor/Log Analytics. . Build Azure Front Door endpoints, routing rules, and custom domain bindings; integrate Azure CDN profiles/endpoints and caching rules for performance. - Implement Skyhigh SWG and Squid Proxy for SSL inspection, caching, and category-based filtering, caching, ACLs, PAC files) • Design, deploy, and maintain Azure virtual networks (VNets), subnets, network security groups (NSGs), and route table • Design and implement application delivery services (traffic manager, load balancer etc) • Design and implement Azure application GW (rewrite sets, conf. TLS, HTTP settings etc • Strong skill sets desired to implement, design and maintain Azure Firewall, WAF and Azure Firewall manager. • Configure and manage VPN gateways, ExpressRoute, and Azure Virtual WAN for hybrid connectivity. • Implement Azure Firewall, Application Gateway, Front Door, and Load Balancers for high availability and security. • Troubleshoot connectivity, routing, and latency issues in Azure and hybrid networks. • Manage DNS zones, Private Endpoints, and Network Peering in Azure. • Monitor and optimize network performance using Azure Monitor, Network Watcher, and Traffic Analytics. • Collaborate with cloud architects, security, and DevOps teams to ensure secure and scalable network designs. • Ensure compliance with security standards and implement network segmentation and zero-trust policies. • Participate in incident response, root-cause analysis, and documentation of solutions. . Govern allow/deny (whitelist/blacklist) for URLs, FQDNs, IPs, and categories across Firewall, SWG, and WAFensuring approvals, audit trails, and rollback. . Own TLS certificate lifecycle for edge (Front Door/CDN custom domains), proxies, and inspection devices: inventory, monitoring, renewals, rotations, and outage free deployment. . Plan and execute AMI/image upgrades (firewalls, WAFs, proxies, virtual appliances): evaluate release notes/CVEs, bake golden images, test in non prod, blue/green or canary rollout, and rollback. . Troubleshoot L3–L7 issues using packet captures, flow logs, WAF/Firewall/Front Door/CDN telemetry, and SIEM dashboards. Automation & IaC . Develop Terraform modules for VNets/vWAN, subnets, NSGs, UDRs, Azure Firewall, Azure Front Door, Azure CDN (and API automations for SWG/WAF where supported). . Implement CI/CD (Azure DevOps/GitHub Actions) for terraform fmt/validate/plan/apply, policy guardrails (OPA/Conftest/Azure Policy), and drift detection. . Script (PowerShell/Python/Bash) bulk allow/deny updates, certificate renewals (request, bind, verify), AMI/image pipelines, config compliance, and reporting. . Integrate observability (Azure Monitor, Log Analytics, Sentinel/Splunk/Grafana) with SLOs for availability, latency, cache hit ratio, and security KPIs. **Governance, Security & Compliance** . Enforce baseline configs, least privilege (RBAC), secrets/cert management, and change control (ITIL). . Drive vulnerability remediation and coordinate pen test findings for edge/network components. . Maintain runbooks, diagrams, inventories, and deliver L3 support and knowledge transfer.