Network Engineer L3
Job Description Roles & Responsibilities Network Engineer L3 — Roles & Responsibilities 1. Network Design & Architecture Own HLD/LLD for enterprise LAN/WAN, DC, and cloud connectivity Design redundant, scalable topologies — spine-leaf, hub-spoke, SD-WAN Define IP addressing, VLAN structure, routing domains, and segmentation strategy 2. Escalation & Incident Ownership Final escalation point for L1/L2 — you close it, not pass it Lead P1/P2 bridge calls, drive RCA, own post-mortem Coordinate with NOC, security, and vendors during major incidents 3. Routing & Switching (Advanced) Manage and tune BGP policies, OSPF areas, MPLS/VRF, redistribution Handle complex STP issues, VPC/MLAG, LACP, and trunk failures Own inter-DC and ISP peering configurations 4. Security & Compliance Enforce segmentation — VRF, VLAN isolation, firewall zones Review and approve ACLs, firewall rules, NAC policies Support audits — PCI, ISO 27001, NIST alignment on network layer 5. Cloud & Hybrid Networking Own AWS/Azure network integration — VPN Gateway, ExpressRoute, Transit Gateway Design and troubleshoot hybrid connectivity — on-prem to cloud routing Collaborate with cloud architects on network policy 6. Automation & Tooling Build and maintain automation — Python, Ansible, Netmiko Automate config backups, compliance checks, provisioning workflows Integrate with ITSM/IPAM/NMS platforms 7. Monitoring & Performance Own network observability — NetFlow, SNMP, syslog pipelines Proactive capacity planning — identify bottlenecks before they become incidents Define and track SLAs, latency, packet loss thresholds 8. Documentation & Change Management Maintain accurate network diagrams, IP plans, and runbooks Author and review RFCs/change records — no undocumented changes Keep post-mortems and lessons-learned documented 9. Vendor & Stakeholder Management Own TAC cases — Cisco, Palo Alto, Juniper, Fortinet Evaluate new hardware/software — PoC, testing, recommendation Present technical decisions to management and non-technical stakeholders 10. Mentorship & Leadership Technically guide L3 engineers — knowledge transfer, not just answers Conduct design and config peer reviews Set team standards — naming conventions, hardening baselines, change process Desired Candidate Profile Desired Candidate Profile — Network Engineer L3 Technical Depth Can design end-to-end — not just configure what's handed to them Understands why a protocol behaves a certain way, not just how to configure it Reads packet captures, interprets routing tables, and diagnoses without a runbook Has broken things in production and fixed them under pressure Core Technical Profile DomainWhat We ExpectRoutingBGP multihoming, path manipulation, OSPF tuning, MPLS L3VPNSwitchingVPC/MLAG, MSTP, Q-in-Q, LACP negotiation issuesFirewallsZone-based policy, NAT hairpin, asymmetric routing issuesSD-WANPolicy-based routing, app-aware steering, overlay/underlay separationCloudExpressRoute, Direct Connect, Transit Gateway, route propagationAutomationScript-first mindset — Python, Ansible, REST APIsMonitoringCan build a dashboard, not just read one Experience Profile 5–8 years hands-on — enterprise, SP, or large MSP environment Has owned a network migration or redesign project end to end Has managed multi-vendor environments — not just one OEM Has worked on-call and handled real P1 incidents alone Certifications LevelCertRequiredCCNP Enterprise / JNCIP / NSE4+Strong PlusCCIE / JNCIE / NSE7BonusAWS/Azure Networking Specialty Problem-Solving Style Structured — isolates layer by layer, doesn't guess randomly Calm under pressure — incident bridge calls don't rattle them Data-driven — uses logs, flows, and captures — not assumptions Owns the problem — doesn't deflect to another team without evidence Communication & Soft Skills Can explain a routing loop to a CISO without using BGP terminology Writes clean, clear documentation — diagrams match reality Pushes back on bad designs — respectfully, with data Comfortable presenting to management and defending technical decisions Mindset Security-first — thinks about attack surface when designing, not after Automation bias — if done more than twice, it should be scripted Proactive — monitors trends, flags risks before they become incidents Continuous learner — tracks CVEs, vendor EOL, protocol RFCs Red Flags (What disqualifies a candidate) Can configure but can't explain why Has never touched a firewall or security policy Relies entirely on GUI — no CLI fluency No experience with change management or documentation discipline Falls apart when the runbook doesn't apply Employment Type Full Time Company Industry IT - Hardware & Networking Department / Functional Area Administration Keywords Network MonitoringNetwork ConsultantNetwork SecurityLead Network EngineerNetwork Operations Engineer Get real-time job updates only on our App
Ready to apply?
You are viewing this role on JobSphere AI. Applications are completed on the original employer / source website.
Apply on original siteOpens the employer's site in a new tab
- CompanyStar
- LocationDubai - United Arab Emirates (UAE)
- CategoryCybersecurity
- SourceNaukrigulf
- Listed4 weeks ago
Related Cybersecurity jobs
SOC Engineer
Security Monitoring & Threat Detection • Administration, management, and Support deployment and tuning of OT security tools (Nozomi, Forescout). Monitor OT/ICS…
Priority Banking - Customer Service Representative
1. Client Relationship Management ▸ Resolve customer issues efficiently while ensuring first-contact resolution whenever possible. ▸ Manage customer complaints…
Secretary
Manage executive schedules, ensuring optimal time allocation for meetings, deadlines, and travel, to facilitate smooth operations. Prepare and edit…
Senior Full Stack Developer
We are seeking an experienced Full Stack Engineer with strong Java expertise and modern front-end capabilities to design, build and deliver scalable enterprise…