Network Engineer L3
Job Description Roles & Responsibilities Network Engineer L3 — Roles & Responsibilities 1. Network Design & Architecture Own HLD/LLD for enterprise LAN/WAN, DC, and cloud connectivity Design redundant, scalable topologies — spine-leaf, hub-spoke, SD-WAN Define IP addressing, VLAN structure, routing domains, and segmentation strategy 2. Escalation & Incident Ownership Final escalation point for L1/L2 — you close it, not pass it Lead P1/P2 bridge calls, drive RCA, own post-mortem Coordinate with NOC, security, and vendors during major incidents 3. Routing & Switching (Advanced) Manage and tune BGP policies, OSPF areas, MPLS/VRF, redistribution Handle complex STP issues, VPC/MLAG, LACP, and trunk failures Own inter-DC and ISP peering configurations 4. Security & Compliance Enforce segmentation — VRF, VLAN isolation, firewall zones Review and approve ACLs, firewall rules, NAC policies Support audits — PCI, ISO 27001, NIST alignment on network layer 5. Cloud & Hybrid Networking Own AWS/Azure network integration — VPN Gateway, ExpressRoute, Transit Gateway Design and troubleshoot hybrid connectivity — on-prem to cloud routing Collaborate with cloud architects on network policy 6. Automation & Tooling Build and maintain automation — Python, Ansible, Netmiko Automate config backups, compliance checks, provisioning workflows Integrate with ITSM/IPAM/NMS platforms 7. Monitoring & Performance Own network observability — NetFlow, SNMP, syslog pipelines Proactive capacity planning — identify bottlenecks before they become incidents Define and track SLAs, latency, packet loss thresholds 8. Documentation & Change Management Maintain accurate network diagrams, IP plans, and runbooks Author and review RFCs/change records — no undocumented changes Keep post-mortems and lessons-learned documented 9. Vendor & Stakeholder Management Own TAC cases — Cisco, Palo Alto, Juniper, Fortinet Evaluate new hardware/software — PoC, testing, recommendation Present technical decisions to management and non-technical stakeholders 10. Mentorship & Leadership Technically guide L3 engineers — knowledge transfer, not just answers Conduct design and config peer reviews Set team standards — naming conventions, hardening baselines, change process Desired Candidate Profile Desired Candidate Profile — Network Engineer L3 Technical Depth Can design end-to-end — not just configure what's handed to them Understands why a protocol behaves a certain way, not just how to configure it Reads packet captures, interprets routing tables, and diagnoses without a runbook Has broken things in production and fixed them under pressure Core Technical Profile DomainWhat We ExpectRoutingBGP multihoming, path manipulation, OSPF tuning, MPLS L3VPNSwitchingVPC/MLAG, MSTP, Q-in-Q, LACP negotiation issuesFirewallsZone-based policy, NAT hairpin, asymmetric routing issuesSD-WANPolicy-based routing, app-aware steering, overlay/underlay separationCloudExpressRoute, Direct Connect, Transit Gateway, route propagationAutomationScript-first mindset — Python, Ansible, REST APIsMonitoringCan build a dashboard, not just read one Experience Profile 5–8 years hands-on — enterprise, SP, or large MSP environment Has owned a network migration or redesign project end to end Has managed multi-vendor environments — not just one OEM Has worked on-call and handled real P1 incidents alone Certifications LevelCertRequiredCCNP Enterprise / JNCIP / NSE4+Strong PlusCCIE / JNCIE / NSE7BonusAWS/Azure Networking Specialty Problem-Solving Style Structured — isolates layer by layer, doesn't guess randomly Calm under pressure — incident bridge calls don't rattle them Data-driven — uses logs, flows, and captures — not assumptions Owns the problem — doesn't deflect to another team without evidence Communication & Soft Skills Can explain a routing loop to a CISO without using BGP terminology Writes clean, clear documentation — diagrams match reality Pushes back on bad designs — respectfully, with data Comfortable presenting to management and defending technical decisions Mindset Security-first — thinks about attack surface when designing, not after Automation bias — if done more than twice, it should be scripted Proactive — monitors trends, flags risks before they become incidents Continuous learner — tracks CVEs, vendor EOL, protocol RFCs Red Flags (What disqualifies a candidate) Can configure but can't explain why Has never touched a firewall or security policy Relies entirely on GUI — no CLI fluency No experience with change management or documentation discipline Falls apart when the runbook doesn't apply Employment Type Full Time Company Industry IT - Hardware & Networking Department / Functional Area Administration Keywords Network MonitoringNetwork ConsultantNetwork SecurityLead Network EngineerNetwork Operations Engineer Get real-time job updates only on our App
Ready to apply?
You are viewing this role on JobSphere AI. Applications are completed on the original employer / source website.
Apply NowOpens the employer's site in a new tab
- CompanyStar
- LocationDubai - United Arab Emirates (UAE)
- CategoryCybersecurity
- SourceNaukrigulf
- Listed1 month ago
Related Cybersecurity jobs
Cybersecurity Engineer
Envision Employment Solutions is currently looking for a Cybersecurity Engineer (UCF) for one of our partners, a global leader in consulting, digital…
Cloud & DevOps Engineering Technical Lead
Connect to your opportunity Work with a team to realize the ultimate solution for infrastructure and network configuration/automation and deployment for…
Senior Devops Engineer
As a Senior DevOps Engineer II, you will shape how infrastructure is built, secured, and operated across the Mondia platform. You will own the delivery…
GIS Senior Manager
In a world of possibilities, pursue one with endless opportunities. Imagine Next! At Parsons, you can imagine a career where you thrive, work with exceptional…