Network Security Cisco ASA Checkpoint

Position Title : Network Security - Cisco ASA Checkpoint

Location : Plano TX ( 5 days Onsite); need only local profiles

Total Exp Required- 8 12 Years

Overview :

We are looking for a highly experienced SD-WAN Engineer to lead the design deployment and lifecycle management of software-defined WAN (SD-WAN) solutions across a BFSI-grade hybrid enterprise.

The role demands deep technical expertise in routing traffic engineering cloud integration and zero-touch provisioning with a strong focus on resiliency security and application performance.

Primary Technical Skills

SD-WAN Platforms : Hands-on experience with Cisco Viptela Fortinet Secure SD-WAN VMware VeloCloud and Silver Peak Unity EdgeConnect .

Routing Protocols : Advanced configuration and troubleshooting of BGP OSPF EIGRP and route redistribution across underlay and overlay networks.

Application-Aware Routing : Implementation of dynamic path selection DSCP -based prioritization and real-time traffic steering based on SLA metrics.

WAN Optimization : Deep understanding of deduplication compression TCP optimization and forward error correction (FEC).

SD-WAN Orchestration : Proficient in zero-touch provisioning ( ZTP ) template-based policy deployment and multi-tenant segmentation.

Cloud Integration : Design and deployment of direct cloud on-ramp to AWS Azure and GCP including ExpressRoute Transit Gateway and cloud-native firewalls.

Overlay Security : Implementation of IPSec tunnels IKEv2 certificate-based authentication and role-based access control ( RBAC ).

High Availability & Failover : Design of active-active / active-standby topologies dual CPE and path resiliency mechanisms.

QoS & Traffic Engineering : End-to-end QoS policy design shaping policing and per-app SLA enforcement.

Multicast & Voice Optimization : Support for multicast over SD-WAN VoIP prioritization and MOS-based routing decisions .

Secondary Technical Skills

Transport Diversity : Integration of MPLS broadband 5G / LTE and satellite links into SD-WAN fabric with path cost modeling.

Monitoring & Telemetry : Use of SolarWinds NetFlow SNMP traps and SD-WAN analytics dashboards for proactive monitoring and SLA validation.

Firewall & VPN Integration : Policy coordination with NGFWs (e.g. Fortinet Palo Alto) site-to-site VPNs and ZTNA gateways.

Automation & Scripting : Development of Python Ansible or REST API scripts for bulk provisioning compliance checks and config drift detection.

Network Segmentation : Design of VRF-based segmentation zone-based policies and microsegmentation across branches and data centers.

DNS & DHCP Integration : Centralized DHCP relay DNS forwarding and split-horizon DNS for hybrid environments.

Syslog & SIEM Integration : Forwarding of SD-WAN logs to SIEM platforms (e.g. Splunk QRadar) for event correlation and compliance auditing.

Cloud-Native Networking : Exposure to Transit Gateway Connect Azure Virtual WAN and GCP Cloud Router.

Policy-Based Forwarding (PBF) : Use of match-action rules to steer traffic based on application source or destination.

Overlay-Underlay Correlation : Mapping of overlay tunnels to underlay health with real-time path remediation.

Required Experience

8 12 years in network engineering with 3 years in hands-on SD-WAN deployment operations and troubleshooting.

Proven experience in designing and scaling SD-WAN architectures across multi-branch BFSI environments .

Strong documentation skills : HLD / LLD runbooks change control and as-built diagrams.

Experience in regulated sectors ( BFSI healthcare telecom ) with emphasis on compliance audit readiness and risk mitigation.

Ability to lead cross-functional collaboration with security cloud and infrastructure teams .

Preferred Qualifications

Exposure to SASE / SSE convergence models including ZTNA SWG and CASB integration with SD-WAN.

Familiarity with cloud-native networking constructs and service chaining in hybrid environments.

Understanding of ITIL v4 processes : incident change and problem management.

Experience with DevNet NetDevOps or CI / CD pipelines for network automation.

Knowledge of compliance frameworks : ISO 27001 NIST 800-53 RBI PCI-DSS.

Key Skills

IDS,Network security,Active Directory,Tcp / IP,LAN,Routers,Windows,Access Control,Information Security,Linux,Troubleshoot,Intrusion Detection,Juniper,Security Devices,Dns

Employment Type : Full Time

Experience : years

Vacancy : 1