Lead Systems Engineer - Unix, Lead Software Engineer

Search for More Jobs

Forward job to a friend

Quick Apply

Apply by creating/using an account

Language

Lead Systems Engineer - Unix, Lead Software Engineer

Ref No.:	26-00249
Location:	Bengaluru, Karnataka
Position Type:	Contract

Profile
Mandatory Skills – Squid proxy , Azure front door, CDN, Azure FW and terraform (IaC), Cisco Routing and switching
Secondary skills - Network security knowledge, WAF, Squid Proxy, FortiNet, CheckPoint.
Key Responsibilities
Architecture & Design

Design cloud and hybrid network topologies (hub‐and‐spoke/vWAN), IP addressing, UDRs/route tables, and peering aligned to zero‐trust principles.
Design, implement, and support hybrid/cloud network architectures with Cisco routing (BGP, OSPF, route redistribution, ECMP, VRFs).
Define egress/ingress patterns with Azure Firewall, NSGs, and route control; standardize segmentation and inspection points. Build/Maintain Azure networking: VNets, subnets, route tables, UDRs, NSGs/ASGs, Private Links, Load Balancers, and ExpressRoute/SD-WAN connectivity.
Architect Azure Front Door for global load balancing, path-based routing, health probes, origin groups, and custom domains; align Azure CDN caching strategies (TTL, rules engine, compression) to app patterns.
Establish secure internet access patterns via Skyhigh Proxy (SWG) including SSL inspection, category policies, Client files, and exceptions.

Implementation & Operations

Configure advanced Cisco routing (BGP/OSPF, redistribution, filtering, ECMP) across cloud edge and hybrid connectivity (VPN/ExpressRoute).
Deploy/manage Azure Firewall (policy, rule collection groups, DNAT/SNAT, Threat Intelligence, IDPS/TLS inspection where applicable) with logging to Azure Monitor/Log Analytics.
Build Azure Front Door endpoints, routing rules, and custom domain bindings; integrate Azure CDN profiles/endpoints and caching rules for performance.
Implement Skyhigh SWG and Squid Proxy for SSL inspection, caching, and category-based filtering, caching, ACLs, Client files)
Design, deploy, and maintain Azure virtual networks (VNets), subnets, network security groups (NSGs), and route table
Design and implement application delivery services (traffic manager, load balancer etc)
Design and implement Azure application GW (rewrite sets, conf. TLS, HTTP settings etc
Strong skill sets desired to implement, design and maintain Azure Firewall, WAF and Azure Firewall manager.
Configure and manage VPN gateways, ExpressRoute, and Azure Virtual WAN for hybrid connectivity.
Implement Azure Firewall, Application Gateway, Front Door, and Load Balancers for high availability and security.
Troubleshoot connectivity, routing, and latency issues in Azure and hybrid networks.
Manage DNS zones, Private Endpoints, and Network Peering in Azure.
Monitor and optimize network performance using Azure Monitor, Network Watcher, and Traffic Analytics.
Collaborate with cloud architects, security, and DevOps teams to ensure secure and scalable network designs.
Ensure compliance with security standards and implement network segmentation and zero-trust policies.
Participate in incident response, root-cause analysis, and documentation of solutions.
Govern allow/deny (whitelist/blacklist) for URLs, FQDNs, IPs, and categories across Firewall, SWG, and WAF—ensuring approvals, audit trails, and rollback.
Own TLS certificate lifecycle for edge (Front Door/CDN custom domains), proxies, and inspection devices: inventory, monitoring, renewals, rotations, and outage‐free deployment.
Plan and execute AMI/image upgrades (firewalls, WAFs, proxies, virtual appliances): evaluate release notes/CVEs, bake golden images, test in non‐prod, blue/green or canary rollout, and rollback.
Troubleshoot L3–L7 issues using packet captures, flow logs, WAF/Firewall/Front Door/CDN telemetry, and SIEM dashboards.

Automation & IaC

Develop Terraform modules for VNets/vWAN, subnets, NSGs, UDRs, Azure Firewall, Azure Front Door, Azure CDN (and API automations for SWG/WAF where supported).
Implement CI/CD (Azure DevOps/GitHub Actions) for terraform fmt/validate/plan/apply, policy guardrails (OPA/Conftest/Azure Policy), and drift detection.
Script (PowerShell/Python/Bash) bulk allow/deny updates, certificate renewals (request, bind, verify), AMI/image pipelines, config compliance, and reporting.
Integrate observability (Azure Monitor, Log Analytics, Sentinel/Splunk/Grafana) with SLOs for availability, latency, cache hit‐ratio, and security KPIs.

Governance, Security & Compliance

Enforce baseline configs, least privilege (RBAC), secrets/cert management, and change control (ITIL).
Drive vulnerability remediation and coordinate pen‐test findings for edge/network components.
Maintain runbooks, diagrams, inventories, and deliver L3 support and knowledge transfer.