JobTitle: ICT Technical Resource – Networking and Cybersecurity
Location:
Dublin 4 (Remote working may be agreed for part of the engagement, subject to operational requirements)
Contract/Permanent:
6 months, with further extension
Start date:
January ****
Experience Level Required
Resource must have the equivalent of Grade 2 Intermediate Resource
Resource must hold a degree equivalent to level 8 or higher on the National Framework of Qualifications in a relevant discipline
Key Deliverables
Current Network Assessment:
Topology diagrams, IP/VLAN schema, device inventory and configuration baseline with risk-ranked findings
Risk & Gap Analysis:
Network-centric security risks and gaps vs best practice; prioritised remediation items
Best-Practice Standards:
Firewall, switching, WLAN, NAC configuration standards; naming/IPAM standards; change-control templates
Standardisation Pack:
Repeatable templates (switch port profiles, firewall rule taxonomy), golden configs, as-built documentation
Remediation Plan:
Sequenced plan with timelines, dependencies and required maintenance windows
Playbooks & Runbooks:
Incident response for network threats; routine operations (backup/restore, change, DR failover tests)
Monitoring & Logging Plan:
Telemetry sources, thresholds, log routing/retention and health dashboards
Weekly Status Reports:
Progress, risks/issues, metrics and next steps
Cloud Readiness Assessment:
Inventory of infrastructure, dependencies, compliance, risks and workload readiness scoring
Digital Strategy Enablement:
Contribute to the client's digital transformation by ensuring network and security practices extend seamlessly to SaaS, IaaS and PaaS environments, enabling scalable, cloud-first services
Requirements
Core Network Design & Operations (WAN / LAN / WLAN)
Strong experience with Cisco (IOS/NX-OS) and Meraki; CLI skills and template-driven configs
Familiarity with core routing and switching protocols (OSPF, BGP, STP, VLANs, EtherChannel, QoS) and scalable enterprise design principles
Experience designing and operating wireless networks including capacity planning, authentication and guest access controls (WPA2/WPA3 Enterprise with RADIUS)
Provider interaction & WAN management (Virgin Media): SLAs, QoS, failover behaviour and performance troubleshooting
Understanding of IP addressing, subnetting and integration of core IP services (DNS, DHCP, IPAM)
Perimeter & Edge Security (Firewalls, VPN, DDoS)
Strong knowledge of next-generation firewalls administration (Cisco & Palo Alto) and security policy lifecycle (design, hygiene, review)
Experience with high-availability firewall designs, upgrade strategies and deterministic failover for predictable resilience
Proficiency with remote access and site-to-site VPNs using robust authentication (RADIUS/Entra ID), posture checks and split-tunnel design
Competence in secure service publication, minimal/auditable exceptions, egress controls and GEO/IP reputation use
Awareness of DDoS exposure and layered mitigations across provider, edge and on-premise controls
Ability to design outcome-driven segmentation aligned to Zero-Trust principles (VLANs, ACLs, firewalled inter-segment flows)
Experience implementing Layer-2 protections (DHCP snooping, Dynamic ARP Inspection, IP source guard, port security)
Clean IP plan and deterministic routing between segments policy enforcement tied to identity and roles
Safe patterns for guest/BYOD and third-party connectivity with appropriate isolation and controls
Monitoring, Telemetry & Incident Response (SOC/SIEM & Threat Intel)
Proven experience in real-time security monitoring and incident response within SOC/SIEM environments including alert triage, correlation, enrichment and continuous rule tuning
Skilled in investigating security incidents using logs, network telemetry and packet captures to identify root causes, scope impact and execute effective containment and remediation
Strong understanding of network observability sources (NetFlow/sFlow, syslog, SNMP, SPAN/ERSPAN) and their role in threat detection and investigations
Proficient in threat intelligence integration (STIX/TAXII, vendor feeds) and transforming intelligence into actionable detections and control improvements
Experienced in developing and maintaining incident response playbooks, managing evidence and conducting post-incident reviews to enhance detection and response maturity
Vulnerability, Patch & Platform Lifecycle Management
Strong experience in vulnerability assessment and remediation performing regular scans of network, server and application layers with CVSS- and risk-based prioritisation
Experienced in coordinating and tracking patch compliance across firewalls, routers, switches, servers and virtual environments ensuring timely updates and controlled rollout of changes
Skilled in hardware and software lifecycle governance maintaining EOS/EOL visibility, upgrade scheduling and clear communication of operational risk to support replacement planning
Proficient in applying secure configuration benchmarks (vendor/CIS) and tracking variance to maintain compliance and reduce attack surface
Experienced in exception and risk acceptance management documenting compensating controls and defined remediation timelines to uphold governance integrity
Resilience, Backup & Disaster Recovery Readiness
Strong knowledge and practical experience designing resilient network and system architectures implementing HSRP/VRRP, ECMP, dual-homing and redundant wireless designs for high availability
Experienced in failover and recovery validation conducting scheduled failover/failback testing verifying expected behaviours and documenting outcomes for operational assurance
Skilled in backup and recovery integration aligning network paths authentication and topology awareness to ensure backup reliability across servers applications and databases
Experienced in cyber-resilient backup strategies maintaining immutable and off-site copies secure "break-glass" access and minimal viable connectivity for disaster recovery and incident response
Cloud Foundations & Hybrid Connectivity (Azure)
Experienced designing and establishing foundational Azure environments initial network design identity integration and governance setup for secure cloud adoption
Strong knowledge of Azure networking components VNets subnets NSGs ASGs Azure Firewall Virtual WAN vWAN Private DNS Private Link building resilient secure connectivity frameworks
Skilled designing and implementing hybrid connectivity including IPSec VPN ExpressRoute configurations BGP routing split-horizon DNS for seamless on-premises integration
Familiar with cloud governance and cost management practices incorporating tagging budgets and compliance controls within early-stage network and policy designs
Governance, Change Control, Documentation & Risk
Experienced establishing and maintaining structured technical governance ensuring network security cloud activities align organisational policies compliance standards risk frameworks
Skilled developing and maintaining comprehensive version-controlled documentation network diagrams configurations inventories design records accurately representing live environments
Strong background in risk identification and management maintaining actionable risk register prioritising operational and security risks clear ownership tracking mitigation measures
Experienced disciplined change control implementing peer-reviewed auditable change processes verification rollback readiness full traceability production modifications
Promotes knowledge sharing collaboration mentoring post-incident post-change reviews strengthening resilience capability
#J-*****-Ljbffr