Cybersecurity Network Security Specialist (Warsaw, 70% remote) – EU Public Organisations

About The Position

Requirements

• Minimum 5 years of IT relevant professional experience.
• Minimum 5 years of experience in a similar position.
• Very good understanding of TCP/IP protocols, IP routing, Network Security Policies.
• Good knowledge of network services like DNS, DHCP, NTP, etc.
• Good understanding of the wired and wireless access technologies (wifi, 802.1x/EAP etc.).
• Good understanding of the application-layer authentication and encryption mechanisms, e.g. HTTPS/SSL/TLS protocols, PKI and X.509 certificates.
• Hands-on experience with products and solutions related to the domain (e.g. Cisco routers and switches, wireless controllers, network firewalls etc.).
• Hands-on experience in administering of a large enterprise network.
• Good knowledge of the network configuration of the endpoint operating systems (Windows, Linux, IOS etc.).
• Work experience with stateful and stateless traffic filtering.
• Excellent communication skills both technical and non-technical (in written and verbal communication).
• Very good analytical and trouble-shooting skills.
• Open minded, excellent troubleshooting, analytical and problem solving skills.
• Very strong sense of responsibility, accuracy and attention to details.
• Sense of tact and diplomacy.
• Friendly, supportive and helpful personality with co-operative and service oriented attitude.
• Ability to work in stressful environment with minimal supervision.
• High level of motivation and initiative, creating thinking.
• A proactive attitude and team-work spirit.
• CCNP Security or equivalent from other network vendors (e.g. Palo Alto certifications).
• Security Clearance: CONFIDENTIEL UE/EU CONFIDENTIAL (security screening procedure must be initiated within first 45 days of assignment).
• Minimum English language skills (CEFR): B2.
• Able to travel occasionally inside Europe (plane, boat, car etc.) up to 10 travels/year.
• Driving license card. B.
• Ability to drive rented car, including abroad.

Nice To Haves

• CCSP (Certified Cloud Security Professional) or equivalent.
• AZ-305: Designing Microsoft Azure Infrastructure Solutions or equivalent.

Responsibilities

• Administer, monitor and troubleshoot network security solutions specific to the domain.
• Provide 2nd line support to Frontex system and network users.
• Create and update the technical documentation and operating procedures.
• Advice possible network security improvements, changes or upgrades.
• Manage Palo Alto Firewalls using Panorama.
• Manage Cisco Switching based networks.
• Manage Palo Alto GlobalProtect at scale.
• Manage Internet edge forward-proxy / outbound security on Palo Alto.
• Perform advanced troubleshooting (packet + firewall dataplane).
• Verification of security Firewall security rules, identification of gaps and provisions of improvements or corrections.
• Design and operate VPNs at scale.
• Manage 802.1X/EAP & NAC integration.
• Design and operate VNets, subnets, peering (incl. cross-subscription), segmentation, route isolation.
• Implement and troubleshoot NSGs/ASGs, service tags, and the “why is this flow blocked” workflow using effective security rules.
• Implement and manage private access patterns: Private Link/Private Endpoints, Private DNS Zones, DNS forwarding/resolution across on-prem ↔ Azure.
• Operate and troubleshoot Site-to-Site VPN and/or ExpressRoute (BGP basics, failover, throughput/MTU, tunnels, active/active patterns).
• Implement and manage SASE/SSE solutions including remote access & ZTNA, traffic steering / routing, TLS inspection / decryption operations, threat protection at the edge, and identity integration.
• Perform migration from on-prem proxy/VPN to SASE/SSE.
• Implement Zero Trust Networking principles, including policy based on identity + device posture and microsegmentation / least privilege.
• Design segmentation for east-west and north-south traffic.
• Implement and manage Web Application Firewall solutions (e.g. F5, Cloudflare, Citrix).
• Implement and manage LoadBalancing technologies.