Network Security Engineer (Luxembourg)

The Network Security Engineer is responsible for operating, maintaining, securing, and evolving the client Network Secure Access (NSA) infrastructure. This includes firewalling, VPNs, identity services, proxies, DNS, anti-DDoS, and secure connectivity across all client sites. The engineer ensures confidentiality, integrity, and availability of the network by implementing robust security controls, monitoring threats, and supporting critical operational services.

Network Security Services Operations:

- Operate multi-vendor firewall infrastructures (CheckPoint clusters, Fortinet clusters, standalone FortiGate appliances).

- Manage advanced firewall features: stateful inspection, application control, IPS/IDS, threat prevention, SD‑WAN, anti‑spoofing, DNS security.

- Maintain secure network segmentation across Internet, LAN, DMZ, Cybernet, datacenters, TESTA, and EP Cloud environments.

Security Policy Management (AlgoSec):

- Operate and optimise AlgoSec for automated policy analysis, risk reporting, and compliance.

- Support network topology visualisation and security rule lifecycle.

- Manage audit reports and security postures for multiple firewall platforms.

Identity & Secure Access Services:

- Operate Cisco ISE: authentication (802.1x, VPN, extranet), device profiling, TACACS+.

- Manage RSA SecurID MFA, including tokens, PIN management, enrollment, and server upgrades.

- Support Cisco ASA VPN infrastructure, including AnyConnect, strong authentication, split‑tunneling, and connection profiling.

- Operate site‑to‑site IPSec VPNs (Fortinet‑based) for cloud private environments.

Network External Access Services:

- Support anti‑DDoS protections (AWS‑based + ISP‑managed solutions).

- Manage WAF deployments (F5 / NetScaler) for Layer‑7 application protection.

- Operate DNS, DHCP, and IPAM services based on VitalQIP and Infoblox platforms.

- Manage forward proxies, CAS (Content Analysis Systems), reverse proxies, and extranet gateways.

- Maintain SSL Offloading reverse proxy appliances.

Operational Responsibilities:

- Security, performance, and accounting management.

- Incident & problem management including troubleshooting and RCA/PIR reporting.

- Change & configuration management, including upgrades, patches, and controlled rollouts.

- Monitoring, alerting, and dashboards for NSA systems.

- Maintain and update operational documentation, architecture diagrams, and inventories.

- Manage capacity, obsolescence plans, and lifecycle management for all appliances.

- Vendor and third‑party coordination for TAC escalations, managed services, and ISP services.

Experience:

- 7+ years of experience in network security operations.

- Extensive hands‑on experience with firewalls (Fortinet, CheckPoint), VPNs, proxies, DNS, and WAF.

- Strong knowledge of authentication services (RSA, Cisco ISE) and secure access architectures.

- Experience with multi‑site, multi‑zone enterprise environments.

Key Competencies:

- Firewalling: CheckPoint clusters, Fortinet FortiGate, FortiManager/FortiAnalyzer.

- Secure Access: Cisco ASA/AnyConnect, RSA MFA, Cisco ISE.

- Threat Protection: Anti‑DDoS systems, IPS/IDS, CAS, proxy‑based malware inspection.

- Secure DNS/IPAM: VitalQIP, Infoblox.

- External Access: WAF (F5 / NetScaler), reverse proxies, extranet gateways.

- Operational excellence: incident/change/problem management, documentation, automation.

- Fluent in English, knowledge of French

Our Offer:

• An attractive salary package with or without a company car
• 5 additional vacation days each year
• A dedicated training program with personal development plans
• Extra-legal advantages (IT material, banks, ...)
• Regular events with the CTG team : learning lunchs, team buildings, fun events, Xmas, Marathons, ...

If you like multicultural teams and want to join a company with open communication, then apply right now !

Please note that a criminal record will be asked for this position.