Network Engineer

Key Responsibilities

• Design, implement, and optimize FortiGate‑based SD‑WAN (business intent overlays, SLA policies, application steering, local breakout).
• Engineer and maintain Firewall security: zones, objects, policies, NAT (central NAT), UTM profiles, SSL inspection, IPS/DoS policies, logging.
• Plan and deploy site‑to‑site VPNs (route/policy‑based), IPsec HA, and hub‑and‑spoke topologies alongside Internet/MPLS underlays.
• Lead campus switching design: STP/RSTP/MST, VLANs, link aggregation (LACP/EtherChannel), access control, QoS marking, storm control.
• Build L3 segmentation (VRFs), inter‑VLAN routing, and east‑west policies across access/distribution with clear zone models.
• Implement high availability: FortiGate A‑P/A‑A clusters, dual‑homed uplinks, first‑hop redundancy (VRRP/HSRP/GLBP as applicable).
• Create and maintain network documentation: HLD/LLD, diagrams, IP addressing, security baselines, SOPs, and migration runbooks.
• Establish monitoring & telemetry: SNMP, NetFlow/IPFIX, Syslog, SOC/SIEM integration; define alerting thresholds & runbooks.
• Drive capacity planning, performance tuning, and proactive lifecycle management (firmware, images, templates).
• Collaborate with security, apps, and infra teams for change planning, DR/BCP, and audit/compliance requirements.
• Contribute to automation (nice‑to‑have): Ansible/Terraform/Git pipelines for config templates, compliance checks, and push operations.
• Provide Tier‑3/4 escalation support and participate in on‑call as needed.

Responsibilities

Key Responsibilities

• Design, implement, and optimize FortiGate‑based SD‑WAN (business intent overlays, SLA policies, application steering, local breakout).
• Engineer and maintain Firewall security: zones, objects, policies, NAT (central NAT), UTM profiles, SSL inspection, IPS/DoS policies, logging.
• Plan and deploy site‑to‑site VPNs (route/policy‑based), IPsec HA, and hub‑and‑spoke topologies alongside Internet/MPLS underlays.
• Lead campus switching design: STP/RSTP/MST, VLANs, link aggregation (LACP/EtherChannel), access control, QoS marking, storm control.
• Build L3 segmentation (VRFs), inter‑VLAN routing, and east‑west policies across access/distribution with clear zone models.
• Implement high availability: FortiGate A‑P/A‑A clusters, dual‑homed uplinks, first‑hop redundancy (VRRP/HSRP/GLBP as applicable).
• Create and maintain network documentation: HLD/LLD, diagrams, IP addressing, security baselines, SOPs, and migration runbooks.
• Establish monitoring & telemetry: SNMP, NetFlow/IPFIX, Syslog, SOC/SIEM integration; define alerting thresholds & runbooks.
• Drive capacity planning, performance tuning, and proactive lifecycle management (firmware, images, templates).
• Collaborate with security, apps, and infra teams for change planning, DR/BCP, and audit/compliance requirements.
• Contribute to automation (nice‑to‑have): Ansible/Terraform/Git pipelines for config templates, compliance checks, and push operations.
• Provide Tier‑3/4 escalation support and participate in on‑call as needed.

Qualifications

Key Responsibilities

• Design, implement, and optimize FortiGate‑based SD‑WAN (business intent overlays, SLA policies, application steering, local breakout).
• Engineer and maintain Firewall security: zones, objects, policies, NAT (central NAT), UTM profiles, SSL inspection, IPS/DoS policies, logging.
• Plan and deploy site‑to‑site VPNs (route/policy‑based), IPsec HA, and hub‑and‑spoke topologies alongside Internet/MPLS underlays.
• Lead campus switching design: STP/RSTP/MST, VLANs, link aggregation (LACP/EtherChannel), access control, QoS marking, storm control.
• Build L3 segmentation (VRFs), inter‑VLAN routing, and east‑west policies across access/distribution with clear zone models.
• Implement high availability: FortiGate A‑P/A‑A clusters, dual‑homed uplinks, first‑hop redundancy (VRRP/HSRP/GLBP as applicable).
• Create and maintain network documentation: HLD/LLD, diagrams, IP addressing, security baselines, SOPs, and migration runbooks.
• Establish monitoring & telemetry: SNMP, NetFlow/IPFIX, Syslog, SOC/SIEM integration; define alerting thresholds & runbooks.
• Drive capacity planning, performance tuning, and proactive lifecycle management (firmware, images, templates).
• Collaborate with security, apps, and infra teams for change planning, DR/BCP, and audit/compliance requirements.
• Contribute to automation (nice‑to‑have): Ansible/Terraform/Git pipelines for config templates, compliance checks, and push operations.
• Provide Tier‑3/4 escalation support and participate in on‑call as needed.

About UsAt Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus.
Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. Explore Life at Zensar and join us to Grow. Own. Achieve. Learn. to be the best version of yourself.
We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.