Network Engineer job at Quality Chemical Industries Limited

Job Summary:

The Network Engineer is responsible for designing, transforming, securing, and governing QCIL’s network infrastructure (switching, routing, wireless, WAN, and firewalls). The role owns network architecture, IT/OT (GxP) segmentation enforcement, FortiGate firewall lifecycle management, network monitoring, and network disaster recovery readiness.

Reporting Line:

Reports to: Head of IT

Works closely with: Systems Engineer, Security Engineer, OT stakeholders, Application owners (SAP/LIMS/TrackWise/M365), Vendors/ISPs

Primary Objectives (What success looks like)

• Secure and stable network services with measurable availability and performance across all QCIL.
• Enforced IT/OT segmentation protecting GxP systems via Firewall policy.
• Reduced cyber risk through strong perimeter controls, secure remote access, and continuous monitoring.
• Documented, standardized configurations with controlled change management and clear rollback plans.

Key Responsibilities

A. Network Architecture, Standards & Transformation

• Assess and document current-state network topology and produce target-state designs (HLD/LLD) covering LAN/WAN, routing, VLANs, wireless, and firewall zoning.
• Define and enforce network configuration standards.
• Direct system installations and cutovers.

B. IT/OT Segmentation & Access Control

• Design and maintain security zones and segmentation controls to protect OT/GxP equipment and associated data.
• Maintain a connectivity matrix for regulated systems (sources/destinations/ports/justifications), and ensure changes follow change control and are evidence-ready for audit.
• Implement secure management-plane access.

C. Firewall Engineering & Perimeter Services

• Own Firewall lifecycle management: policy architecture (zone-based), object governance, NAT, VPNs (site-to-site and remote access), HA/health checks, backups, and firmware lifecycle.
• Implement security controls appropriate to the environment.
• Conduct quarterly firewall rule reviews (remove unused rules, reduce risk, ensure logging and justifications).

D. Monitoring, Performance & Troubleshooting (Tier-3)

• Implement and tune network monitoring (e.g., PRTG/OpManager).
• Perform evidence-based root cause analysis on outages and performance issues and implement preventative fixes.
• Plan and deliver upgrades and optimizations (firmware, topology improvements, QoS for voice/critical traffic) with change control and post-change validation.

E. Enterprise Systems Connectivity (M365, SAP, LIMS, TrackWise)

• Ensure network readiness for core systems: DNS/routing correctness, firewall allowlists, proxy paths, VPN/remote access, and capacity planning.
• Collaborate with Systems Engineer and application owners during upgrades and incidents to isolate network vs system/application causes and restore service quickly.

F. DR, Audit & Documentation

• Implement and test network components of the Disaster Recovery Plan: firewall restore procedures, VPN failover, alternate connectivity, DNS/routing failover, and documented runbooks.
• Participate in network-related audits and lead remediation; provide evidence (configs, logs, access controls, firmware/patch posture) and track closure.
• Maintain up-to-date network diagrams, as-built documentation, SOPs/runbooks, and lifecycle registers (firmware, ISP circuits, VPN inventory).

Key Performance Indicators (KPIs)

• Network availability/uptime for critical services and sites.
• Mean time to resolve (MTTR) for network incidents and reduction of repeat incidents.
• Firewall policy hygiene: quarterly rule review completion, removal of unused/risky rules, and audit evidence quality.
• IT/OT segmentation compliance: approved connectivity matrix coverage and change control adherence.
• Monitoring coverage and alert quality (noise reduction, critical detection).

Minimum Qualifications & Experience

• BSc in IT/Computer Science/Engineering or related field.
• 5+ years of network engineering experience delivering LAN/WAN/firewall solutions in production environments.
• Strong hands-on experience with NG firewalls (FortiGate preferred), routing/switching, and wireless design.
• Experience with network monitoring tools (e.g., PRTG, OpManager) and structured troubleshooting (RCA).

Certifications (Preferred)

• CCNA/CCNP or equivalent networking certifications.
• Fortinet certifications (NSE/FCP/Fortinet Firewall) – strong advantage.
• ITIL Foundation – advantage; security training/certification – advantage.

• Assess and document current-state network topology and produce target-state designs (HLD/LLD) covering LAN/WAN, routing, VLANs, wireless, and firewall zoning.
• Define and enforce network configuration standards.
• Direct system installations and cutovers.
• Design and maintain security zones and segmentation controls to protect OT/GxP equipment and associated data.
• Maintain a connectivity matrix for regulated systems (sources/destinations/ports/justifications), and ensure changes follow change control and are evidence-ready for audit.
• Implement secure management-plane access.
• Own Firewall lifecycle management: policy architecture (zone-based), object governance, NAT, VPNs (site-to-site and remote access), HA/health checks, backups, and firmware lifecycle.
• Implement security controls appropriate to the environment.
• Conduct quarterly firewall rule reviews (remove unused rules, reduce risk, ensure logging and justifications).
• Implement and tune network monitoring (e.g., PRTG/OpManager).
• Perform evidence-based root cause analysis on outages and performance issues and implement preventative fixes.
• Plan and deliver upgrades and optimizations (firmware, topology improvements, QoS for voice/critical traffic) with change control and post-change validation.
• Ensure network readiness for core systems: DNS/routing correctness, firewall allowlists, proxy paths, VPN/remote access, and capacity planning.
• Collaborate with Systems Engineer and application owners during upgrades and incidents to isolate network vs system/application causes and restore service quickly.
• Implement and test network components of the Disaster Recovery Plan: firewall restore procedures, VPN failover, alternate connectivity, DNS/routing failover, and documented runbooks.
• Participate in network-related audits and lead remediation; provide evidence (configs, logs, access controls, firmware/patch posture) and track closure.
• Maintain up-to-date network diagrams, as-built documentation, SOPs/runbooks, and lifecycle registers (firmware, ISP circuits, VPN inventory).

• Network Architecture
• Network Standards
• Network Transformation
• IT/OT Segmentation
• Access Control
• Firewall Engineering
• Perimeter Services
• Network Monitoring
• Performance Tuning
• Troubleshooting (Tier-3)
• Root Cause Analysis (RCA)
• Enterprise Systems Connectivity
• Disaster Recovery (DR) Planning
• Auditing
• Documentation
• FortiGate Firewall Management
• Routing and Switching
• Wireless Design
• Network Monitoring Tools (PRTG, OpManager)

• BSc in IT/Computer Science/Engineering or related field.
• 5+ years of network engineering experience delivering LAN/WAN/firewall solutions in production environments.
• Strong hands-on experience with NG firewalls (FortiGate preferred), routing/switching, and wireless design.
• Experience with network monitoring tools (e.g., PRTG, OpManager) and structured troubleshooting (RCA).
• CCNA/CCNP or equivalent networking certifications (Preferred).
• Fortinet certifications (NSE/FCP/Fortinet Firewall) (Strong advantage).
• ITIL Foundation (Advantage).
• Security training/certification (Advantage).