Back to offers

Lead Network Engineer

IT (Information Technology)
Apply
Permanent contract
Bangalore, India
Hybrid
Reference 25000PV4
Start date Immediately
Publication date 2026/02/26

Responsibilities

We are looking for a hands‑on Lead Cloud Network Engineer to design, implement, secure, and automate network, egress, and edge services on Azure. The ideal candidate will have strong hands-on expertise in core networking with strong foundational knowledge on networking and security with good experience in Azure networking services, hybrid connectivity, network security, and performance optimization.

You will apply your strong Cisco routing/switching and security skills as your base to own routing(Cisco), Azure network services (Firewall)to implement Azure Firewall controls, optimize Azure CDN & Azure Front Door, secure web access by administer Squid and Skyhigh Secure Web Gateway/Proxy, manage allow/deny lists, and own operational lifecycle tasks such as TLS certificate renewals and AMI/image upgrades for network/security appliances. You will codify everything possible with Terraform and drive resilient, observable, and compliant operations. You will also implement monitoring and alerting frameworks and enforce Azure Policy and Governance for compliance

Profile required

Mandatory Skills – Squid proxy, Azure front door, CDN, Azure FW and terraform (IaC), Cisco Routing and switching

Secondary skills - Network security knowledge, WAF, Squid Proxy, FortiNet, CheckPoint.

Key Responsibilities

Architecture & Design

  • Design cloud and hybrid network topologies (hub‑and‑spoke/vWAN), IP addressing, UDRs/route tables, and peering aligned to zero‑trust principles.

·       Design, implement, and support hybrid/cloud network architectures with Cisco routing (BGP, OSPF, route redistribution, ECMP, VRFs).



  • Define egress/ingress patterns with Azure Firewall, NSGs, and route control; standardize segmentation and inspection points. Build/Maintain Azure networking: VNets, subnets, route tables, UDRs, NSGs/ASGs, Private Links, Load Balancers, and ExpressRoute/SD-WAN connectivity.
  • Architect Azure Front Door for global load balancing, path-based routing, health probes, origin groups, and custom domains; align Azure CDN caching strategies (TTL, rules engine, compression) to app patterns.
  • Establish secure internet access patterns via Skyhigh Proxy (SWG) including SSL inspection, category policies, PAC files, and exceptions.

Implementation & Operations

  • Configure advanced Cisco routing (BGP/OSPF, redistribution, filtering, ECMP) across cloud edge and hybrid connectivity (VPN/ExpressRoute).
  • Deploy/manage Azure Firewall (policy, rule collection groups, DNAT/SNAT, Threat Intelligence, IDPS/TLS inspection where applicable) with logging to Azure Monitor/Log Analytics.
  • Build Azure Front Door endpoints, routing rules, and custom domain bindings; integrate Azure CDN profiles/endpoints and caching rules for performance.

·       Implement Skyhigh SWG and Squid Proxy for SSL inspection, caching, and category-based filtering, caching, ACLs, PAC files)

·       Design, deploy, and maintain Azure virtual networks (VNets), subnets, network security groups (NSGs), and route table

·       Design and implement application delivery services (traffic manager, load balancer etc)

·       Design and implement Azure application GW (rewrite sets, conf. TLS, HTTP settings etc

·       Strong skill sets desired to implement, design and maintain Azure Firewall, WAF and Azure Firewall manager.

·       Configure and manage VPN gateways, ExpressRoute, and Azure Virtual WAN for hybrid connectivity.

·       Implement Azure Firewall, Application Gateway, Front Door, and Load Balancers for high availability and security.

·       Troubleshoot connectivity, routing, and latency issues in Azure and hybrid networks.

·       Manage DNS zones, Private Endpoints, and Network Peering in Azure.

·       Monitor and optimize network performance using Azure Monitor, Network Watcher, and Traffic Analytics.

·       Collaborate with cloud architects, security, and DevOps teams to ensure secure and scalable network designs.

·       Ensure compliance with security standards and implement network segmentation and zero-trust policies.

·       Participate in incident response, root-cause analysis, and documentation of solutions.

  • Govern allow/deny (whitelist/blacklist) for URLs, FQDNs, IPs, and categories across Firewall, SWG, and WAF—ensuring approvals, audit trails, and rollback.
  • Own TLS certificate lifecycle for edge (Front Door/CDN custom domains), proxies, and inspection devices: inventory, monitoring, renewals, rotations, and outage‑free deployment.
  • Plan and execute AMI/image upgrades (firewalls, WAFs, proxies, virtual appliances): evaluate release notes/CVEs, bake golden images, test in non‑prod, blue/green or canary rollout, and rollback.
  • Troubleshoot L3–L7 issues using packet captures, flow logs, WAF/Firewall/Front Door/CDN telemetry, and SIEM dashboards.

Automation & IaC

  • Develop Terraform modules for VNets/vWAN, subnets, NSGs, UDRs, Azure Firewall, Azure Front Door, Azure CDN (and API automations for SWG/WAF where supported).
  • Implement CI/CD (Azure DevOps/GitHub Actions) for terraform fmt/validate/plan/apply, policy guardrails (OPA/Conftest/Azure Policy), and drift detection.
  • Script (PowerShell/Python/Bash) bulk allow/deny updates, certificate renewals (request, bind, verify), AMI/image pipelines, config compliance, and reporting.
  • Integrate observability (Azure Monitor, Log Analytics, Sentinel/Splunk/Grafana) with SLOs for availability, latency, cache hit‑ratio, and security KPIs.

Governance, Security & Compliance

  • Enforce baseline configs, least privilege (RBAC), secrets/cert management, and change control (ITIL).
  • Drive vulnerability remediation and coordinate pen‑test findings for edge/network components.
  • Maintain runbooks, diagrams, inventories, and deliver L3 support and knowledge transfer.

Why join us

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

Business insight

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?

You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.

Diversity and Inclusion

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.
Share

Similar jobs

Jobs & contracts