L3 Onsite Network Engineer

Must Have Technical/Functional Skills

Very strong knowledge on routing, switching, network security protocols especially Zscaler VPN solution, Palo alto, Aruba, CISCO switches, Panorama, Zscaler ( ZCC and ZPA )

Roles & Responsibilities

• Design and implement high-performance, secure, and scalable network solutions that meet business requirements.
• Plan and execute network upgrades, expansions, and optimizations to support growth and technological advancements.
• Develop and maintain network architecture diagrams, documentation, and standard operating procedures.
• Monitor, manage, and maintain the network infrastructure, ensuring optimal performance and minimal downtime.
• Implement and manage network monitoring tools and systems to proactively identify and resolve issues.
• Perform regular network maintenance tasks, including updates, patches, and configuration changes.
• Diagnose and resolve complex network issues related to connectivity, performance, and security.
• Provide third-tier support for network-related incidents, collaborating with other IT teams as needed.
• Analyze network traffic and performance metrics to identify bottlenecks, inefficiencies, and security risks.
• Implement and maintain robust network security measures, including firewalls, VPNs, and intrusion detection/prevention systems.
• Conduct regular security audits, vulnerability assessments, and risk management activities.
• Ensure compliance with industry standards and organizational security policies.
• Lead or participate in network-related projects, ensuring timely delivery and alignment with business goals.
• Collaborate with cross-functional teams to design and implement network solutions that support new applications, services, and technologies.
• Validate ZCC agent status (running, enrolled, service health)
• Validate user authentication (SSO login attempts, MFA prompts)
• Business-critical app blocked (URL category, blacklist) Troubleshooting from VPN perspective
• SSL Inspection exceptions (bypass specific domains)
• URL category updates (reclassification)
• Allow/block list changes (domain or URL) in Zscaler
• ZIA Firewall / Cloud App Controls (if licensed: L7 firewall rules, app control)
• Threat protection controls (ZIA IPS, malware, sandboxing)
• Performance / slowness (latency, DNS, routing, tunnel issues)
• Routing / DNS problems
• WAN / ISP issues (circuit, upstream problems)
• VPN/ZCC coexistence (split tunneling, routing overlap)
• Unexpected Zscaler behavior (redirect loops, intermittent connection)
• ZCC install/uninstall
• ZCC corruption / agent malfunction troubleshooting
• EDR/AV conflicts with ZCC troubleshooting
• Zscaler tunnel management (GRE/IPSec health, failover)
• Zscaler PAC file management (ruleset updates, hosting, troubleshooting)
• ZIA admin policies (device posture, app segmentation, identity rules)
• Identity / SSO integration (Azure AD, SCIM, user attributes)
• Role-based admin access (RBAC roles, Zscaler admin privileges)
• Zscaler TAC engagement (support tickets, troubleshooting escalations)
• ZIA release management (client connector upgrades, feature adoption)
• Zscaler reporting/dashboarding (usage, SSL, threat, performance)
• ZIA capacity & performance monitoring (tunnel load, DC selection)
• Change management (CAB review for Zscaler changes)
• Zscaler roadmap & strategy (align features, plan enhancements)
• Escalation to SOC (filtering-related)
• Escalation to IT Ops (infrastructure/platform-related)
• Policy/exception/risk approvals (SSL, access exceptions)
• Stay up-to-date with the latest networking technologies, trends, and best practices.
• Identify opportunities to improve network performance, security, and reliability.

Education

Education: Bachelors degree in Computer Science, Information Technology, or a related field. Advanced certifications (e.g., CCNP, CCIE, or equivalent) are highly desirable.

Experience

• Lead and build strong relationships and teams.
• 10+ years of experience in network engineering, with a focus on complex and large-scale networks.
• Proven experience with network design, implementation, and troubleshooting in enterprise environments.
• In-depth knowledge of networking protocols (e.g., BGP, OSPF, MPLS, TCP/IP, DNS, DHCP).
• Extensive experience with network hardware (e.g., routers, switches, firewalls) from Cisco, Aruba, Palo Alto and others.
• Strong understanding of network security principles and technologies (e.g., firewalls, VPNs, IDS/IPS, Zscaler).
• Proficiency in network monitoring and management tools (e.g., Logic Monitor, Wireshark).
• Experience with cloud networking (e.g., AWS, Azure)
• Excellent problem-solving and analytical skills, with the ability to troubleshoot complex issues.
• Strong communication skills, with the ability to explain technical concepts to non-technical stakeholders.
• Ability to work independently and as part of a team, managing multiple priorities and projects.
• Certifications: CCNP, CCIE, or other relevant network certifications are preferred.

Salary Range

Salary Range: $130,000-$160,000 a year

#LI-KR3

TCS Employee Benefits Summary

• Discretionary Annual Incentive.
• Comprehensive Medical Coverage: Medical & Health, Dental & Vision, Disability Planning & Insurance, Pet Insurance Plans.
• Family Support: Maternal & Parental Leaves.
• Insurance Options: Auto & Home Insurance, Identity Theft Protection.
• Convenience & Professional Growth: Commuter Benefits & Certification & Training Reimbursement.
• Time Off: Vacation, Time Off, Sick Leave & Holidays.
• Legal & Financial Assistance: Legal Assistance, 401K Plan, Performance Bonus, College Fund, Student Loan Refinancing.