Job Description

Senior Cloud Network Security Engineer (Category – Architect)

Sector: Oil and Gas

Department: IT Infrastructure & Security

Location: Doha, Qatar

At Codvo, software and people transformations go hand-in-hand. We are a global empathy-led technology services company. Product innovation and mature software engineering are part of our core DNA. Respect, Fairness, Growth, Agility, and Inclusiveness are the core values that we aspire to live by each day.

We continue to expand our digital strategy, design, architecture, and product management capabilities to offer expertise, outside-the-box thinking, and measurable results.

The Senior Cloud & Network Security Engineer will be responsible for designing, implementing, and safeguarding the company’s core digital and network infrastructure through robust architecture, secure connectivity, and proactive defence strategies. The role encompasses network design, routing and switching, firewalls, load balancers (LB), web application firewalls (WAF), VPNs, and hybrid cloud security across on-premises and cloud (Azure, GCP) environments.

The engineer will ensure high availability, resilience, and compliance of all network and security systems, providing expert guidance to cross-functional teams and ensuring alignment with corporate cybersecurity and infrastructure standards.

Key Responsibilities

Infrastructure & Network Security Management

• Design, deploy, and manage secure enterprise network architectures spanning on-premises data centers, field assets, and multi-cloud environments (Azure and GCP).

• Configure and maintain routing and switching infrastructure, including VLANs, BGP, OSPF, and WAN/LAN connectivity.

• Manage enterprise firewalls, VPNs, load balancers (F5, Azure Application Gateway), WAFs, and IDS/IPS systems to ensure end-to-end network security.

• Implement and enforce network segmentation, access control lists (ACLs), and zero trust network policies to secure sensitive environments.

• Ensure availability, performance, and scalability of network services through continuous monitoring, optimization, and proactive capacity planning.

• Integrate network telemetry and logs into enterprise SIEM platforms to support threat detection, visibility, and response.

• Collaborate with DevOps, Cloud, and Infrastructure teams to embed security principles within all network and infrastructure deployments.

• Ensure compliance with internal cybersecurity frameworks and external standards such as ISO 27001, NIA Qatar, and energy sector security mandates.

Cloud Security (Azure & GCP)

• Design and enforce cloud network topologies and security configurations using native controls such as Azure Virtual Networks, Network Security Groups (NSGs), Firewalls, Private Endpoints, and Google VPC Service Controls.

• Secure interconnectivity between on-premises and cloud through ExpressRoute, VPN gateways, and hybrid peering.

• Integrate security-by-design practices into infrastructure-as-code (IaC) and DevSecOps pipelines to ensure consistent and automated network provisioning.

• Manage cloud-native load balancing, WAF, DDoS protection, and application gateways for secure application delivery.

Threat Detection, Incident Response & Compliance

• Monitor and analyze network traffic to detect anomalies, intrusions, and advanced threats.

• Respond to network security incidents, coordinate investigation and remediation efforts, and implement corrective actions.

• Maintain configuration baselines, patch management routines, and ensure full compliance with corporate and regulatory security standards.

• Perform periodic risk assessments, vulnerability scans, and network penetration reviews to identify and mitigate risks.

Advisory & Architecture Support

• Participate in design reviews of new digital transformation projects, ensuring alignment with network and security architecture standards.

• Provide technical leadership and mentorship to network and infrastructure teams, fostering a culture of secure design and continuous improvement.

• Advise stakeholders on network resilience, redundancy, and secure connectivity strategies across all business units.

Required Skills and Qualifications:

• Bachelor's degree in Computer Engineering, Cybersecurity, Information Systems, or related field.

• 10+ years of experience in network and infrastructure security within large-scale enterprise IT or OT environments.

• Proven expertise in:

o Routing and switching (Cisco, Juniper, or equivalent)

o Enterprise firewalls (Palo Alto, Fortinet, Cisco ASA)

o Load balancers (F5, Azure Application Gateway, NGINX Plus)

o Web Application Firewalls (WAF) and reverse proxy systems

o VPN, IPSec, SSL/TLS, and Zero Trust network architectures

o Cloud networking and security (Azure, GCP)

o Network automation (Terraform, Ansible, ARM templates)

• Experience with SIEM, SOAR, and threat intelligence platforms (e.g., Azure Sentinel, Chronicle, Splunk).

• Excellent problem-solving skills and ability to lead incident response efforts under pressure.

Technical Proficiencies

• Enterprise Firewalls & Security Appliances: Palo Alto, Fortinet, Cisco ASA

• Load Balancers & WAF: F5, Azure Application Gateway, Cloudflare, GCP equivalents

• Routing & Switching: Cisco, Juniper, Layer 3 segmentation, BGP/OSPF

• Cloud Security Tools: Azure Security Center, Microsoft Defender for Cloud, GCP Security Command Center

• IAM & Access Control: Azure AD Conditional Access, GCP IAM, MFA, SSO

• Automation & IaC: Terraform, Ansible, ARM templates

Preferred Qualifications

• Professional certifications such as CISSP, CCSP, Cybersecurity Architect Expert (SC-100) or AZ-500 (Azure Security Engineer) or Google Cloud Security Engineer

• Experience in oil & gas, energy, utilities, or critical infrastructure sectors

• Familiarity with OT (Operational Technology) environments and ICS/SCADA systems

• Exposure to multi-cloud security strategy and cloud-native DevSecOps practices