This job posting isn't available in all website languages
JR-117 Requisition #
Share this Job
Closing Date: 30th September 2019 

Our IT vision is to be one global IT team delivering world class expertise, innovation and agile technology solutions, whilst ensuring the stability and security of all our IT platforms and services. Our industry is evolving fast and our clients have new demands. Emerging technologies and applications are creating new opportunities for transforming client relationships. As an IT function, we embrace and respond to these challenges, collaborating more and more with lawyers and Business Services teams to improve the way we deliver to clients.

The Role

Reporting to the Network Security Team Leader on daily basis, the Network Security Engineer has project delivery and operational responsibilities for ensuring the Clifford Chance global security network is available 24x7 and operates within optimal limits (approx. 80% Engineering and 20% Operational).  While the Engineering effort outweighs direct operational involvement, the role is to provide technical guidance to a team of Network Security Analysts performing operational support based off-shore.

This is a SME role and very hands on.  You will have expert technical and practical knowledge of all core network and network security technologies and components.

Key responsibilities

The Network Security Engineer's key responsibility is to ensure that defined standards in place across Network Security are implemented for any new projects. The Engineer will lead all technical design and implementation to ensure the smooth operation and security of the network infrastructure throughout its lifecycle.  Additionally, the Engineer will provide day to day technical guidance for all Network Security Operations Analysts based offshore.  They will also be escalation for the offshore team for critical incidents.


Services within remit include, but are not limited to: Branch office and Data Centre security, Firewall, Remote Access VPN, IDS/IPS, Internet, Web Proxy/URL Filtering, Azure, IPAM and External DNS.  

Design & Engineering

  • Define and enforce standards for Network Security, ensuring these are implemented and adhered to at all times within the global infrastructure.
  • Define and create system installation and configuration documents for reference.
  • Play a key part in the design and delivery of Network Security projects.
  • Produce and create all Network Security related HLD and LLD's inputs
  • Ensure relevant Knowledge Base (KB) articles exist and are maintained to support the swift resolution of future/repeat issues.
  • Identify and correct network security non-compliance issues.
  • Work closely with Network Security Team lead to influence and shape the strategic direction for Network Security services and platforms.
  • Support the Network Security Team lead with maintaining a delivery roadmap for all Network Security products and services, with at least a rolling 2-year outlook. 
  • Support Network Security Team lead with managing the Technology Lifecycle Management for all Network Security products, reviewing on a bi-annual basis to ensure it remains up to date.
  • Support the Network Security Team lead with investment planning; including business case, budget preparation and timeline determination.
  • Recommend new network security technologies to improve performance, reliability and scalability.
  • Work closely with other Network Engineers to plan and complete assigned tasks within deadlines.
  • Produce accurate bills of materials to support the technical designs including hardware, software and licensing.

Skills & Experience
  • You will have significant experience of network security and internet working within a global enterprise scale organisation (ideally 5000-50,000 users), with proven hands on work experience as an engineer in a similar role (identifying, designing and developing solutions).
  • You will be a recognised expert in your field with previous experience in roles such as Principle Security Engineer or Lead Security Engineer.
  • You will have considerable first-hand experience of defining standards and creating designs, as well as implementing technical solutions to meet the business requirements.
  • You will be used to providing technical support in a pressurised environment, ideally within legal or investment banking.
  • You will be an excellent communicator with effective influencing skills essential in order to function effectively in a matrix-managed environment and liaise effectively with global colleagues and team members at all levels.
You will have Expert knowledge and experience of the following areas:
  • CheckPoint Firewalls (NGFW, NGTP blades, Appliance, Virtual VSX, VPNs)
  • Web Proxy / URL filtering (preferably Websense/Forcepoint)
  • Cisco ASA Any Connect
  • Firewall Analyser ( preferably Algosec)
  • Azure (Checkpoint, NSGs)
  • Packet Capture and Netflow
  • L7 functions / Application Control and User Identity
  • Cisco Identity Services Engine (ISE)
  • Network Address Translation (NAT)
  • BGP and OSPF routing
  • MPLS, DMVPN, IPSec VPN, TACACS authentication
  • VLAN, Spanning Tree, L3 interfaces, HSRP, EIGRP, TCP/IP
  • Network Security products (including IDS, IPS, DLP)
  • DDOS mitigation techniques and technologies

You would ideally have a solid understanding or experience with the following areas: 

  • Cisco Routing & Switching (IOS, ASR, ISR and Nexus)
  • Cisco Wireless LAN Contorller & Access Points
  • WAN Optimisation (Riverbed)
  • F5 GTM and LTM load balancers (BIG-IP/Viprion)
  • Policy maps for routing
  • QoS (Quality of Service), ACL (Access Control Lists)
  • Network Monitoring & Alerting (SolarWinds/Eye of the Storm)
  • Various testing tools to troubleshoot and resolve complex technical issues
 You will have the following certification or demonstrable working experience:
  • Degree level qualification in a relevant field
  • Check Point CCSE certified
  • Cisco CCNA certified, CCNP strongly preferred
  • ITILv3 foundation or higher

It would be advantageous and desirable to have the following:

  • CCIE Security certification
  • Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/ ISA)
  • Systems management knowledge of Windows OS, Linux/Unix would be an advantage. scripting knowledge
Key Personal Attributes
  • You will be able to identify tasks and manage them effectively to completion autonomously without supervision.
  • You will be highly organised and have proven ability to operate well under pressure, working to tight deadlines; leading complex investigations to root cause analysis.
  • You will have excellent problem management and customer service skills.
  • You will have a positive attitude and be capable of remaining positive even when under immense pressure.
  • You work well with others, in a collaborative environment.
  • You discourage hero culture and ensure the team always comes before the individual.
  • You will have an attention to detail in everything you do along with a natural willingness to help your customers and colleagues.
  • You know what and when to escalate matters before they generate unwanted noise or attention.

In addition possess the following key attributes:


Analytical Thought and Problem Solving

The ability to gather and analyse information and to use the results of that analysis to make effective decisions and find innovative solutions to problems.

Communicating and Influencing

The ability to communicate clearly, persuasively and with sensitivity, both orally and in writing.

Commitment and Self-motivation

Commitment to both Clifford Chance and its clients*, demonstrated in the drive to improve both quality of delivery and personal performance. 

Leading and Developing Others

The ability to lead and manage others, both by contributing to the vision of the organisation and by enabling others to develop themselves.  

Organising and Managing Resources

The ability to plan and organise yourself and others effectively in order to meet business priorities. 

Working Relationships

The ability to form working relationships with others, both inside and outside of Clifford Chance, and to use those relationships to benefit both individuals and the organisation.  

To find out more:

Interested? To find out more about what it is like to work at Clifford Chance in London please visit our careers site

Equal Opportunities

Clifford Chance believes in equality of opportunity regardless of gender, age, race, colour, nationality, ethnic origin, religion, disability or sexual orientation.

If you are unable to access the Internet to apply for a position on line due to disability, please contact our Recruitment team on: Telephone: + 44 20 7006 3003.


Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My applications

View your applications

My applications