Bottomline IT
Description
Technical Skills (The Hard Skills)
Deep Networking Fundamentals: Must be an expert in TCP/IP, DNS, BGP, OSI model, subnetting, and routing. This is non-negotiable.
Cloud Platform Proficiency: Deep, hands-on experience with at least one major cloud provider:
AWS: Deep knowledge of VPC, Route 53, CloudFront, Direct Connect, Transit Gateway, ELB/ALB/NLB, and security services.
Azure: Deep knowledge of VNet, Azure DNS, Front Door/Application Gateway, ExpressRoute, Virtual WAN, and Load Balancer.
Google Cloud: Deep knowledge of VPC, Cloud DNS, Cloud Load Balancing, Cloud Interconnect, and Network Security.
Infrastructure as Code (IaC): Proficiency in Terraform (highly recommended) or AWS CloudFormation/Azure Resource Manager templates to automate and manage network infrastructure.
Security: Strong understanding of cloud security best practices, firewalls, DDoS mitigation, and zero-trust networking concepts.
Automation & Scripting: Ability to use scripting languages (like Python or PowerShell) to automate repetitive tasks and create custom solutions.
Container Networking: Understanding how networking works in containerized environments like Kubernetes (Docker, Kubernetes Services & Ingress controllers).
Requirements:
Town:
Randburg
Position:
Cloud Network Security Specialist
Starting Date:
December 4, 2025
Date Created:
November 26, 2025
Soft Skills
Problem-Solving: Ability to diagnose complex, distributed network issues under pressure.
Communication: Clearly explaining technical concepts to non-technical stakeholders and creating detailed documentation.
Collaboration: Working closely with security teams, developers, and other infrastructure teams.
Typical Qualifications
Education: Bachelor’s degree or diploma in computer studies, or a related field.
Experience: 3+.
Certifications (Highly Valued)
CCNA (Cisco Certified Network Associate): Excellent for reinforcing core networking knowledge.
Cloud-Specific (The Big Three):
AWS Certified Solutions Architect – Association
AWS Certified Advanced Networking – Specialty (This is the gold standard for this role in AWS)
Microsoft Azure:
Azure Administrator Associate (AZ-104)
Azure Network Engineer Associate (AZ-700) (The direct equivalent for Azure
Duties Include:
Duties & Responsibilities
Duties & Responsibilities
Core Responsibilities and Day-to-Day Tasks
1. Design & Architecture:
Designing secure cloud network architectures.
Elastic and flexible tenant network services, such as VPC, DNS, QoS, load balancer, elastic IP, NAT gateway, VPN, etc
Manage The SDN controller implements flexible, centralized, and fine-grained management and control of network resources, enabling the plug-and-play of devices, and facilitates the end-to-end automated network delivery process.
An optional SDN analyzer is equipped with a large-scale data engine and an AI library, enabling the visualization of application traffic paths and intelligent operation and maintenance.
VxLAN technology enables network virtualization and resource pooling, resolving the IP address overlapping issue with VPC for isolating various applications and facilitating application migrations.
Supports IPv4 / IPv6 dual-stack network. Implements network segmentation strategies (utilizing subnets, security groups, and NACLs) to establish security boundaries.
Planning and deploying hybrid and multi-cloud connectivity (using VPNs, Direct Connect, ExpressRoute).
Architecting a "Zero Trust" network model where trust is never assumed.
2. Implementation & Configuration:
Configuring and managing Firewalls (including next-generation firewalls like Palo Alto, Check Point, or native cloud firewalls).
Setting up and tuning Web Application Firewalls (WAFs) to protect web apps from common exploits.
Implementing Intrusion Detection/Prevention Systems (IDS/IPS).
Configuring secure routing and gateways to control traffic flow.
3. Identity & Access Management for Networking:
While not solely an IAM role, they work closely with it to enforce network-level access policies based on identity.
Ensuring that security policies (like Security Groups) adhere to the principle of least privilege.
4. Monitoring, Detection & Response:
Using tools like cloud-native Network Security Groups (NSG) Flow Logs or VPC Flow Logs to monitor network traffic.
Analyzing logs with SIEM systems (like Splunk, Azure Sentinel, AWS Security Hub) to detect anomalous behavior.
Investigating security incidents related to the network (e.g., DDoS attacks, unauthorized access attempts).
5. Automation & Compliance:
Using Infrastructure as Code (IaC) tools like Terraform or CloudFormation to deploy and manage secure network configurations consistently.
Writing scripts (in Python, PowerShell, etc.) to automate security checks and responses.
Ensuring the cloud network complies with industry standards and regulations (e.g., PCI DSS, HIPAA, SOC 2).
Additional Info: