شُغل
For Job SeekersFor EmployersJobs
شُغل
For Job SeekersFor EmployersJobs
شُغل
For Job SeekersFor EmployersJobs
شُغل
For Job SeekersFor EmployersJobs
  1. ›
  2. Network Engineer L3

Network Engineer L3

Star

JubailFull-time

6–10 years of experience

3 weeks ago

Job description

Network Engineer L3 — Roles & Responsibilities

  1. Network Design & Architecture
  • Own HLD/LLD for enterprise LAN/WAN, DC, and cloud connectivity
  • Design redundant, scalable topologies — spine-leaf, hub-spoke, SD-WAN
  • Define IP addressing, VLAN structure, routing domains, and segmentation strategy
  1. Escalation & Incident Ownership
  • Final escalation point for L1/L2 — you close it, not pass it
  • Lead P1/P2 bridge calls, drive RCA, own post-mortem
  • Coordinate with NOC, security, and vendors during major incidents
  1. Routing & Switching (Advanced)
  • Manage and tune BGP policies, OSPF areas, MPLS/VRF, redistribution
  • Handle complex STP issues, VPC/MLAG, LACP, and trunk failures
  • Own inter-DC and ISP peering configurations
  1. Security & Compliance
  • Enforce segmentation — VRF, VLAN isolation, firewall zones
  • Review and approve ACLs, firewall rules, NAC policies
  • Support audits — PCI, ISO 27001, NIST alignment on network layer
  1. Cloud & Hybrid Networking
  • Own AWS/Azure network integration — VPN Gateway, ExpressRoute, Transit Gateway
  • Design and troubleshoot hybrid connectivity — on-prem to cloud routing
  • Collaborate with cloud architects on network policy
  1. Automation & Tooling
  • Build and maintain automation — Python, Ansible, Netmiko
  • Automate config backups, compliance checks, provisioning workflows
  • Integrate with ITSM/IPAM/NMS platforms
  1. Monitoring & Performance
  • Own network observability — NetFlow, SNMP, syslog pipelines
  • Proactive capacity planning — identify bottlenecks before they become incidents
  • Define and track SLAs, latency, packet loss thresholds
  1. Documentation & Change Management
  • Maintain accurate network diagrams, IP plans, and runbooks
  • Author and review RFCs/change records — no undocumented changes
  • Keep post-mortems and lessons-learned documented
  1. Vendor & Stakeholder Management
  • Own TAC cases — Cisco, Palo Alto, Juniper, Fortinet
  • Evaluate new hardware/software — PoC, testing, recommendation
  • Present technical decisions to management and non-technical stakeholders
  1. Mentorship & Leadership
  • Technically guide L3 engineers — knowledge transfer, not just answers
  • Conduct design and config peer reviews
  • Set team standards — naming conventions, hardening baselines, change process

Desired Candidate Profile — Network Engineer L3

Technical Depth

  • Can design end-to-end — not just configure what's handed to them
  • Understands why a protocol behaves a certain way, not just how to configure it
  • Reads packet captures, interprets routing tables, and diagnoses without a runbook
  • Has broken things in production and fixed them under pressure

Core Technical Profile

DomainWhat We ExpectRoutingBGP multihoming, path manipulation, OSPF tuning, MPLS L3VPNSwitchingVPC/MLAG, MSTP, Q-in-Q, LACP negotiation issuesFirewallsZone-based policy, NAT hairpin, asymmetric routing issuesSD-WANPolicy-based routing, app-aware steering, overlay/underlay separationCloudExpressRoute, Direct Connect, Transit Gateway, route propagationAutomationScript-first mindset — Python, Ansible, REST APIsMonitoringCan build a dashboard, not just read one

Experience Profile

  • 5–8 years hands-on — enterprise, SP, or large MSP environment
  • Has owned a network migration or redesign project end to end
  • Has managed multi-vendor environments — not just one OEM
  • Has worked on-call and handled real P1 incidents alone

Certifications

LevelCertRequiredCCNP Enterprise / JNCIP / NSE4+Strong PlusCCIE / JNCIE / NSE7BonusAWS/Azure Networking Specialty

Problem-Solving Style

  • Structured — isolates layer by layer, doesn't guess randomly
  • Calm under pressure — incident bridge calls don't rattle them
  • Data-driven — uses logs, flows, and captures — not assumptions
  • Owns the problem — doesn't deflect to another team without evidence

Communication & Soft Skills

  • Can explain a routing loop to a CISO without using BGP terminology
  • Writes clean, clear documentation — diagrams match reality
  • Pushes back on bad designs — respectfully, with data
  • Comfortable presenting to management and defending technical decisions

Mindset

  • Security-first — thinks about attack surface when designing, not after
  • Automation bias — if done more than twice, it should be scripted
  • Proactive — monitors trends, flags risks before they become incidents
  • Continuous learner — tracks CVEs, vendor EOL, protocol RFCs

Red Flags (What disqualifies a candidate)

  • Can configure but can't explain why
  • Has never touched a firewall or security policy
  • Relies entirely on GUI — no CLI fluency
  • No experience with change management or documentation discipline
  • Falls apart when the runbook doesn't apply

Related jobs

    Star Services

    DammamFull-time

    2 months ago

    Star Services

Jobs

Your gateway to the best job opportunities in Saudi Arabia

Links

Follow us

© 2026 Shougl — All rights reserved

Dammam
Full-time
2 months agoDetails
Privacy Policy
Terms of Use
System Engineer
Details
System Engineer