Senior Network Engineer – Cloud & On-Prem
Space NK
- London, England, United Kingdom
- London, England, United Kingdom
Über
If you love beauty, you’re in the right place. As the ultimate curator of over 100 of the most in-demand, highly innovative and boundary-pushing beauty brands, we are the go‑to destination for worldwide beauty discovery. Together through our neighbourhood stores, online presence and loyalty scheme, Space NK has built a flourishing community in which to discover beauty. The customer is at the heart of everything we do, and we will always endeavour to offer everything they need to help them explore, experiment, and enjoy our brands.
About The Role Space NK operates a hybrid network spanning Microsoft Azure, corporate offices, datacentres, and a nationwide retail store estate. As Senior Network Engineer, you will design, deploy, secure, and operate all network infrastructure across cloud and on‑prem environments, with Azure as the primary cloud platform.
Your Role This is a hands‑on engineering role with architectural influence, responsible for routing, switching, firewalls, network security enforcement, hybrid connectivity, SD‑WAN, ExpressRoute, and retail store networking. You will ensure high availability, performance, resilience, and security of all network services supporting both corporate and retail operations.
Key Responsibilities Designing and maintaining Azure and on‑premises network architectures.
Operating enterprise routing, switching, firewalls, and wireless networks.
Optimising performance and resilience across WAN, SD‑WAN, and hybrid Azure/on‑prem connectivity.
Ensuring secure segmentation and network security best practices.
Supporting retail store networking, POS connectivity, and operational stability.
Monitoring, troubleshooting, and automating network operations.
Managing vendors, carriers, and network service providers.
Contributing to infrastructure projects and network modernisation initiatives.
Azure Cloud Networking
Design, implement, and manage Azure Virtual Networks (VNets), hub-and-spoke architectures, subnets, IP schemas, and VNet peering.
Deploy and support NSGs, ASGs, Azure Firewall, and network segmentation aligned to Zero Trust.
Implement and operate Network Virtual Appliances (Cisco, Juniper, Palo Alto, Fortinet) using UDR-based routing and service chaining.
Manage UDRs, route tables, custom routing, and secure traffic flows.
Operate Azure Application Gateway, Load Balancer, and Front Door for application delivery.
Use Azure Network Watcher, packet capture, flow logs, and diagnostics for troubleshooting.
Configure and maintain Azure VPN Gateways and ExpressRoute circuits, including routing optimisation and HA design.
On-Premises Networking
Design, operate, and secure enterprise LAN/WAN using Cisco, Juniper, Meraki, or HPE/Aruba switching and routing platforms.
Configure and optimise routing protocols (BGP, OSPF, EIGRP), static routing, and route summarisation.
Deploy and manage firewalls such as SonicWall, Palo Alto, Fortinet, rule‑based, NAT, segmentation, and HA pairs.
Support core network services: DNS, DHCP, IPAM, NTP, RADIUS/TACACS+ (for network device authentication).
Conduct deep packet analysis using Wireshark, tcpdump, or vendor tools.
Maintain datacentre network connectivity including LAG/MLAG/VPC, redundant uplinks, and high‑availability designs.
Retail Store Networking
Design and support retail store network solutions using Cisco Meraki as the strategic platform.
Manage SD‑WAN or MPLS store connectivity, breakout policies, WAN performance, and QoS for tills/POS.
Deploy 4G/5G failover solutions for resilience during provider outages.
Ensure PCI‑compliant segmentation across tills, IoT, CCTV, staff devices, and guest Wi‑Fi.
Troubleshoot complex store issues involving tills, PDQs, Wi‑Fi interference, and cloud backhaul.
Produce deployment playbooks and support new store openings, refurbishments, and relocations.
Collaborate with ISPs, SD‑WAN vendors, and fit‑out partners to maintain store uptime and connectivity performance.
Hybrid Connectivity
Design and operate hybrid connectivity between Azure and on‑prem datacentres using ExpressRoute, IPsec VPN, and private peering models.
Optimise routing between Azure VNets and on‑prem LAN/WAN networks.
Troubleshoot hybrid network issues, including asymmetric routing, MTU mismatches, latency, and packet loss.
Ensure secure, resilient, and monitored connectivity for all hybrid traffic paths.
Monitoring, Troubleshooting & Automation
Use SolarWinds, PRTG, SNMP, Syslog, NetFlow, Azure Monitor, and vendor diagnostics for full‑stack monitoring.
Perform root‑cause analysis across corp, cloud, datacentre, and retail networks.
Automate network builds using Terraform, PowerShell, Python, Azure CLI, or REST APIs.
Implement network‑as‑code practices and maintain standardised configuration templates.
Governance, Security & Compliance
Implement network security controls including segmentation, ACLs, firewall rules, and traffic flow restrictions.
Ensure network designs align to PCI DSS, ISO 27001, and NIST network‑layer requirements.
Contribute to network‑related incident response activities.
Participate in CAB/change control and audit readiness.
Manage escalations with ISPs, WAN carriers, and SD‑WAN providers to ensure SLA performance and rapid issue resolution.
Essential Experience
Strong hands‑on experience designing and managing Azure networking (VNets, routing, Azure Firewall, VPN Gateway, Private Link, Load Balancing).
Extensive experience with Cisco/Meraki/Aruba/Juniper or equivalent enterprise LAN/WAN platforms.
Direct experience supporting retail store networks, tills/POS connectivity, Wi‑Fi, and guest access.
Experience managing firewalls (SonicWall, Palo Alto, Fortinet) including HA and SD‑WAN functions.
Deep knowledge of routing, switching, TCP/IP, DNS, DHCP, BGP, OSPF, VPN tunnels, and IPv4/IPv6.
Experience designing hybrid connectivity (Azure ExpressRoute, VPNs, private peering).
Proficiency in packet analysis and complex troubleshooting (Wireshark, iperf).
Familiarity with SD‑WAN technologies used in retail or enterprise environments.
Strong documentation skills (HLDs, LLDs, diagrams, runbooks).
Desirable Experience
Azure Virtual WAN, Network Virtual Appliances (NVAs), or third‑party cloud firewalls.
AWS networking (VPC, TGW, Direct Connect, routing basics).
Experience with Meraki and wireless design (Ekahau) or large‑scale Wi‑Fi deployments.
QoS, WAN optimisation, and global application delivery (Front Door, CloudFront).
Automation using Terraform, GitOps workflows, or CI/CD pipelines.
All applicants must have the right to live and work in the UK.
Space NK are an equal opportunities employer.
Only successful candidates will be contacted.
For more information about benefits and diversity, inclusion, and belonging, please visit our website.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.