Network Engineer

Sovereign Network Group (SNG) is a leading housing association dedicated to providing exceptional services to our communities. We're looking for a skilled and motivated Network Engineer to join our Cloud Infrastructure team within the CIO Directorate.

You'll take a hybrid approach working from home and in the Basingstoke office 2 days per week. You'll also have to visit our other offices across our geography, so a full UK Drivers License and your own transport is essential.

The Role

As a Network Engineer, you'll play a crucial role in designing, implementing, supporting, and evolving modern cloud and on-premises network infrastructure – with a strong emphasis on Azure-native networking, zero trust principles, and next-generation security controls powered by Palo Alto Networks.

You will be instrumental in transforming our network landscape, replacing legacy infrastructure with secure, scalable, and policy-driven architectures built around Azure Virtual Networks (VNets), Palo Alto VM-Series firewalls, Prisma Access, and Strata Cloud Manager.

This role operates at the intersection of engineering, architecture, governance, and operational leadership, working closely with Security Assurance, Security Operations, and external partners.

Key Responsibilities include:

Cloud & Azure Network Engineering

1. Lead the design, rationalisation, and implementation of Azure Virtual Networks (VNets) including peerings, subnet design, UDRs, NSGs, and integration with VNGs (Azure Virtual Network Gateways).
2. Design and operate Palo Alto VM-Series NGFWs in Azure, delivering secure inbound, outbound, and east-west traffic inspection using the Transit VNet hub-and-spoke model.
3. Implement and optimize site-to-site IPSEC VPNs and ExpressRoute integrations for hybrid cloud connectivity between Azure, Equinix LD8, and SNH/SHA campuses.
4. Conduct detailed application discovery and microsegmentation planning to define secure traffic flows and Zero Trust policy baselines.

Next-Generation Security Engineering

1. Administer and enhance Palo Alto VM-Series, PA-3420 firewalls, and Strata Cloud Manager as the centralized policy engine across cloud and on-prem deployments.
2. Implement and support Palo Alto Prisma Access (GlobalProtect) for remote access, including policy design, portal configuration, SAML+MFA integration, and service connections.
3. Deploy and manage Strata Logging Service, ensuring logs are securely forwarded (TLS) for analysis and compliance, including operational management of alerting, routing, and certificate handling.

Architecture & Governance

1. Own the end-to-end documentation of network topologies, routing architecture, and firewall policies across Azure, LD8, and WAN environments.
2. Drive and participate in Change Advisory Board (CAB) processes, preparing and reviewing technical change documentation aligned to governance standards.
3. Act as a subject matter expert for security assurance reviews, supporting risk assessments, compliance reviews, and network threat modelling initiatives.

Legacy Infrastructure Transition

1. Lead the decommissioning and migration from Cisco ASA, Meraki, Fortinet firewalls, and Nexus switches to next-gen infrastructure.
2. Support the transformation of Cisco Meraki environments into Cisco Catalyst Center (formerly DNA Center).
3. Liaise with and oversee suppliers managing ExpressRoute, internet services, SD-WAN, and MPLS, ensuring aligned SLAs and governance.

Operations & Support

1. Provide 3rd line engineering support for escalated incidents, proactively resolving performance and availability issues.
2. Support network monitoring, log analysis, and telemetry configuration, driving early detection and incident prevention.
3. Contribute to capacity planning, DR planning, patch management, and lifecycle upgrades.
4. Participate in on-call support rotation and out-of-hours change implementations.

What We're Looking For:

Technical Expertise

1. Strong experience designing and implementing Azure network infrastructure, including VNets, Azure Virtual Network Gateways (VNG), Transit VNet architectures, and ExpressRoute.
2. Hands-on engineering expertise with Palo Alto NGFWs (VM-Series, PA-3420), Strata Cloud Manager, Strata Logging Service, and Prisma Access.
3. Proven ability to deliver application-aware micro segmentation using Zero Trust principles in cloud and hybrid environments.
4. Experience with IPSEC VPNs, BGP routing, NSGs/UDRs, and inter-region VNet peering.
5. Familiarity with SCEP, TLS, certificates, and secure log forwarding.

Legacy to Modern Transition Experience

1. Cisco experience across Catalyst, Meraki, DNA Center, and Nexus switching platforms.
2. Fortinet and ASA firewall knowledge is desirable to support transition.
3. Experience managing or migrating from traditional MPLS/IPVPN to modern SD-WAN and cloud-native networks.

Tools & Methodologies

1. Strong documentation skills using Visio, Lucidchart, or equivalents.
2. Understanding of frameworks such as TOGAF, ITIL, Agile methodologies.
3. Experience using ticketing, monitoring, and log platforms (e.g., ServiceNow, Panorama, Azure Monitor, Wireshark, Palo Alto CLI/API).

Preferred Certifications

1. PCNSE – Palo Alto Networks Certified Network Security Engineer
2. AZ-700 – Designing and Implementing Microsoft Azure Networking Solutions
3. CCNP/CCIE or equivalent
4. ITIL Foundation or higher

What we can offer you

We invest in our people, and you will be able to develop your skills and be part of something that makes a real difference to people's lives. This role can give you the opportunity for a career within a successful and diverse organisation.

Some of our benefits include:

• £450 yearly flexible benefit pot to use against benefits of your choice
• Flexible working
• 25 Days Holiday + Bank Holidays (with an extra day every year up to 30 days)
• A chance to buy or sell holiday as part of our flexible benefits package
• A generous pension scheme matching up to 12%
• Life cover as soon as you join us
• You will be a part of our Recognition scheme where you can be gifted retail vouchers
• A range of wellbeing discounts including Gym Memberships
• A wide selection of other benefits available

About us

We are now the 6th largest housing association by size - with almost 3000 colleagues, over 82,000 homes and over 210,000 customers across London and the South.

While we're a not-for-profit organisation with every penny reinvested in homes and services, we are also a major business. What we do makes a real difference to people's lives and by joining us you can share the satisfaction of doing something that really matters.

We are committed to our Equality Diversity and Inclusion strategy and believe that you can truly be yourself at Sovereign. Have a look at our careers site to learn more about us and our values.