Network security engineer

Mission Overview:Keystone Solutions is looking for a Senior Network Security Engineer to join our team as a consultant and deliver a high-impact mission for our client, a leading banking institution in Brussels. You will operate under Keystone Solutions’ consultancy model, working closely with the client’s engineering, operations, and security stakeholders to design, implement, harden, and maintain resilient, compliant, and highly available network security services in a critical financial environment.Consultancy Model at Keystone Solutions:You will be employed as a Keystone Solutions consultant, delivering outcomes on-site at the client location in Brussels, with the flexibility to work in a hybrid setup in line with the client’s policy.You will collaborate daily with the client’s teams while being supported by Keystone Solutions’ community of experts, best practices, and enablement resources.You will contribute immediately to this banking engagement and, over time, have opportunities to take on additional missions across new client projects, broadening your impact and expertise.You will bring Keystone Solutions’ values—craftsmanship, curiosity, ownership, transparency, teamwork, and impact—to every client interaction and deliverable.Key Responsibilities:Design, implement, and operate enterprise-grade network security architectures for a banking environment, including next-generation firewalling, secure routing, segmentation, and secure remote access, as a Keystone Solutions consultant working on-site with the client.Engineer and maintain NGFW policies, NAT, App-ID/URL filtering, threat prevention, SSL decryption, and global security baselines across multi-tenant and high-availability deployments.Manage and optimize load balancing and application security services (e.g., F5 BIG-IP/LTM/ASM/Advanced WAF) including SSL offloading, iRules, and traffic steering for mission-critical banking applications.Design and execute network segmentation strategies (including micro-segmentation and Zero Trust principles) across data center, campus, WAN, and cloud environments to reduce lateral movement risk.Implement and support VPN (site-to-site and remote access), IPsec/SSL, and secure proxy services (e.g., Zscaler or Blue Coat), ensuring robust authentication and least privilege.Deploy and tune IDS/IPS, anti-DDoS, DNS security, and threat intelligence integrations to meet the bank’s resilience and detection objectives.Own NAC strategy and operations (e.g., Cisco ISE), including 802.1X, device profiling, posture assessment, and guest access within regulated network zones.Harden network and security infrastructure (routers, switches, firewalls, load balancers) following industry benchmarks, bank-approved baselines, and secure configuration standards.Integrate network security telemetry with SIEM/SOAR platforms (e.g., Splunk, QRadar) and contribute to detection use cases and continuous improvement.Lead incident response for network security events: triage, containment, forensics support, root cause analysis, and remediation; provide post-incident reporting to client stakeholders.Perform vulnerability and configuration risk management for network and security assets; validate remediations and track closure through change governance.Engineer connectivity and security for hybrid cloud (e.g., Azure/AWS) including secure VPC/VNet design, routing, firewalls, service endpoints, private links, and cloud-native controls.Automate routine tasks and configuration deployments using Python, Ansible, or Terraform; maintain version-controlled infrastructure-as-code practices.Contribute to architecture and design documentation, HLD/LLD, operations runbooks, and security standards to ensure auditability and maintainability.Plan and execute changes through ITIL-based processes; support after-hours maintenance windows and participate in an on-call rotation as required by the client.Partner with risk, audit, and compliance teams to align controls with regulatory and industry standards relevant to banking (e.g., NIS2, ISO/IEC 27001, SWIFT CSP, EBA and GDPR expectations).Mentor client team members, share knowledge, and champion best practices as part of Keystone Solutions’ consulting excellence.Required Skills and Experience:7+ years of hands-on experience in network security engineering within large-scale, mission-critical environments; strong exposure to financial services or other highly regulated sectors.Expertise with next-generation firewalls such as Palo Alto Networks, Check Point, or Fortinet, including high availability, policy engineering, and threat prevention.Strong proficiency with routing, switching, and SDN technologies (e.g., BGP, OSPF, EVPN/VXLAN, Cisco IOS/NX-OS, ACI, or equivalent) and secure network design patterns.Practical experience with load balancers and application security (F5 BIG-IP LTM/ASM/Advanced WAF or equivalent) for high-volume banking applications.Proven skills in network segmentation, NAC (e.g., Cisco ISE), IDS/IPS, DDoS protection, DNS security, and secure web proxies.Hands-on experience integrating telemetry with SIEM/SOAR (e.g., Splunk, QRadar) and contributing to detection and response.Working knowledge of hybrid cloud networking and security (Azure and/or AWS), including firewalls, gateways, private connectivity, and cloud security groups.Solid scripting/automation capabilities with Python and/or Ansible; familiarity with Terraform and Git-based workflows.Strong understanding of security governance and controls aligned to NIS2, ISO/IEC 27001, SWIFT CSP, EBA expectations, and GDPR.Demonstrated experience in incident response and problem management in high-availability settings.Comfort with ITIL processes, structured change management, and rigorous documentation.Excellent communication and stakeholder management skills; ability to lead technical discussions and produce clear, audit-ready documentation.Language: strong professional English is required; French or Dutch is a significant advantage for Brussels-based collaboration.Ability to pass background checks applicable to banking environments; valid EU work authorization for on-site work in Brussels.Bonus Points:Certifications such as CISSP, CCNP Security, PCNSE, Check Point CCSE, Fortinet NSE 4/7, F5 201/301, or GIAC (e.g., GCIA, GCIH).Hands-on with Palo Alto Panorama, Prisma Access, Zscaler Internet Access/Private Access, or Check Point SmartConsole/SmartEvent.Experience with IaC at scale (Terraform), pipeline automation (GitLab CI/GitHub Actions), and configuration compliance.Knowledge of Kubernetes networking and security (CNI, network policies, ingress, service mesh) and securing container platforms.Exposure to SSO/federation (SAML/OAuth/OIDC), PKI, and certificate lifecycle management in large enterprises.Tools and Environment You May Encounter:Palo Alto Networks, Check Point, Fortinet; Panorama, Security Management Server, FortiManager.F5 BIG-IP (LTM, ASM/Advanced WAF), NGINX, or equivalent ADC technologies.Cisco IOS/NX-OS/ACI, Aruba/HP, EVPN/VXLAN fabrics, WAN edge, and SD-WAN.Zscaler or Blue Coat/Symantec proxies; Cisco ISE NAC; Arbor or equivalent DDoS mitigation.Splunk, QRadar, and SOAR tooling; ServiceNow for ITSM/CMDB/Change; Git for version control.Azure/AWS networking (VNet/VPC, Transit Gateway, PrivateLink, VPN/ExpressRoute/Direct Connect).Python, Ansible, Terraform for automation and infrastructure-as-code.Work Setup and Location:Location: Brussels, Belgium, on-site at the client with hybrid flexibility per client policy.Schedule: full-time; participation in an on-call rotation and maintenance windows may be required.Engagement: you will be a Keystone Solutions consultant embedded with the client’s teams, with access to Keystone’s expert community and resources.Why Join Keystone Solutions as a Consultant:Consultancy nature of work: meaningful, on-site client missions where you drive outcomes and build trusted advisor relationships.Dynamic projects: exposure to diverse challenges across banking now and opportunities to engage with additional clients over time.Turbo-charged learning and development: certification support, mentorship, brown-bag sessions, and access to internal accelerators and reference architectures.Ambition skyrocketing: clear growth paths to lead architect, principal consultant, or practice leadership through varied client engagements.Community and support: collaborate with senior experts who share patterns, playbooks, and hands-on help for complex deliveries.Our Values in Every Client Engagement:Craftsmanship: we build secure, resilient, and auditable solutions that stand up to real-world threats and scrutiny.Curiosity: we continuously explore new techniques and tools to stay ahead of the evolving threat landscape.Ownership: we commit to outcomes, not just tasks, and see initiatives through from design to steady-state.Transparency: we communicate clearly, document decisions, and make risks visible.Teamwork: we uplift client teams, transfer knowledge, and leave lasting capability.Impact: we prioritize controls and designs that matter most to business resilience.If you are ready to tackle technical and strategic challenges in a dynamic consultancy environment, apply today at Keystone Solutions Career Portal.