Senior Network Engineer

BrainRocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing. The BRO team consists of 1,300 employees working in Cyprus, Malta, Portugal, Poland, and Serbia.

• 5+ years in network engineering or infrastructure roles.
• Advanced knowledge of MikroTik RouterOS: routing, firewall, scripting, and CHR.
• Expertise with Ubiquiti UniFi: controller management, RF tuning, and L3 adoption.
• Expertise with Fortinet FortiGate: HA configuration, policy management, and FortiAP.
• Proven experience with VRRP and multi-vendor HA failover design.
• Solid IaC background applied to network devices: Ansible, Terraform, or equivalent, with Git-based change management.
• Hands-on experience with 802.1X wired authentication and dynamic VLAN assignment via RADIUS.
• Deep wireless troubleshooting skills: RF captures, supplicant debugging, EAP-TLS tracing, and roaming analysis.
• Solid VPN experience covering WireGuard, OpenVPN, and GlobalProtect.
• Working knowledge of Python for network automation and management tooling.
• Familiarity with RADIUS integration with identity providers (Okta, Entra ID, or equivalent).
• Strong monitoring and observability skills: SNMP, NetFlow, syslog, and dashboarding.
• Excellent troubleshooting, communication, and cross-team collaboration skills.
• Comfortable working in a fast-paced, ever-changing environment with shifting priorities.

Nice to Have:

• Experience with Palo Alto firewalls beyond GlobalProtect (Panorama, security policies, NGFW features).
• Familiarity with SecureW2 or similar cloud RADIUS / PKI platforms.
• Kubernetes and cloud networking awareness (AWS VPC, Transit Gateway, security groups).
• Experience with compliance frameworks (SOC 2, ISO 27001, or equivalent) in a network context.
• Exposure to FinOps practices applied to corporate network infrastructure cost management.

Network Design & High Availability:

• Architect and maintain corporate network infrastructure using MikroTik, UniFi, and Fortinet.
• Design and operate HA topologies with VRRP and Fortinet HA (active-passive and active-active clusters).
• Own the routing and switching stack: BGP, OSPF, VLANs, QoS, Multi-ISP load balancing and traffic-shaping policies.

Infrastructure as Code & Configuration Management:

• Apply Infrastructure-as-Code principles across the entire network device estate using Ansible, Terraform, etc.
• Store all configurations in version control and ensure reproducibility with no manual device management.

Enterprise Wireless:

• Design, deploy, and optimize Wi-Fi across UniFi and Fortinet FortiAP environments.
• Perform deep RF analysis including channel planning, power tuning, roaming optimisation (802.11r/k/v), and interference mitigation.
• Implement and maintain WPA3-Enterprise authentication with RADIUS and EAP-TLS.
• Own certificate lifecycle for EAP-TLS in collaboration with Endpoint Engineer.
• Troubleshoot complex wireless issues end-to-end.

Wired Access Control & Network Segmentation:

• Implement and maintain 802.1X port-based authentication for wired endpoints.
• Design and enforce granular VLAN segmentation aligned to user roles, device types, and trust levels.
• Manage RADIUS policies and integrate with identity providers (Okta IdP) for dynamic VLAN assignment and CoA.

VPN & Remote Access:

• Operate and scale VPN infrastructure across WireGuard (site-to-site), OpenVPN (remote access), and GlobalProtect (Palo Alto).
• Integrate VPN gateways with RADIUS and identity providers for MFA-enforced authentication.
• Define and enforce firewall policy, split tunnelling, and RBAC-driven access segmentation.

Monitoring, Observability & Incident Response:

• Build and own network observability using SNMP, NetFlow/sFlow, syslog pipelines, and dashboards in Grafana / VictoriaMetrics.
• Define alerting thresholds, on-call runbooks, and postmortem processes.
• Lead resolution of P1/P2 network incidents and drive permanent root-cause fixes.

Automation & Scripting:

• Develop Python-based tooling for network management tasks including configuration rendering, compliance checks, bulk changes, and operational reporting.
• Write and maintain reusable scripts integrating with network APIs and Git-based workflows.

Collaboration & Documentation:

• Cooperate with DevOps, Security, Identity, and Endpoint Engineering teams.
• Create and maintain technical documentation.
• Share best practices and mentor teammates on network automation and IaC culture.