Lead Cloud Network Security Specialist Cloud

Position Description:

Missions
We are looking for a hands-on Lead Cloud Network Specialist to design implement secure and automate network egress and edge services on Azure. The ideal candidate will have strong hands-on expertise in core networking with solid foundational knowledge in networking and security and proven experience in Azure networking services hybrid connectivity network security and performance optimization.
You will leverage strong Cisco routing switching and security expertise as a foundation to manage routing (Cisco) and Azure network services (including Azure Firewall). Responsibilities include optimizing Azure CDN and Azure Front Door securing web access through Squid and Skyhigh Secure Web Gateway/Proxy managing allow/deny lists and handling operational lifecycle tasks such as TLS certificate renewals and image upgrades for network/security appliances.
You will codify infrastructure using Terraform ensuring resilient observable and compliant operations. You will also implement monitoring and alerting frameworks and enforce Azure Policy and governance standards.
Profile
Mandatory Skills
-Squid Proxy
-Azure Front Door
-Azure CDN
-Azure Firewall
-Terraform (Infrastructure as Code)
-Cisco Routing & Switching
-Secondary Skills
-Network security expertise
-Web Application Firewall (WAF)
-Fortinet
-CheckPoint
Key Responsibilities
Architecture and Design
-Design cloud and hybrid network topologies (hub-and-spoke vWAN) IP addressing schemes UDRs/route tables and peering aligned with zero-trust principles
-Design and support hybrid/cloud architectures using Cisco routing (BGP OSPF route redistribution ECMP VRFs)
-Define ingress/egress patterns using Azure Firewall NSGs and route control
-Build and maintain Azure networking components: VNets subnets NSGs/ASGs route tables Private Links Load Balancers ExpressRoute/SD-WAN
-Architect Azure Front Door (global load balancing routing health probes origin groups custom domains)
-Optimize Azure CDN caching strategies (TTL compression rules engine)
-Establish secure internet access using Skyhigh Secure Web Gateway (SSL inspection policies PAC files exceptions)
Implementation and Operations
-Configure advanced Cisco routing (BGP OSPF filtering ECMP) across hybrid environments
-Deploy and manage Azure Firewall (policies DNAT/SNAT Threat Intelligence IDPS TLS inspection) with logging integration
-Build Azure Front Door endpoints routing rules and CDN integrations
-Implement and manage Squid Proxy and Skyhigh SWG (SSL inspection filtering caching ACLs PAC files)
-Design and manage VNets subnets NSGs and route tables
-Implement application delivery services (Traffic Manager Load Balancer Application Gateway)
-Configure VPN Gateways ExpressRoute and Azure Virtual WAN
-Troubleshoot connectivity routing and latency issues
-Manage DNS zones Private Endpoints and network peering
-Monitor performance using Azure Monitor Network Watcher and Traffic Analytics
-Collaborate with architecture security and DevOps teams
-Ensure compliance with security standards and zero-trust segmentation
-Participate in incident response and root-cause analysis
Operational Governance
-Manage allow/deny lists (URLs FQDNs IPs) across Firewall SWG and WAF with audit controls
-Own TLS certificate lifecycle (inventory renewal rotation deployment)
-Plan and execute image/AMI upgrades for firewalls proxies and appliances (testing rollout rollback)
-Troubleshoot L3L7 issues using packet capture logs and monitoring tools
Automation and Infrastructure as Code
-Develop Terraform modules for Azure networking components (VNets Firewall Front Door CDN etc.)
-Implement CI/CD pipelines (Azure DevOps/GitHub Actions) with validation policy enforcement and drift detection
-Script automation (PowerShell Python Bash) for network updates certificate management and compliance
-Integrate observability tools (Azure Monitor Log Analytics Sentinel Splunk Grafana) with defined SLOs
Governance Security and Compliance
-Enforce baseline configurations RBAC secrets management and change control (ITIL)
-Drive vulnerability remediation and support penetration testing activities
-Maintain documentation (runbooks diagrams inventories)
-Provide L3 support and knowledge transfer.

CGI provides a reasonable estimate of the salary range for this position. This range is determined based on various factors including skill level geographic market experience education as well as professional licenses and certifications. Compensation decisions are made on a case-by-case basis a reasonable estimate for the salary range of this position is between $60000 and $115000. This position is currently open.

#LI-AM1

Bilingualism (French and English) is required for this position due to the nature of the role requiring interaction with national and global clients.

Skills:

• English
• French
• Infrastructure as a Code
• PowerShell
• PowerShell
• Python

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer being able to perform your best during the recruitment process is important to us. If you require an accommodation please inform your recruiter.

To learn more about accessibility at CGI contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our teamone of the largest IT and business consulting services firms in the world.