NetSecOps Engineer

NetSecOps Engineer required by my large client on a brand new project. Network Security Operations within a large-scale retail environment. The engineer will support and partner with the core Networks team to deliver a major Network Access Control (NAC) programme, alongside LAN migration activities across a complex, distributed estate. This role requires deep hands-on expertise in enterprise NAC, network security engineering, and operational readiness testing., * Lead technical delivery and operational readiness for a multi-phase NAC implementation across hundreds of retail and corporate sites.

• Collaborate closely with the Networks team to design, configure, test, and deploy NAC policies, authentication flows, segmentation models, and onboarding rules.
• Support large-scale LAN modernisation and migration activities, including site cutovers, switch refreshes, and security control uplift.
• Design, test, and validate operational processes, including access policy enforcement, device profiling, guest networks, and remediation workflows.
• Conduct end-to-end testing cycles (functional, failover, edge-case, and performance) ensuring stability and minimal business disruption.
• Create and maintain operational documentation, runbooks, topology diagrams, and troubleshooting guides.
• Support security governance, risk assessments, and operational KPIs related to network security controls.
• Act as a NetSecOps SME, advising on best practices for identity-based networking and zero-trust-aligned access models.

• Extensive experience in NetSecOps, Network Engineering, or Security Engineering within large enterprise environments (retail experience highly desirable).
• Hands-on expertise with NAC platforms (Fortinet, Aruba ClearPass, Forescout, or equivalent), including 802.1X, RADIUS, TACACS+, device profiling, posture assessment, and certificate-based authentication.
• Strong understanding of LAN/WAN networking technologies (switching, routing, VLANs, STP, DHCP, DNS, BGP/OSPF).
• Experience in large-scale LAN migration or refresh programmes.
• Proficiency in network security tooling: firewalls, segmentation, zero trust networking, identity-aware networking, microsegmentation.
• Familiarity with complex retail estates (distribution centres, stores, corporate offices) and operational constraints.