Job Description

IT Network L3 Engineer

Location -

Kolkata (with periodic travel to DC/DR sites as required)

Employment Type -

Full-time

Role Summary

The IT Network L3 Engineer is the

senior escalation point

for complex network issues, responsible for

design, implementation, optimization, and Tier?3 support

across data center (DC), disaster recovery (DR), campus, and branch networks. The role ensures

high availability, security, and performance

of enterprise network services (routing, switching, wireless, WAN, VPN, firewall) and leads

major incidents, changes, and projects

including DR readiness, network hardening, and migrations.

Key Responsibilities

Architecture & Design

Design and document

LAN/WAN

topologies,

DC-DR

interconnects, and

network segmentation

. Develop

high availability

designs (dual core, dual ISP, dynamic routing, SD?WAN) and

resilient underlay/overlay

solutions. Produce

HLD/LLD

, configuration standards, and

as?built

documentation.

Implementation & Operations

Configure and optimize

L3 routing

(OSPF/BGP/Static),

L2 switching

(STP/RSTP, EtherChannel, VLANs), and

QoS.

Deploy and maintain

firewalls/UTM

(zones, NAT, ACLs, VPN/IPsec/SSL, IDS/IPS),

NAC/802.1X

, and

WAF

(where applicable). Implement

SD?WAN

policies,

site?to?site VPNs

, and

P2P/private links

; ensure SLA, latency, and jitter are within targets. Own complex

wireless

designs (WPA2/WPA3?Enterprise, roaming, RF planning) and

PoE

switching. Lead

major incident response

; perform deep

packet analysis

; drive root cause analysis and permanent fixes. Plan and execute

change management

(maintenance windows, rollback plans, impact analysis).

Security & Compliance

Enforce

least privilege

, micro?segmentation, and

Zero Trust

principles; maintain

network security baselines

. Coordinate

vulnerability remediation

, firmware lifecycle,

cert renewal

, and

audit evidence

.

DR, Resilience & Performance

Validate

DC-DR

runbooks for network failover; test

replication QoS

and path diversity. Maintain

BGP failover

,

IP SLA/track

, and

performance baselines

(latency, throughput, loss). Capacity planning for links and devices; forecast

3-5 year

growth.

Automation & Observability

Manage

NMS/APM/NetFlow/IPAM

; create

dashboards

, alerts, and monthly SLA reports.

Governance & Collaboration

Produce

SOPs

,

KEDB

, and

RCA

documents; mentor L1/L2 teams. Work with

system, security, and application

teams on projects (ERP cutovers, AD changes, DR drills).

Required Skills & Experience

Technical (must?have)

Routing:

OSPF, BGP, route redistribution, policy?based routing, ECMP, HSRP/VRRP/GLBP.

Switching:

VLANs, trunking, STP variants, LACP, QoS, port security, multicast (PIM/IGMP).

Firewalls/UTM:

Zones, NAT, ACLs, VPN (IPsec/SSL), IDS/IPS, app control; exposure to

Cisco/Checkpoint/Fortinet/Palo Alto

.

Wireless:

Controller?based Wi?Fi, WPA2/WPA3?Enterprise, RADIUS/802.1X, RF optimization.

Tools:

Wireshark, NetFlow/sFlow/IPFIX, NMS (SolarWinds/PRTG), IPAM/DNS/DHCP.

Platforms:

Cisco IOS/NX?OS, HPE/Aruba, Fortinet/Palo Alto.

Protocols:

TCP/IP, DNS/DHCP, NTP, SNMPv3, SSH, TLS, RADIUS/TACACS+.

Experience

7-10 years

in enterprise networking with

L3 ownership

of incidents/changes. Proven delivery of

DC-DR interconnect

, ISP multihoming, and campus/branch rollouts.

Education & Certifications (preferred)

Bachelor's in

IT/Computer Science

(or equivalent).

CCNP Enterprise/Security

,

Aruba ANCP

,

Fortinet NSE4+

,

Palo Alto PCNSE

(any mix).

Soft Skills

Strong

documentation

and

stakeholder communication

. Ability to

lead war rooms

, mentor, and coordinate cross?functional teams. Analytical mindset with a focus on

RCA and prevention

.

Working Conditions

On?call rotation for

P1 incidents

; planned

maintenance windows

(nights/weekends as needed). Travel to

DC/DR/campus

locations for installations and DR drills.

Nice?to?Have (role?adjacent)

Experience with

MPLS/EVPN/VXLAN

,

overlay networks

, or

micro?segmentation

tools. Exposure to

cloud networking

(Azure/AWS VNet/VPC, VPN Gateways, ExpressRoute/Direct Connect). Scripting for

config audits

,

backup/restore

, and

compliance

reports. * Work experience in ISO standard DC.