Senior Security & Networks Engineer - Casablanca

Company :

Created in 1997, GSM Al Maghrib is a private Moroccan group that is diversifying into several business sectors by operating in the distribution of telecommunications products, money transfer, printing management services, data center management, and security solutions.

Our HR vision is based on the belief that human capital is the main driver of sustainable performance and growth. The goal is to create a stimulating work environment that encourages commitment, skills development, and professional fulfillment for employees.

The company promotes a culture based on:

• Team spirit
• Innovation
• Responsibility
• Managerial proximity
• Results orientation

This culture fosters collaboration between teams and contributes to maintaining a positive social climate.

Job :

Join our dynamic company in the Distribution sector as a Senior Security & Networks Engineer. Your expertise will be essential to lead the security and network infrastructure strategy for our headquarters based in Casablanca. If you aspire to a key role where your impact will be tangible and your know-how recognized, this opportunity is for you.

The main objective of this position is to ensure the robustness, security, and performance of all the company's network infrastructures and security systems. This involves preventing risks, guaranteeing service availability, and supporting business growth through a reliable and scalable infrastructure.

Your tasks will focus on several major areas:

• Design, deploy, and maintain network and security architectures that meet business needs and current standards.
• Supervise and administer security equipment (firewalls, IDS/IPS, VPN, etc.) and network infrastructures (routing, switching, WiFi).
• Conduct regular security audits and propose improvement plans to strengthen the company's security posture.
• Manage security and network incidents, investigate their causes, and implement necessary corrective actions.
• Develop and monitor budgets related to network infrastructures and security.
• Collaborate closely with internal IT teams and external providers for project management.
• Ensure constant technological watch on new threats and innovative solutions in cybersecurity and networking.
• Document configurations, procedures, and security policies.

Required profile :

To be considered for this position, you must have a degree of Master's degree level (Bac +5) or higher, ideally in Senior Security & Networks Engineering or a related IT field.

Main service mission: Design, deploy, and integrate cybersecurity and network solutions for GAM Business Solutions clients, mainly in the banking and telecom operator sectors in Morocco.
Service composition: Cybersecurity & Networks BU Team
Reporting to: Director of Cybersecurity BU
JOB MISSIONS
Main mission, raison d'être or purpose of the position: As a senior technical referent, the Senior Security & Networks Engineer is involved in the entire project cycle, from pre-sales qualification to commissioning and skills transfer to clients. They are technically responsible for the proposed solutions, ensure their architectural consistency, mentor junior and entry-level staff, and act as a reference point for key accounts (banks and telecom operators).
Missions and activities of the position: Mission 1: Pre-sales and technical qualification
In this role, they must:
• Analyze expressions of need, specifications, and client tender documents (banks, telecom operators, large companies).
• Design and formalize target architectures (HLD/LLD), produce diagrams, flow matrices, and addressing plans.
• Write technical memorandums, responses to questions, and compliance matrices.
• Prepare and lead demonstrations, technical presentations, and scoping workshops with clients.
• Carry out Proofs of Concept (PoC) and mock-ups in a test environment.
• Coordinate with sales teams and vendors (Fortinet, Palo Alto, Check Point, Cisco, F5, Forcepoint, etc.).
 Mission 2: Solution design and integration
In this role, they must:
• Design perimeter security architectures (NGFW firewalls, IPS, anti-DDoS, Web Application Firewall, SSL/TLS decryption).
• Design network architectures (LAN, WAN, Wi-Fi, MPLS, SD-WAN, VLAN segmentation, VRF).
• Define segmentation, defense-in-depth, and least privilege principles suitable for banking and operator contexts.
• Develop gradual migration plans with switchover procedures, preliminary tests, and rollback options.
• Ensure compliance with regulatory requirements (DGSSI, Bank Al-Maghrib, PCI DSS, ISO 27001).
 Mission 3: Deployment, commissioning, and migration
In this role, they must:
• Technically lead the deployment of solutions at client sites: installation, configuration, integration.
• Implement high availability clusters, security profiles (UTP), site-to-site and remote access VPN tunnels.
• Perform zero-downtime migrations (coexistence method, routing switchover, tests via loopback interfaces).
• Conduct acceptance tests (FAT/SAT), contradictory acceptance, and issue resolution.
• Perform tuning and hardening of the configuration in the post-deployment phase.
 Mission 4: Mentoring and skills transfer
In this role, they must:
• Technically mentor Junior and Entry-level engineers on projects: configuration review, task supervision, knowledge transfer.
• Lead training and skills transfer sessions to client operations teams.
• Write operational documentation, operational procedures, and runbooks.
• Contribute to internal knowledge capitalization (knowledge base, lessons learned, deliverable templates).
 Mission 5: Level 3 support and expertise
In this role, they must:
• Act as Level 3 support for critical incidents encountered at clients under GBS maintenance contracts.
• Coordinate escalations with vendor TACs (Fortinet, Palo Alto, Check Point, etc.) and manage hardware RMA follow-ups.
• Conduct configuration audits and periodic security reviews for maintenance accounts.
 Mission 6: Technological watch and continuous improvement
In this role, they must:
• Maintain an active watch on solutions, vulnerabilities, and threats within the scope.
• Maintain and evolve their vendor and professional certifications.
• Contribute to enriching the GBS service catalog and identifying expansion opportunities.
REQUIRED SKILLS
Technical Skills: NGFW Firewalls: In-depth mastery of at least two of the following solutions: Fortinet (FortiGate, FortiManager, FortiAnalyzer), Palo Alto Networks, Check Point, Forcepoint.
Networking: Advanced routing (BGP, OSPF, MPLS), L2/L3 switching, VLAN, VRF, VRRP/HSRP, QoS, SD-WAN, enterprise Wi-Fi.
Security: IPS, Application Control, Web/URL Filtering, Anti-Malware, Sandboxing, DLP, SSL/TLS decryption, segmentation, hardening.
VPN and Remote Access: IPsec (IKEv2), SSL VPN, ZTNA, certificate management and PKI.
Cloud (light coverage): Notions of security architectures in Cloud environments (AWS, Azure) - virtual firewall, hybrid connectivity.
Monitoring and Logs: FortiAnalyzer, Panorama, SIEM integration (Splunk, QRadar, Sentinel), Syslog/CEF, SNMPv3.
Migration: Configuration analysis and conversion tools (FortiConverter), coexistence and zero-downtime switchover methods.
Cross-functional tools: Wireshark, Nmap, scripting (Python, Bash, Ansible) for configuration automation.
Behavioral Skills: • Consulting posture and quality client communication (scoping meetings, presentations, executive presentations).
• Analytical thinking, rigor, and ability to structure complex technical documents.
• Technical leadership and ability to mentor less experienced profiles.
• Service-oriented, committed, ability to meet deadlines and manage multiple projects concurrently.
• Mastery of French (written and spoken - technical memorandums, presentations); technical English.
• Discretion and respect for client data confidentiality.
TRAINING AND EXPERIENCE
Education: Master's degree (Bac +5) in networks and telecommunications, cybersecurity, or equivalent engineering degree.
Certifications appreciated: Fortinet: FCSS (Fortinet Certified Solution Specialist) and FCP-FGT, FCP-FMG.
Palo Alto Networks: PCNSE (Palo Alto Networks Certified Network Security Engineer).
Check Point: CCSA, CCSE.
Cisco: CCNP Enterprise or CCNP Security.
Cross-functional Cybersecurity: CISSP, CEH, ISO 27001 Lead Implementer (appreciated).
Cloud (appreciated): AWS Security Specialty or Microsoft AZ-500 / AZ-700.
Experience: Minimum 6 to 10 years of experience in integrating security and network solutions, ideally with an integrator or telecom operator, with exposure to Moroccan banking and telecom environments.
 

Head office address :

Desired personality traits :

Flexibility Organization