Spécialiste réseau

LGS means having a career in an environment where you're appreciated for what you're worth. It's also about a corporate culture of diversity and inclusion, where we welcome both local and international talent.

You'll be involved in large-scale projects that drive business forward and improve people's lives. You'll be at the forefront of collaborating on large-scale digital transformations in the public and private domain. With LGS, the possibilities are endless. We're local, global, and powered by the intellectual capital of IBM.

How about a contract? Why freelance for LGS?

• Varied mandates for a wide range of large-scale clients
• Assignments that will not only propel your career in your field of expertise, but also allow you to experiment with new technologies.
• Dedicated talent acquisition consultants who care about you
• Personalized mandate support
• The possibility of pre-interview coaching

JOB DESCRIPTION

• Location: Toronto or Etobicoke
• Start Date: November 24, 2025
• Length of term: December 31, 2026
• Work schedule: 37,5 hours/week
• Work mode: 100% On-site

As a Network Cybersecurity Specialist, your key tasks will include supporting major changes to our network topology, with a focus on the implementation of a Secure Access Service Edge (SASE) platform. You will work closely with the cybersecurity team to translate security requirements into actionable network designs, ensuring alignment with vendor guidance and industry-recognized best practices to deliver a secure and future-ready infrastructure.

SASE & SD-WAN Implementation Expertise

• Proven experience deploying Palo Alto Prisma SD-WAN and Prisma Access in hybrid environments (cloud and on-prem).
• Ability to design and implement redundant, scalable SD-WAN architectures with performance tuning for peak periods and future growth
• Familiarity with Strata Cloud Manager for centralized policy enforcement, logging, and visibility

Security Requirements Translation

• Collaborate with cybersecurity teams to define and document security requirements per user, device, and service, evolving over time
• Apply role-based access control (RBAC) and network segmentation strategies using Prisma's native capabilities

ZTNA & Zero Trust Readiness

• Understand Zero Trust principles and how to phase out legacy VPNs in favor of ZTNA within SASE/SSE frameworks
• Plan for secure access to private applications using identity- and context-aware policies, leveraging Prisma Access and endpoint agents

Cloud & Remote Access Security

• Experience with GlobalProtect and CASB/DLP integration for securing mobile and remote users
• Knowledge of traffic inspection, malware scanning, and data loss prevention across SaaS and private applications

Operational Integration & Visibility

• Ability to integrate SASE with existing tools like Cisco ISE, Active Directory, and SIEM platforms (e.g., Splunk)
• Awareness of traffic visibility challenges in SASE environments and familiarity with solutions like Gigamon Cloud Broker or packet replication to cloud storage

Strategic Planning & Roadmap

• Participate in long-term planning for network evolution, including ZTNA adoption timelines, DMZ decommissioning, and cloud migration strategies
• Contribute to RFP development, vendor evaluations, and pilot testing of SASE/SD-WAN solutions

Requirements and qualifications

Education

Bachelor's degree in Computer Science, Information Security, Network Engineering, or a related field.

A Master's degree in Cybersecurity or Network Architecture is a plus, especially for senior or strategic roles.

5-7 years of experience in network engineering or cybersecurity roles.

At least 2-3 years of hands-on experience with:

• SASE and SD-WAN deployments
• ZTNA planning or implementation
• Cloud-based security platforms, ideally Palo Alto Prisma Access and Prisma SD-WAN

Deep understanding of:

• Network security architecture and segmentation
• Secure remote access and VPN alternatives
• Zero Trust principles and identity-based access control
• Cloud networking and hybrid environments

Familiarity with:

• Policy enforcement, traffic steering, and centralized management (e.g., Strata Cloud Manager)
• Integration with identity providers (e.g., Azure AD, Okta)
• Logging, monitoring, and SIEM integration

Desired, but not required: Holding a recognized certification such as one of these is considered an asset: PCNSE - Palo Alto Networks Certified Network Security Engineer, Cisco Certified CyberOps Associate or CCNP Security, CompTIA Security+ or other Cybersecurity certifications relevant to the role.

It is possible that this role will involve you working with technology(ies) covered by export regulation sanctions. If you are not a Canadian permanent resident or citizen, check with your talent acquisition advisor.

AP-