Senior Network Security Architect & Penetration Tester

About The Role

We are seeking a rare hybrid talent: a Senior Network Security Engineer with strong Blue Team discipline to architect and secure complex on-prem infrastructure, combined with the Red Team mindset to actively test and exploit it.

In this role, you will serve as the primary architect of our physical and virtual network environments while leading internal penetration testing initiatives. This is not a checklist-driven security role — you will proactively hunt vulnerabilities across every layer of the infrastructure.

Key Responsibilities

• Design, implement, and maintain high-availability enterprise networks across on-prem and data center environments.
• Configure and manage L2/L3 switches and routers (Cisco, Juniper, Arista) with BGP, OSPF, MPLS, trunking, and port security.
• Manage VMware vSphere environments (ESXi, vCenter, NSX, vMotion) and harden hypervisors for secure VM operations.
• Implement network hardening controls including ACLs, VLAN segmentation, VPNs (IPsec/SSL), Zero Trust architecture, and enterprise firewalls (Palo Alto, Fortinet).
• Conduct authorized internal penetration tests across networks, wireless segments, edge devices, and infrastructure systems.
• Perform vulnerability assessments using Kali Linux, Nessus/OpenVAS, Metasploit, Burp Suite Professional, Nmap, and Wireshark.
• Drive full vulnerability lifecycle management from discovery and exploitation to remediation and validation.
• Analyze and secure all OSI layers, mitigating Layer 2 (MAC spoofing, STP attacks) and Layer 7 (SQLi, XSS) threats.
• Prevent and detect MitM attacks, privilege escalation, and lateral movement within internal environments.
• Develop automation scripts using Python, Bash, and PowerShell to streamline security operations and incident response.
• Strong networking expertise in BGP, OSPF, MPLS, VLANs, ACLs, Port Security, and enterprise firewalling.
• Hands-on experience with virtualization technologies including VMware vCenter, NSX, and ESXi hardening.
• Proficiency in offensive security tools such as Kali Linux, Metasploit Framework, Burp Suite Professional, Nmap, and Wireshark.
• Scripting and automation skills using Python and Bash to streamline security operations and testing.
  
  
  

Requirements

• 7+ years of experience in Network Engineering
• Minimum 3 years in Offensive Security / Penetration Testing
• Strong hands-on data center and bare metal infrastructure experience
• Offensive Security certifications such as OSCP, OSCE, and GPEN.
• Infrastructure certifications including CCNP / CCIE (Security) and VCP (VMware Certified Professional).
  
  
  

Job Details

• Location: Lahore/Islamabad/Karachi (Remote)
• Experience: 5+ Years
• Department: Network Security & Penetration Tester
  
  
  

About TekHQS

About TekHQS

TekHQS is a global technology and AI-driven solutions company delivering scalable SaaS, Cloud, AI/ML, Blockchain/Web3, DevOps, and enterprise software solutions to startups and enterprise clients worldwide.

With a team of 300+ professionals across the USA, UK, UAE, Qatar, Pakistan, and India , we specialize in building high-performance digital products across Logistics, FinTech, Healthcare, and emerging technology sectors.

At TekHQS, we foster a culture of innovation, ownership, and continuous growth empowering our teams to build impactful technology that drives real business transformation