Network Engineer at Quality Chemical Industries Limited (Qcil) ,Uganda, Kampala

Job Description

The Network Engineer is responsible for designing, transforming, securing, and governing QCIL’s network infrastructure (switching, routing, wireless, WAN, and firewalls). The role owns network architecture, IT/OT (GxP) segmentation enforcement, FortiGate firewall lifecycle management, network monitoring, and network disaster recovery readiness.

Reporting Line:

• Reports to: Head of IT

• Works closely with: Systems Engineer, Security Engineer, OT stakeholders, Application owners (SAP/LIMS/TrackWise/M365), Vendors/ISPs

Primary Objectives (What success looks like)

• Secure and stable network services with measurable availability and performance across all QCIL.

• Enforced IT/OT segmentation protecting GxP systems via Firewall policy.

• Reduced cyber risk through strong perimeter controls, secure remote access, and continuous monitoring.

• Documented, standardized configurations with controlled change management and clear rollback plans.

Key Responsibilities

A. Network Architecture, Standards & Transformation

• Assess and document current-state network topology and produce target-state designs (HLD/LLD) covering LAN/WAN, routing, VLANs, wireless, and firewall zoning.

• Define and enforce network configuration standards.

• Direct system installations and cutovers.

B. IT/OT Segmentation & Access Control

• Design and maintain security zones and segmentation controls to protect OT/GxP equipment and associated data.

• Maintain a connectivity matrix for regulated systems (sources/destinations/ports/justifications), and ensure changes follow change control and are evidence-ready for audit.

• Implement secure management-plane access.

C. Firewall Engineering & Perimeter Services

• Own Firewall lifecycle management: policy architecture (zone-based), object governance, NAT, VPNs (site-to-site and remote access), HA/health checks, backups, and firmware lifecycle.

• Implement security controls appropriate to the environment.

• Conduct quarterly firewall rule reviews (remove unused rules, reduce risk, ensure logging and justifications).

D. Monitoring, Performance & Troubleshooting (Tier-3)

• Implement and tune network monitoring (e.g., PRTG/OpManager).

• Perform evidence-based root cause analysis on outages and performance issues and implement preventative fixes.

• Plan and deliver upgrades and optimizations (firmware, topology improvements, QoS for voice/critical traffic) with change control and post-change validation.

E. Enterprise Systems Connectivity (M365, SAP, LIMS, TrackWise)

• Ensure network readiness for core systems: DNS/routing correctness, firewall allowlists, proxy paths, VPN/remote access, and capacity planning.

• Collaborate with Systems Engineer and application owners during upgrades and incidents to isolate network vs system/application causes and restore service quickly.

F. DR, Audit & Documentation

• Implement and test network components of the Disaster Recovery Plan: firewall restore procedures, VPN failover, alternate connectivity, DNS/routing failover, and documented runbooks.

• Participate in network-related audits and lead remediation; provide evidence (configs, logs, access controls, firmware/patch posture) and track closure.

• Maintain up-to-date network diagrams, as-built documentation, SOPs/runbooks, and lifecycle registers (firmware, ISP circuits, VPN inventory).

Key Performance Indicators (KPIs)

• Network availability/uptime for critical services and sites.

• Mean time to resolve (MTTR) for network incidents and reduction of repeat incidents.

• Firewall policy hygiene: quarterly rule review completion, removal of unused/risky rules, and audit evidence quality.

• IT/OT segmentation compliance: approved connectivity matrix coverage and change control adherence.

• Monitoring coverage and alert quality (noise reduction, critical detection).

Minimum Qualifications & Experience

• BSc in IT/Computer Science/Engineering or related field.

• 5+ years of network engineering experience delivering LAN/WAN/firewall solutions in production environments.

• Strong hands-on experience with NG firewalls (FortiGate preferred), routing/switching, and wireless design.

• Experience with network monitoring tools (e.g., PRTG, OpManager) and structured troubleshooting (RCA).

Certifications (Preferred)

·       CCNA/CCNP or equivalent networking certifications.

·       Fortinet certifications (NSE/FCP/Fortinet Firewall) – strong advantage.

·       ITIL Foundation – advantage; security training/certification – advantage.