Senior Network Security Architect & Penetration Tester

About the Role We are seeking a rare hybrid talent: a Senior Network Security Engineer with strong Blue Team discipline to architect and secure complex on-prem infrastructure, combined with the Red Team mindset to actively test and exploit it. In this role, you will serve as the primary architect of our physical and virtual network environments while leading internal penetration testing initiatives. This is not a checklist-driven security role — you will proactively hunt vulnerabilities across every layer of the infrastructure. Key Responsibilities Infrastructure Architecture (Build) Core Networking Design, implement, and maintain high-availability enterprise networks Configure and manage L2/L3 switches and routers (Cisco, Juniper, Arista) Implement BGP, OSPF, MPLS, trunking, and port security Virtualization & Data Center Manage VMware vSphere environment (ESXi, vCenter) Administer NSX and vMotion Harden ESXi hypervisors and secure VM propagation Network Hardening Implement ACLs and VLAN segmentation Configure VPN tunnels (IPsec/SSL) Enforce Zero Trust architecture within on-prem environments Manage enterprise firewalls (Palo Alto, Fortinet) Offensive Security (Break) Penetration Testing Conduct authorized internal penetration tests Assess internal networks, wireless segments, and edge devices Simulate real-world attack scenarios Vulnerability Management Perform vulnerability discovery using tools such as: Kali Linux Nessus / OpenVAS Metasploit Burp Suite Professional Nmap Wireshark Drive full vulnerability lifecycle: discovery exploitation remediation Full-Stack Security Auditing Analyze and secure all OSI layers Mitigate Layer 2 threats (MAC spoofing, STP attacks) Defend against Layer 7 threats (SQL injection, XSS) Prevent MitM attacks, privilege escalation, and lateral movement Technical Skills Required Networking BGP, OSPF, MPLS VLANs, ACLs, Port Security Enterprise Firewalling Virtualization VMware vCenter NSX ESXi Hardening Offensive Security Tools Kali Linux Metasploit Framework Burp Suite Professional Nmap Wireshark Scripting & Automation Python Bash PowerShell Qualifications & Experience 7+ years of experience in Network Engineering Minimum 3 years in Offensive Security / Penetration Testing Strong hands-on data center and bare metal infrastructure experience Preferred Certifications Offensive Security OSCP OSCE GPEN Infrastructure CCNP / CCIE (Security) VCP (VMware Certified Professional) The Ideal Candidate (Unicorn Profile) Thinks like an adversary Can architect secure enterprise networks Comfortable in both data center and terminal environments Able to configure BGP in the morning and execute internal pivot/exploit testing in the afternoon Job Details Location: Lahore/Islamabad/Karachi (Remote) Experience: 5+ Years Department: Network Secruity & Penetration Tester About Us: TEKHQS is a global technology solutions provider headquartered in Lake Forest, California, with a 300+ expert team in Pakistan. We specialize in ERP (SAP S/4HANA, Oracle NetSuite, Microsoft Dynamics 365), AI/ML, Blockchain, Cloud, and Staff Augmentation services. Join us to drive business growth and work on cutting-edge global IT projects with hands-on mentorship and a clear career path.