This website uses cookies to ensure you get the best experience.

Space NK and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Space NK career site
Technology - IT Operations · London (Head Office) · Hybrid

Senior Network Engineer – Cloud & On-Prem

If you love beauty, you’re in the right place.

As the ultimate curator of over 100 of the most in-demand, highly innovative and boundary-pushing beauty brands, we are the go-to destination for worldwide beauty discovery.

Together through our neighbourhood stores, online presence and loyalty scheme, Space NK has built a flourishing community in which to discover beauty. The customer is at the heart of everything we do, and we will always endeavour to offer everything they need to help them explore, experiment, and enjoy our brands.

About the Role

Space NK operates a hybrid network spanning Microsoft Azure, corporate offices, datacentres, and a nationwide retail store estate. As Senior Network Engineer, you will design, deploy, secure, and operate all network infrastructure across cloud and on-prem environments, with Azure as the primary cloud platform.

This is a hands-on engineering role with architectural influence, responsible for routing, switching, firewalls, network security enforcement, hybrid connectivity, SD-WAN, ExpressRoute, and retail store networking. You will ensure high availability, performance, resilience, and security of all network services supporting both corporate and retail operations.

Your Role

You will be responsible for:

  • Designing and maintaining Azure and on-premises network architectures.
  • Operating enterprise routing, switching, firewalls, and wireless networks.
  • Optimising performance and resilience across WAN, SD-WAN, and hybrid Azure/on-prem connectivity.
  • Ensuring secure segmentation and network security best practices.
  • Supporting retail store networking, POS connectivity, and operational stability.
  • Monitoring, troubleshooting, and automating network operations.
  • Managing vendors, carriers, and network service providers.
  • Contributing to infrastructure projects and network modernisation initiatives.

Key Responsibilities

Azure Cloud Networking

  • Design, implement, and manage Azure Virtual Networks (VNets), hub-and-spoke architectures, subnets, IP schemas, and VNet peering.
  • Deploy and support NSGs, ASGs, Azure Firewall, and network segmentation aligned to Zero Trust.
  • Implement and operate Network Virtual Appliances (Cisco, Juniper, Palo Alto, Fortinet) using UDR-based routing and service chaining.
  • Manage UDRs, route tables, custom routing, and secure traffic flows.
  • Operate Azure Application Gateway, Load Balancer, and Front Door for application delivery.
  • Use Azure Network Watcher, packet capture, flow logs, and diagnostics for troubleshooting.
  • Configure and maintain Azure VPN Gateways and ExpressRoute circuits, including routing optimisation and HA design.

On-Premises Networking

  • Design, operate, and secure enterprise LAN/WAN using Cisco, Juniper, Meraki, or HPE/Aruba switching and routing platforms.
  • Configure and optimise routing protocols (BGP, OSPF, EIGRP), static routing, and route summarisation.
  • Deploy and manage firewalls such as SonicWall, Palo Alto, Fortinet, rule-bases, NAT, segmentation, and HA pairs.
  • Support core network services: DNS, DHCP, IPAM, NTP, RADIUS/TACACS+ (for network device authentication).
  • Conduct deep packet analysis using Wireshark, tcpdump, or vendor tools.
  • Maintain datacentre network connectivity including LAG/MLAG/VPC, redundant uplinks, and high-availability designs.

Retail Store Networking

  • Design and support retail store network solutions using Cisco Meraki as the strategic platform.
  • Manage SD-WAN or MPLS store connectivity, breakout policies, WAN performance, and QoS for tills/POS.
  • Deploy 4G/5G failover solutions for resilience during provider outages.
  • Ensure PCI-compliant segmentation across tills, IoT, CCTV, staff devices, and guest Wi-Fi.
  • Troubleshoot complex store issues involving tills, PDQs, Wi-Fi interference, and cloud backhaul.
  • Produce deployment playbooks and support new store openings, refurbishments, and relocations.
  • Collaborate with ISPs, SD-WAN vendors, and fit-out partners to maintain store uptime and connectivity performance.

Hybrid Connectivity

  • Design and operate hybrid connectivity between Azure and on-prem datacentres using ExpressRoute, IPsec VPN, and private peering models.
  • Optimise routing between Azure VNets and on-prem LAN/WAN networks.
  • Troubleshoot hybrid network issues, including asymmetric routing, MTU mismatches, latency, and packet loss.
  • Ensure secure, resilient, and monitored connectivity for all hybrid traffic paths.

Monitoring, Troubleshooting & Automation

  • Use SolarWinds, PRTG, SNMP, Syslog, NetFlow, Azure Monitor, and vendor diagnostics for full-stack monitoring.
  • Perform root-cause analysis across corp, cloud, datacentre, and retail networks.
  • Automate network builds using Terraform, PowerShell, Python, Azure CLI, or REST APIs.
  • Implement network-as-code practices and maintain standardised configuration templates.

Governance, Security & Compliance

  • Implement network security controls including segmentation, ACLs, firewall rules, and traffic flow restrictions.
  • Ensure network designs align to PCI DSS, ISO 27001, and NIST network-layer requirements.
  • Contribute to network-related incident response activities.
  • Participate in CAB/change control and audit readiness.
  • Manage escalations with ISPs, WAN carriers, and SD-WAN providers to ensure SLA performance and rapid issue resolution.

What We’re Looking For

Essential Experience

  • Strong hands-on experience designing and managing Azure networking (VNets, routing, Azure Firewall, VPN Gateway, Private Link, Load Balancing).
  • Extensive experience with Cisco/Meraki/Aruba/Juniper or equivalent enterprise LAN/WAN platforms.
  • Direct experience supporting retail store networks, tills/POS connectivity, Wi-Fi, and guest access.
  • Experience managing firewalls (SonicWall, Palo Alto, Fortinet) including HA and SD-WAN functions.
  • Deep knowledge of routing, switching, TCP/IP, DNS, DHCP, BGP, OSPF, VPN tunnels, and IPv4/IPv6.
  • Experience designing hybrid connectivity (Azure ExpressRoute, VPNs, private peering).
  • Proficiency in packet analysis and complex troubleshooting (Wireshark, iperf).
  • Familiarity with SD-WAN technologies used in retail or enterprise environments.
  • Strong documentation skills (HLDs, LLDs, diagrams, runbooks).

Desirable Experience

  • Azure Virtual WAN, Network Virtual Appliances (NVAs), or third-party cloud firewalls.
  • AWS networking (VPC, TGW, Direct Connect, routing basics).
  • Experience with Meraki and wireless design (Ekahau) or large-scale Wi-Fi deployments.
  • QoS, WAN optimisation, and global application delivery (Front Door, CloudFront).
  • Automation using Terraform, GitOps workflows, or CI/CD pipelines.

Please note that only successful candidates will be contacted.

All applicants must have the right to live and work in the UK.

If you want to find out more about us, what it is like to work for us, all about our benefits, and our pledges on Diversity, Inclusion and Belonging, please visit our website.

Space NK are an equal opportunities employer.

How We Will Use Your Information

We will use the information you provide to us with your job application to help us process your application for the specific job you have applied for. If you apply speculatively, we will process your application for the job/relevant business area that you detail within your email.

Please note that our current system does not use an automated filtering system.

All applications made via the website, through a third-party website or in-store will be kept on file for a period of 12 months.

This information will be retained and used to assess your suitability to similar positions that may arise in the future, or if the initial vacancy becomes live again during the 12-month period. If you would prefer us to not hold your information on file/ you wish to be ‘forgotten’ if you are not offered a position with Space NK, please email your ‘right to be forgotten’ to our recruitment email address with RIGHT TO BE FORGOTTEN as the title of the email. We will always inform you when we have deleted your application details, otherwise we will treat your application as consent to us holding this information.

Team
Technology - IT Operations
Locations
London (Head Office)
Remote status
Hybrid
Technology - IT Operations · London (Head Office) · Hybrid

Senior Network Engineer – Cloud & On-Prem

Loading application form