Network Engineer interview questions

I've been a network engineer for nine years. Started in support for an enterprise reseller in India, moved into a network ops role at an Indian bank, and for the past five years I've been with a managed-services provider in Muscat supporting enterprise customers across Oman and the UAE. I hold CCNP Enterprise and I'm working on JNCIP this year. My day-to-day covers Cisco campus and ISE, Juniper data centre, F5 load balancers, and the cloud-networking side for AWS and Azure customers. I'm comfortable in both BAU operations and project-mode design and delivery.

Start with requirements: bandwidth peak and average, application mix (voice, video, file shares, SaaS), security posture, ISP redundancy needs, growth horizon. Then access layer: dual-connected access switches with PoE+ for IP phones and APs, sized for 25-30% growth. Distribution layer collapsed with core for an office this size; redundant 10G uplinks. Wireless: enterprise AP per 25 people for office density. WAN: dual ISPs with SD-WAN to manage failover. Security: segment IoT and guest from corporate, IPS at the perimeter, ISE for endpoint posture. I'd document the design with a logical diagram, IP plan, VLAN scheme, and BoM. Then build phased rollout.

Monitoring being green just means the data points we measure are within threshold. It doesn't mean the user experience is okay. I'd start by getting a specific user complaint reproducible: when, where, what app, what symptom. Then I'd run a packet capture at the user's location and at the application's location to compare. Often the issue is retransmissions, TCP window-size problems, or DNS resolution delays. Sometimes it's QoS misconfigurations downgrading critical traffic. I'd also check the path: is the traffic taking the route I think it is? Tools like traceroute, MTR, and Wireshark are my baseline. If monitoring isn't catching the issue, the monitoring is wrong, not the network.

Defence in depth, plus least privilege. Segment everything: corporate, guest, IoT, server, management, all in different VLANs with firewall rules between them. Never expose management interfaces; out-of-band management network for switches and firewalls. Strong authentication for any administrative access (MFA, ideally cert-based). For perimeter: NGFW with IPS, URL filtering, and SSL inspection where the privacy posture allows. For endpoints: 802.1X with ISE for posture assessment before network access. For monitoring: SIEM ingesting flow data, with alerts tuned to actual threats not noise. And processes: change control, periodic vulnerability scans, and tabletop exercises. Tools matter, but processes matter more.

On-call is part of the job. I'm comfortable with a 1-in-3 or 1-in-4 rotation if the team's set up for it. The key is sustainable: clear handover, documented escalation paths, and runbooks for the common issues so on-call doesn't depend on heroics. I also push back when 'on-call' becomes 'always working'. If we're paged outside hours every week for the same issue, that's a real problem we need to fix, not just live with. Healthy on-call needs a culture of post-mortem and process improvement, not just heroism.

For a senior network engineer in Oman I'd target OMR 1,200 to 1,500 total package depending on housing and bonus structure. If the role expects 24x7 on-call rotation, I'd expect an on-call allowance on top, around OMR 150-250 per rotation period. I'm on 60 days' notice. Beyond pay I care about the technology stack: I'd take slightly less on a role where I get to work with current-generation tech (SD-WAN, cloud networking, ZTNA) than more on a legacy Cisco-only refresh shop. My certifications are worth more if I'm using them.