Job Description
Position: Senior Network Security Engineer
Duration:3 Years
Domain- Financial Services
Location- Shenton Wy
Job Summary
We are seeking a highly skilled Senior Network Security Engineer with deep expertise in Network Security technologies. This is a technical, hands-on role within the Network Security Engineering & Deployment team. The ideal candidate will possess Level 3/Subject Matter Expert (SME)-level knowledge and practical experience in managing, designing, and troubleshooting Network Security products such as Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS.
Job Responsibilities:
Part of a team that is responsible for the Network Security Engineering & Deployment function and will play a key role in Datacenter Migration projects.
Network Transformation Architecture
- Lead the design, engineering, and execution of next-generation network transformation solutions.
- Collaborate with internal teams, including cloud, security, and application stakeholders, to align network infrastructure with business needs.
- Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network environments.
Design, Deployment, and Operations
- Architect and deploy advanced Network Security across datacenters (DC1 & DC2).
- Integrate network security products with Cisco ACI environments to deliver seamless and secure connectivity with optimal performance.
- Act as an escalation point for the Operations team on network security issues, providing Level 3 troubleshooting and SME-level support.
- Collaborate with vendors, TAC, and internal teams to resolve complex network & Security incidents and escalations.
Policy Management and Automation
- Develop and enforce policy-driven network security architectures.
- Leverage automation tools (e.g., Ansible, Python, XSOR) to enhance operational efficiency and minimize manual interventions.
- Ensure compliance with industry standards and internal governance policies while aligning network security configurations with best practices.
Documentation and Governance
- Maintain accurate network security diagrams, operational runbooks, and technical documentation.
- Ensure all security implementations adhere to governance frameworks and meet regulatory compliance requirements.
Mentorship and Knowledge Sharing
- Provide Level3/SME-level support and guidance to peers and stakeholders within the organization.
- Lead knowledge transfer sessions on network security technologies and best practices.
Job Requirement
Job Requirements
- Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field.
- Certifications : CISSP,CCSA ,CCSE,PCNSE,ICE,BIG-IP ASM Specialist or equivalent will be preferred.
- 10 to 15 years of experience in Network Security technologies like Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS
Firewall Technologies
- Next-Generation Firewalls (NGFWs): Understanding of advanced features like Application Awareness, Intrusion Prevention, and Deep Packet Inspection.
- Checkpoint Firewall Architecture: Expertise in Threat Prevention, VPNs, and High Availability (HA) configuration.
- Palo Alto Networks NGFWs: Knowledge of App-ID, WildFire, and User-ID for enhanced security.
- Firewall Rule Optimization: Experience in defining and fine-tuning access control policies and inspecting network traffic for threats.
- Expertise in implementing DNS Security solutions to prevent attacks such as DNS Spoofing, Cache Poisoning, and DDoS attacks targeting DNS infrastructure.
Intrusion Detection and Prevention Systems (IDPS)
- Signature-Based IDS/IPS: Expertise in configuring and managing signature-based detection.
- Anomaly-Based IDS/IPS: Deep knowledge of Behavioral Analysis for detecting suspicious patterns and zero-day attacks.
- Integrated Security Operations: Integration of IDPS with SIEM systems for centralized log management and threat detection.
Web Application Security
- Web Application Firewall (WAF): Expertise in configuring and managing F5 ASM or equivalent WAF solutions for protecting applications from vulnerabilities.
- Bot Protection and DDoS Mitigation: Knowledge of Bot Management and DDoS Defense strategies for protecting web applications.
Microsegmentation and Zero Trust Security
- Microsegmentation: Proficiency in tools like Illumio or Guardicore for isolating and securing workloads within the data center and cloud environments.
- Zero Trust Architecture (ZTA): Expertise in defining and enforcing access policies based on identity and device posture, and validating every user and device before granting access.
Network Access Control (NAC)
- Aruba ClearPass: Expertise in configuring role-based access control and integrating ClearPass with other network security solutions.
- Cisco Identity Services Engine (ISE): Knowledge of 802.1X, MAB (MAC Authentication Bypass), and Guest Access in NAC environments.
DNS & IP Address Management (IPAM)
- Infoblox DDI (DNS, DHCP, IPAM): Experience in configuring and managing Infoblox for network address allocation, DNS resolution, and advanced DNS security.
- DNS Security: Expertise in securing DNS infrastructure through DNSSEC, DNS filtering, and DNS over HTTPS (DoH). Traffic Visibility & Monitoring
Network Traffic Analysis
Proficiency in using tools like Wireshark, Riverbed App Response , Cisco Thousand Eyes ,NetFlow, and sFlow for traffic analysis and anomaly detection.
Security Information and Event Management (SIEM)
Expertise in integrating network devices with Splunk, Elastic or Equivalent for threat visibility and incident response. Routing Protocols & VPNs:
BGP (Border Gateway Protocol)
- In-depth understanding of BGP routing policies, route filtering, and peering in large-scale network environments.
- OSPF (Open Shortest Path First): Expertise in dynamic routing configuration, including OSPF multi-area and OSPFv3 for IPv6 support.
- Site-to-Site and Remote Access VPNs: Knowledge of configuring IPSec VPNs and SSL VPNs for secure communications across branches and remote users.
If the requirement matches with your profile, kindly share your updated CV/resume to Aparna at aparna@wshexperts.com.sg
Demo
Bukit Batok,
Part Time