Job Summary

You will be working with our client who are well renowned in the public and financial sector. Seeking a highly skilled Senior Network Security Engineer with deep expertise in Network Security technologies. This is a technical, hands-on role within the Network Security Engineering & Deployment team. You will be part of a team that is responsible for the Network Engineering & Deployment function and supporting Datacenter, Campus, Remote Offices and Public Cloud Network transformation projects

Responsibilities

• Lead the design, engineering, and execution of next-generation network transformation solutions.
• Collaborate with internal teams, including cloud, security, and application stakeholders, to align network infrastructure with business needs.
• Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network environments.
• Architect and deploy advanced Network Security across datacenters
• Integrate network security products with Cisco ACI environments to deliver seamless and secure connectivity with optimal performance.
• Act as an escalation point for the Operations team on network security issues, providing L3 troubleshooting and SME-level support.
• Collaborate with vendors, TAC, and internal teams to resolve complex network & Security incidents and escalations.
• Develop and enforce policy-driven network security architectures.
• Leverage automation tools (e.g., Ansible, Python, XSOR) to enhance operational efficiency and minimize manual interventions.
• Ensure compliance with industry standards and internal governance policies while aligning network security configurations with best practices.
• Maintain accurate network security diagrams, operational runbooks, and technical documentation.
• Ensure all security implementations adhere to governance frameworks and meet regulatory compliance requirements.
• Provide L3/SME-level support and guidance to peers and stakeholders within the organization.
• Lead knowledge transfer sessions on network security technologies and best practices.

Requirements

• Bachelor's Degree in Information Technology, Computer Science or equivalent
• 10-15 years of experience in L3 Network Security Engineering and technologies like Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS.
• Certifications: CISSP,CCSA ,CCSE,PCNSE,ICE,BIG-IP ASM Specialist or equivalent will be preferred.
• Next-Generation Firewalls (NGFWs): Understanding of advanced features like Application Awareness, Intrusion Prevention, and Deep Packet Inspection.
• Checkpoint Firewall Architecture: Expertise in Threat Prevention, VPNs, and High Availability (HA) configuration.
• Palo Alto Networks NGFWs: Knowledge of App-ID, WildFire, and User-ID for enhanced security.
• Firewall Rule Optimization: Experience in defining and fine-tuning access control policies and inspecting network traffic for threats.
• Expertise in implementing DNS Security solutions to prevent attacks such as DNS Spoofing, Cache Poisoning, and DDoS attacks targeting DNS infrastructure.
• Signature-Based IDS/IPS: Expertise in configuring and managing signature-based detection
• Anomaly-Based IDS/IPS: Deep knowledge of Behavioral Analysis for detecting suspicious patterns and zero- day attacks.
• Integrated Security Operations: Integration of IDPS with SIEM systems for centralized log management and threat detection.
• Web Application Firewall (WAF): Expertise in configuring and managing F5 ASM or equivalent WAF solutions for protecting applications from vulnerabilities.
• Bot Protection and DDoS Mitigation: Knowledge of Bot Management and DDoS Defense strategies for protecting web applications.
• Microsegmentation: Proficiency in tools like Illumio or Guardicore for isolating and securing workloads within the data center and cloud environments.
• Zero Trust Architecture (ZTA): Expertise in defining and enforcing access policies based on identity and device posture, and validating every user and device before granting access.
• Aruba ClearPass: Expertise in configuring role-based access control and integrating ClearPass with other network security solutions.
• Cisco Identity Services Engine (ISE): Knowledge of 802.1X, MAB (MAC Authentication Bypass), and Guest Access in NAC environments.
• Infoblox DDI (DNS, DHCP, IPAM): Experience in configuring and managing Infoblox for network address allocation, DNS resolution, and advanced DNS security.
• DNS Security: Expertise in securing DNS infrastructure through DNSSEC, DNS filtering, and DNS over HTTPS (DoH).
• Proficiency in using tools like Wireshark, Riverbed App Response , Cisco Thousand Eyes ,NetFlow, and sFlow for traffic analysis and anomaly detection.
• Expertise in integrating network devices with Splunk, Elastic or Equivalent for threat visibility and incident response.
• BGP (Border Gateway Protocol): In-depth understanding of BGP routing policies, route filtering, and peering in large- scale network environments.
• OSPF (Open Shortest Path First): Expertise in dynamic routing configuration, including OSPF multi-area and OSPFv3 for IPv6 support.
• Site-to-Site and Remote Access VPNs: Knowledge of configuring IPSec VPNs and SSL VPNs for secure communications across branches and remote users.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and collaboration skills, with the ability to engage with stakeholders across departments.
• Self-motivated with a continuous learning mindset and ability to work under pressure.

If you are interested in this role and would like to discuss the opportunity further please click apply now or email Chew Kai-Xinn at kaixinnchew@morganmckinley.com for more information.

Only shortlisted candidates will be responded to, therefore if you do not receive a reply within 14 days please accept this as notification that you have not been shortlisted.

Morgan McKinley Pte Ltd

Chew Kai-Xinn

EA Licence No: 11C5502

EAP Registration No: R2196712