Network Security Engineer

Get AI-powered advice on this job and more exclusive features.

We are seeking a highly skilled Senior Network Security Engineer with deep expertise in Network Security technologies. This is a technical, hands-on role within the Network Security Engineering & Deployment team. The ideal candidate will possess Level 3/Subject Matter Expert (SME)-level knowledge and practical experience in managing, designing, and troubleshooting Network Security products such as Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS

• Part of a team that is responsible for the Network Security Engineering & Deployment function and will play a key role in Datacenter Migration projects. Network Transformation Architecture:
• Lead the design, engineering, and execution of next-generation network transformation solutions. Collaborate with internal teams, including cloud, security, and application stakeholders, to align network infrastructure with business needs.
• Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network environments.

Design, Deployment, and Operations :

• Architect and deploy advanced Network Security across datacenters (DC1 & DC2).
• Integrate network security products with Cisco ACI environments to deliver seamless and secure connectivity with optimal performance.
• Act as an escalation point for the Operations team on network security issues, providing Level 3 troubleshooting and SME-level support.
• Collaborate with vendors, TAC, and internal teams to resolve complex network & Security incidents and escalations.

Job Requirements:

Preferred qualifications : Education :

Bachelors or Masters degree in Computer Science, Information Technology, or related field. Certifications : CISSP,CCSA ,CCSE,PCNSE,ICE,BIG-IP ASM Specialist or equivalent will be preferred

Technical Expertise:

10 to 15 years of experience in Network Security technologies like Firewalls, Intrusion Detection & Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS

Firewall Technologies :

• Next-Generation Firewalls (NGFWs): Understanding of advanced features like Application Awareness, Intrusion Prevention, and Deep Packet Inspection.
• Checkpoint Firewall Architecture: Expertise in Threat Prevention, VPNs, and High Availability (HA) configuration.
• Palo Alto Networks NGFWs: Knowledge of App-ID, WildFire, and User-ID for enhanced security. Firewall Rule Optimization: Experience in defining and fine-tuning access control policies and inspecting network traffic for threats.
• Expertise in implementing DNS Security solutions to prevent attacks such as DNS Spoofing, Cache Poisoning, and DDoS attacks targeting DNS infrastructure.

Intrusion Detection and Prevention Systems (IDPS):

• Signature-Based IDS/IPS: Expertise in configuring and managing signature-based detection.
• Anomaly-Based IDS/IPS: Deep knowledge of Behavioral Analysis for detecting suspicious patterns and zero(1)day attacks.
• Integrated Security Operations: Integration of IDPS with SIEM systems for centralized log management and threat detection.

Web Application Security:

• Web Application Firewall (WAF): Expertise in configuring and managing F5 ASM or equivalent WAF solutions for protecting applications from vulnerabilities.
• Bot Protection and DDoS Mitigation: Knowledge of Bot Management and DDoS Defense strategies for protecting web applications.

Microsegmentation and Zero Trust Security:

• Microsegmentation: Proficiency in tools like Illumio or Guardicore for isolating and securing workloads within the data center and cloud environments.
• Zero Trust Architecture (ZTA): Expertise in defining and enforcing access policies based on identity and device posture, and validating every user and device before granting access.

Network Access Control (NAC): Aruba ClearPass: Expertise in configuring role-based access control and integrating ClearPass with other network security solutions. Cisco Identity Services Engine (ISE): Knowledge of 802.1X, MAB (MAC Authentication Bypass), and Guest Access in NAC environments.

Security Information and Event Management (SIEM):

• Expertise in integrating network devices with Splunk, Elastic or Equivalent for threat visibility and incident response.
• Routing Protocols & VPNs:
• BGP (Border Gateway Protocol): In-depth understanding of BGP routing policies, route filtering, and peering in large(1)scale network environments.
• OSPF (Open Shortest Path First): Expertise in dynamic routing configuration, including OSPF multi-area and OSPFv3 for IPv6 support.
• Site-to-Site and Remote Access VPNs: Knowledge of configuring IPSec VPNs and SSL VPNs for secure communications across branches and remote users.

Alvin Lau

EA Licence No.: 11C5502

EA: Registration Number: R1874110

• Seniority level Executive

• Employment type Contract

• Job function Information Technology and Consulting
• Industries Information Services and IT Services and IT Consulting

Referrals increase your chances of interviewing at Morgan McKinley by 2x

Get notified about new Network Security Engineer jobs in Singapore, Singapore .

Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Information :

• Company : Morgan McKinley
• Position : Network Security Engineer
• Location : Singapore
• Country : SG