jobs in Progression Search

全职 Network Security Engineer 工作, 薪水, Progression Search 公司招聘中 - Ricebowl

Network Security Engineer

Progression Search

Undisclosed

Singapore

分享
保存

工作地点

  • Singapore

职位描述

岗位职责

OVERVIEW


The L3 Security Engineer is an advanced operational and engineering role responsible for maintaining, optimizing, and defending the network security posture across Singapore public sector IT infrastructures. Serving as a core tier-3 escalation point, you will handle complex security incidents and technical requests within Government Commercial Cloud (GCC) and hybrid environments. This role demands an engineer who can apply deep analytical troubleshooting to maintain system uptime, enforce Zero Trust policies, and optimize routine operations through security automation.


Due to the mandatory security clearance requirements associated with sensitive Singapore Government systems, this position is open to Singapore Citizens only.


RESPONSIBILITIES


1. L3 Security Operations & Incident Management


  • Tier-3 Technical Escalation: Act as a senior escalation point to investigate, analyze, and resolve complex and critical network security incidents and failures within agreed SLAs.
  • Advanced Troubleshooting & Diagnostics: Systematically gather technical data and utilize advanced diagnostic practices and packet analysis tools (e.g., Wireshark, tcpdump) to run deep-dive root cause analyses.
  • Emergency Support: Act as a key technical contact for critical, high-impact security incidents to ensure the rapid restoration of client services.


2. Security Infrastructure & Defensive Architecture


  • Core Defense Management: Deploy, configure, and manage core network security components, including Next-Generation Firewalls (NGFW), IDS/IPS, Load Balancers, and Network Access Control (NAC) systems.
  • Cloud & Hybrid Security: Implement and maintain secure cloud networking patterns (e.g., AWS VPCs, Azure VNets, Transit Gateways) seamlessly integrated with on-premise solutions.
  • Policy Enforcement & Segmentation: Establish, tune, and enforce comprehensive security standards, firewall rulesets, and logical network segmentation zones (VLANs, VRFs, micro-segmentation).
  • Identity & Access Monitoring: Operate and manage Identity & Access Management and Privileged Access Security tools (e.g., CyberArk, Cisco ISE).


3. Automation, Governance & Compliance


  • Operational Automation: Partner with automation teams to identify routine tasks and develop basic scripting/playbooks in Python or Ansible for security configuration management and effort optimization.
  • Government Compliance: Ensure all operational tasks, ticket resolutions, and infrastructure modifications comply strictly with the Singapore Government Instruction Manual on IT (IT IM) and IMDA Security Guidelines.
  • Change Management: Author and execute detailed change requests for standard and non-standard maintenance (including security patching and disaster recovery tests), ensuring clear risk identification and rollback plans.
  • Knowledge Sharing & Mentorship: Create high-quality technical documentation (LLD), perform quality audits on tickets, and coach L1/L2 engineering teams to push technical knowledge down.


REQUIREMENTS

  • Bachelor’s degree or equivalent qualification in IT, Cybersecurity, or Computer Science.
  • Seasoned experience operating in a technical L3 security engineering or network security capacity, preferably supporting public sector agencies, mission-critical infrastructure, or enterprise managed services.


Preferred Technical Certifications

  • Core Security: CCNP Security, PCNSE (Palo Alto), CISSP, or equivalent vendor-related certifications.
  • Advanced Networking: CCNP Enterprise or equivalent technical routing/switching validation.


Tooling & Technical Competencies

  • Firewalls & Edge Security: Expert-level hands-on management of Fortinet (FortiGate, FortiManager, FortiProxy) or Cisco security systems.
  • Identity & Access: Cisco ISE AAA Services, or Privileged Access platforms (e.g., CyberArk EPV/CPM/PSM).
  • Traffic & Optimization: F5 Load Balancers (LTM) and Web Application Firewalls (WAF).
  • Vulnerability & Logs: Tenable Security Centre/Nessus, and familiarity with SIEM logging analytics (Splunk or Microsoft Sentinel).
  • Automation & Analysis: Python, Ansible, Wireshark, or tcpdump.


Please note that only shortlisted candidate would be notified.

重要安全守则

申请工作时,切勿提供您的银行或信用卡详细资料。不要转账或完成无关的在线调查问卷。如果您发现可疑内容,请举报此招聘广告。

了解更多