Lead - Security Engineer (Network Infrastructure)

Role Purpose

• Network Security & Infrastructure Protection

• Firewalls, IDS/IPS, Load Balancers, and Secure Connectivity
• Security Design for LAN / WAN / SD-WAN / Data Centre / Remote Access

• Security Architecture & Engineering

• Define network security architecture standards, principles, and reference patterns.
• Lead security design reviews for network, connectivity, and infrastructure changes.
• Produce reusable blueprints, standards, and engineering guardrails.
• Provide technical assurance and risk recommendations for network and infrastructure designs.
• Network Segmentation, Access Control & Infrastructure Protection
• Architect secure segmentation models across enterprise, data centre, and remote sites.
• Design and govern VLAN strategy, east-west and north-south traffic controls, and network access boundaries.
• Implement and enhance NAC, network zoning, and policy enforcement controls.
• Define secure standards for routers, switches, firewalls, and core network services.
• Establish secure connectivity patterns for internal, external, partner, and remote access use cases.

• Firewall, Perimeter & Traffic Security Engineering

• Design and maintain firewall policy standards, rule lifecycle governance, and review processes.
• Engineer preventative controls across next-generation firewalls, IDS/IPS, proxy, and secure web gateways.
• Define ingress, egress, and inter-network filtering standards.
• Implement threat prevention, traffic inspection, and secure remote access controls.
• Drive continuous improvement in rule hygiene, policy optimisation, and attack surface reduction.
• Load Balancing, Application Delivery & Secure Network Services
• Define secure load balancer and application delivery controller standards.
• Implement resilient and secure patterns for internal and external application publishing.
• Engineer controls for TLS inspection, certificate handling, and secure service exposure.
• Provide secure design patterns for high-availability network services and traffic distribution.
• WAN / LAN / SD-WAN Security & Connectivity Governance
• Define secure design standards for WAN, LAN, internet breakout, and SD-WAN environments.
• Architect resilient branch and campus security patterns aligned to business and operational needs.
• Implement segmentation, encrypted transport, routing security, and policy enforcement across hybrid connectivity.
• Establish standards for site-to-site, third-party, and remote-user connectivity.

• Security Monitoring, Detection & Infrastructure Telemetry

• Define infrastructure security logging and telemetry requirements across network platforms.
• Integrate firewalls, IDS/IPS, load balancers, and network devices with SIEM / SOC processes.
• Improve visibility of network flows, anomalous traffic, and control effectiveness.
• Support detection engineering through enriched network security telemetry and event quality improvements.

• Security Automation & Operational Improvement

• Automate network security configuration validation, compliance checks, and control assurance.
• Define repeatable engineering processes for rule reviews, device hardening, and segmentation governance.
• Implement infrastructure-as-code or policy-driven approaches where applicable.
• Build reusable standards and automation for secure network onboarding and change delivery.

• Partner Oversight & Delivery Governance

• Provide engineering oversight to third parties delivering network and security infrastructure services.
• Define technical requirements, review solution quality, and validate secure delivery outcomes.

Requirements

• 8–12+ years in network security engineering / infrastructure security architecture.
• Strong expertise in firewalls, IDS/IPS, segmentation, and enterprise network security.
• Hands-on experience with routers, switches, load balancers, and secure connectivity platforms.
• Strong understanding of LAN / WAN / SD-WAN, remote access, and hybrid network environments.
• Experience delivering preventative controls, network hardening, and secure infrastructure design.

Desirable

• Palo Alto / Fortinet / Check Point / Cisco / F5 certifications or equivalent experience.
• Experience with NAC, ZTNA, SASE / SSE, and network access control technologies.
• Familiarity with network automation, infrastructure-as-code, or configuration compliance tooling.
• TOGAF or architecture training.

Core Skills

• Network security architecture and design assurance
• Firewalls, IDS/IPS, and perimeter security engineering
• Segmentation, VLAN, zoning, and access control
• Routers, switches, load balancers, and traffic security
• WAN / LAN / SD-WAN security governance
• Security monitoring, telemetry, and infrastructure automation

Success Measures

• Reduction in network exposure and attack surface
• Improved segmentation and access control maturity
• Firewall and rule base optimisation
• Secure onboarding of sites, services, and connectivity changes
• Increased visibility and assurance across network security controls

Positioning Summary