Lead - Security Engineer (Network Infrastructure)

ROLE PURPOSE

Own the design and engineering of preventative security controls across network infrastructure, perimeter security, segmentation, and enterprise connectivity.
Act as the technical authority for secure-by-design network and infrastructure security architectures with strong focus on resilience, segmentation, standardisation, and automation.

PRIMARY ACCOUNTABILITY OVER

• Network Security & Infrastructure Protection
• Firewalls, IDS/IPS, Load Balancers, and Secure Connectivity
• Security Design for LAN / WAN / SD-WAN / Data Centre / Remote Access

KEY RESPONSIBILITIES

1. Security Architecture & Engineering

• Define network security architecture standards, principles, and reference patterns.
• Lead security design reviews for network, connectivity, and infrastructure changes.
• Produce reusable blueprints, standards, and engineering guardrails.
• Provide technical assurance and risk recommendations for network and infrastructure designs.

2. Network Segmentation, Access Control & Infrastructure Protection

• Architect secure segmentation models across enterprise, data centre, and remote sites.
• Design and govern VLAN strategy, east-west and north-south traffic controls, and network access boundaries.
• Implement and enhance NAC, network zoning, and policy enforcement controls.
• Define secure standards for routers, switches, firewalls, and core network services.
• Establish secure connectivity patterns for internal, external, partner, and remote access use cases.

3. Firewall, Perimeter & Traffic Security Engineering

• Design and maintain firewall policy standards, rule lifecycle governance, and review processes.
• Engineer preventative controls across next-generation firewalls, IDS/IPS, proxy, and secure web gateways.
• Define ingress, egress, and inter-network filtering standards.
• Implement threat prevention, traffic inspection, and secure remote access controls.
• Drive continuous improvement in rule hygiene, policy optimisation, and attack surface reduction.

4. Load Balancing, Application Delivery & Secure Network Services

• Define secure load balancer and application delivery controller standards.
• Implement resilient and secure patterns for internal and external application publishing.
• Engineer controls for TLS inspection, certificate handling, and secure service exposure.
• Provide secure design patterns for high-availability network services and traffic distribution.

5. WAN / LAN / SD-WAN Security & Connectivity Governance

• Define secure design standards for WAN, LAN, internet breakout, and SD-WAN environments.
• Architect resilient branch and campus security patterns aligned to business and operational needs.
• Implement segmentation, encrypted transport, routing security, and policy enforcement across hybrid connectivity.
• Establish standards for site-to-site, third-party, and remote-user connectivity.

6. Security Monitoring, Detection & Infrastructure Telemetry

• Define infrastructure security logging and telemetry requirements across network platforms.
• Integrate firewalls, IDS/IPS, load balancers, and network devices with SIEM / SOC processes.
• Improve visibility of network flows, anomalous traffic, and control effectiveness.
• Support detection engineering through enriched network security telemetry and event quality improvements.

7. Security Automation & Operational Improvement

• Automate network security configuration validation, compliance checks, and control assurance.
• Define repeatable engineering processes for rule reviews, device hardening, and segmentation governance.
• Implement infrastructure-as-code or policy-driven approaches where applicable.
• Build reusable standards and automation for secure network onboarding and change delivery.

8. Partner Oversight & Delivery Governance

• Provide engineering oversight to third parties delivering network and security infrastructure services.
• Define technical requirements, review solution quality, and validate secure delivery outcomes.

EXPERIENCE REQUIREMENTS

Essential:

• 8–12+ years in network security engineering / infrastructure security architecture.
• Strong expertise in firewalls, IDS/IPS, segmentation, and enterprise network security.
• Hands-on experience with routers, switches, load balancers, and secure connectivity platforms.
• Strong understanding of LAN / WAN / SD-WAN, remote access, and hybrid network environments.
• Experience delivering preventative controls, network hardening, and secure infrastructure design.

Desirable:

• Palo Alto / Fortinet / Check Point / Cisco / F5 certifications or equivalent experience.
• Experience with NAC, ZTNA, SASE / SSE, and network access control technologies.
• Familiarity with network automation, infrastructure-as-code, or configuration compliance tooling.
• TOGAF or architecture training.

CORE SKILLS

• Network security architecture and design assurance
• Firewalls, IDS/IPS, and perimeter security engineering
• Segmentation, VLAN, zoning, and access control
• Routers, switches, load balancers, and traffic security
• WAN / LAN / SD-WAN security governance
• Security monitoring, telemetry, and infrastructure automation

SUCCESS MEASURES

• Reduction in network exposure and attack surface
• Improved segmentation and access control maturity
• Firewall and rule base optimisation
• Secure onboarding of sites, services, and connectivity changes
• Increased visibility and assurance across network security controls

POSITIONING SUMMARY

Network-focused, prevention-led security engineering centred on secure connectivity, resilient infrastructure, segmentation, and scalable guardrails.

#LI-HS1