Network Security Specialist at Great Eastern Life Assurance Co Ltd

Singapore, , Singapore -

Full Time

Start Date

Immediate

Expiry Date

27 May, 26

Salary

0.0

Posted On

26 Feb, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Palo Alto Firewalls, Fortinet FortiGate, Cisco Firewalls, VPNs, Secure Web Gateways, BGP, OSPF, IPS/IDS, SIEM/SOAR Integration, ZTNA, SD-WAN, Packet Analysis, ITIL, Ansible, Terraform, Cloud Security

Industry

Insurance

Description

We are seeking a hands-on Network Security Specialist to engineer, operate, and continuously improve our network security stack—primarily enterprise firewalls (Palo Alto, Fortinet, Cisco), secure web gateways/proxies, and site-to-site/remote-access VPNs. The ideal candidate is an operator-engineer hybrid with deep knowledge across L2–L7 security controls, strong troubleshooting skills, and proven experience in high-availability, low-latency environments. Experience supporting MAS TRM or BNM RMiT audits is highly preferred. Operations & Reliability: Own day‑to‑day operation of Palo Alto, Fortinet, and Cisco firewalls, Proxies, and VPN appliances (IPSec/SSL). Monitor and maintain HA clusters, dynamic routing (BGP/OSPF) on firewalls, and NAT/policy objects to ensure availability and performance SLAs. Execute change management: rule modifications, NAT adjustments, SSL decryption policies, URL categories and app‑ID signatures. Perform break/fix troubleshooting using methodical, packet‑level analysis (pcaps, flow records, session tables, global counters). Security Engineering & Hardening: Design and implement segmentation (zones, VRFs, tags), east‑west and north‑south controls, and zero-trust policy baselines. Develop and maintain standardized security templates (objects, groups, security profiles, threat/vulnerability profiles, URL filtering, DLP where applicable). Tune IPS/IDS, Anti‑Malware, URL filtering, WildFire/ATP, DNS Security, and sandboxing controls to reduce false positives while maintaining strong coverage. Integrate firewalls with identity (AD/LDAP, IdP, SSO), SIEM/SOAR, PKI, and EDR/XDR telemetry to enrich detections and automate response. Secure Remote Access & Edge Engineer robust VPN architectures (IPSec, GlobalProtect/ AnyConnect/ FortiClient), posture checks, MFA, split vs. full tunnel policies. Support branch/edge (SD‑WAN) security policy application and traffic steering to on‑prem or cloud security services. Manage proxy/SWG policies (e.g., SSL decrypt, file controls, CASB integration) and ensure compliance for web access. Experience in Zero Trust Network Access (ZTNA) is an advantage. Governance, Risk & Compliance Maintain policy standards, rule certification/recertification cycles, and least‑privilege reviews. Ensure controls meet regulatory and industry frameworks (e.g., ISO 27001, NIST 800‑53/CSF, SOC 2, PCI DSS, MAS TRM if applicable). Document and execute disaster recovery and BCP plans for network security platforms. Incident Response & Continuous Improvement Act as an escalation point for network‑security incidents; participate in RCA, and corrective actions. Build dashboards and metrics (utilization, block/allow, threat trends, latency) and drive continuous tuning. Contribute to runbooks, knowledge base articles, and automation (e.g., Ansible, Terraform, Panorama, FortiManager, Cisco FMC APIs). 8–12 years of experience in enterprise network and security engineering. Strong track record in network security operations/engineering roles. Hands‑on expertise with: Palo Alto Networks firewalls Fortinet FortiGate VMware NSX‑T Firewall SkyHigh / McAfee Secure Web Gateway Cisco Firepower with AnyConnect Experience working in regulated or audit‑driven environments. Deep knowledge of TCP/IP, routing (BGP/OSPF), VLAN/VRF, NAT, ACLs, zone-based policies, and SSL/TLS. Proficiency with IPSec/SSL VPN, proxy/SWG policy design, and certificate management (PKI). Strong troubleshooting using packet captures, flow/conn tables, and log correlation. Experience with change, incident, and problem management (ITIL or equivalent). Knowledge of container/K8s networking and ingress/egress controls. Understanding of DLP, email security, and DNS security solutions. Exposure to SD‑WAN, SASE/SSE (e.g., Prisma Access, Zscaler), and CASB integrations. Experience with cloud networking & security (AWS/Azure/GCP firewalls, routing, PrivateLink, Transit Gateway, vWAN). Certifications (Preferred) - Palo Alto PCNSE Fortinet NSE 6 / NSE 7 VMware VCP NV (NSX T) Cisco CCNP Security CISSP (architecture or design focus)

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

This role involves engineering, operating, and continuously improving the network security stack, focusing on enterprise firewalls, proxies, and VPNs while maintaining high availability and performance SLAs. Responsibilities also include designing and implementing security controls, hardening systems, integrating security platforms with identity and monitoring tools, and managing remote access architectures.