Network Security Specialist, Singapore

We are seeking a hands‑on Network Security Specialist to engineer, operate, and continuously improve our network security stack—primarily enterprise firewalls (Palo Alto, Fortinet, Cisco), secure web gateways/proxies, and site‑to‑site/remote‑access VPNs. The ideal candidate is an operator‑engineer hybrid with deep knowledge across L2–L7 security controls, strong troubleshooting skills, and proven experience in high‑availability, low‑latency environments. Experience supporting MAS TRM or BNM RMiT audits is highly preferred.

• Operations & Reliability:
  • Own day‑to‑day operation of Palo Alto, Fortinet, and Cisco firewalls, Proxies, and VPN appliances (IPSec/SSL).
  • Monitor and maintain HA clusters, dynamic routing (BGP/OSPF) on firewalls, and NAT/policy objects to ensure availability and performance SLAs.
  • Execute change management: rule modifications, NAT adjustments, SSL decryption policies, URL categories and app‑ID signatures.
  • Perform break/fix troubleshooting using methodical, packet‑level analysis (pcaps, flow records, session tables, global counters).
• Security Engineering & Hardening:
  • Design and implement segmentation (zones, VRFs, tags), east‑west and north‑south controls, and zero‑trust policy baselines.
  • Develop and maintain standardized security templates (objects, groups, security profiles, threat/vulnerability profiles, URL filtering, DLP where applicable).
  • Tune IPS/IDS, Anti‑Malware, URL filtering, WildFire/ATP, DNS Security, and sandboxing controls to reduce false positives while maintaining strong coverage.
  • Integrate firewalls with identity (AD/LDAP, IdP, SSO), SIEM/SOAR, PKI, and EDR/XDR telemetry to enrich detections and automate response.
• Secure Remote Access & Edge
  • Engineer robust VPN architectures (IPSec, GlobalProtect/ AnyConnect/ FortiClient), posture checks, MFA, split vs. full tunnel policies.
  • Support branch/edge (SD‑WAN) security policy application and traffic steering to on‑prem or cloud security services.
  • Manage proxy/SWG policies (e.g., SSL decrypt, file controls, CASB integration) and ensure compliance for web access.
  • Experience in Zero Trust Network Access (ZTNA) is an advantage.
• Governance, Risk & Compliance
  • Maintain policy standards, rule certification/recertification cycles, and least‑privilege reviews.
  • Ensure controls meet regulatory and industry frameworks (e.g., ISO 27001, NIST 800‑53/CSF, SOC 2, PCI DSS, MAS TRM if applicable).
  • Document and execute disaster recovery and BCP plans for network security platforms.
• Incident Response & Continuous Improvement
  • Act as an escalation point for network‑security incidents; participate in RCA, and corrective actions.
  • Build dashboards and metrics (utilization, block/allow, threat trends, latency) and drive continuous tuning.
  • Contribute to runbooks, knowledge base articles, and automation (e.g., Ansible, Terraform, Panorama, FortiManager, Cisco FMC APIs).

• 8–12 years of experience in enterprise network and security engineering.
• Strong track record in network security operations/engineering roles.
• Hands‑on expertise with:
  • Palo Alto Networks firewalls
  • Fortinet FortiGate
  • VMware NSX‑T Firewall
  • SkyHigh / McAfee Secure Web Gateway
  • Cisco Firepower with AnyConnect
  • Experience working in regulated or audit‑driven environments.
• Deep knowledge of TCP/IP, routing (BGP/OSPF), VLAN/VRF, NAT, ACLs, zone‑based policies, and SSL/TLS.
• Proficiency with IPSec/SSL VPN, proxy/SWG policy design, and certificate management (PKI).
• Strong troubleshooting using packet captures, flow/conn tables, and log correlation.
• Experience with change, incident, and problem management (ITIL or equivalent).
• Knowledge of container/K8s networking and ingress/egress controls.
• Understanding of DLP, email security, and DNS security solutions.
• Exposure to SD‑WAN, SASE/SSE (e.g., Prisma Access, Zscaler), and CASB integrations.
• Experience with cloud networking & security (AWS/Azure/GCP firewalls, routing, PrivateLink, Transit Gateway, vWAN).
• Certifications (Preferred):
  • Palo Alto PCNSE
  • Fortinet NSE 6 / NSE 7
  • VMware VCP NV (NSX T)
  • Cisco CCNP Security
  • CISSP (architecture or design focus)

• Champion and embody our Core Values in everyday tasks and interactions.
• Demonstrate high level of integrity and accountability.
• Take initiative to drive improvements and embrace change.
• Take accountability of business and regulatory compliance risks, implementing measures to mitigate them effectively.
• Keep abreast with industry trends, regulatory compliance, and emerging threats and technologies to understand and highlight potential concerns/risks to safeguard our company proactively.

Founded in 1908, Great Eastern is a well‑established market leader and trusted brand in Singapore and Malaysia. With over S$100 billion in assets and more than 16 million policyholders, including 12.5 million from government schemes, it provides insurance solutions to customers through three successful distribution channels – a tied agency force, bancassurance, and financial advisory firm Great Eastern Financial Advisers. The Group also operates in Indonesia and Brunei. The Great Eastern Life Assurance Company Limited and Great Eastern General Insurance Limited have been assigned the financial strength and counterparty credit ratings of \"AA-\" by S&P Global Ratings since 2010, one of the highest among Asian life insurance companies. Great Eastern's asset management subsidiary, Lion Global Investors Limited, is one of the leading asset management companies in Southeast Asia. Great Eastern is a subsidiary of OCBC, the longest established Singapore bank, formed in 1932. It is the second largest financial services group in Southeast Asia by assets and one of the world’s most highly‑rated banks, with an Aa1 rating from Moody’s and AA- by both Fitch and S&P. Recognised for its financial strength and stability, OCBC is consistently ranked among the World’s Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker.

Great Eastern does not accept unsolicited agency resumes. Please do not forward resumes to our email or our employees. We will not be responsible for any fees related to unsolicited resumes.

SG-GE Changi

IT