ROLE PURPOSE
Own the design and engineering of preventative security controls across network infrastructure, perimeter security, segmentation, and enterprise connectivity.
Act as the technical authority for secure-by-design network and infrastructure security architectures with strong focus on resilience, segmentation, standardisation, and automation.
Primary Accountability Over
-
Network Security & Infrastructure Protection
-
Firewalls, IDS/IPS, Load Balancers, and Secure Connectivity
-
Security Design for LAN / WAN / SD-WAN / Data Centre / Remote Access
Key Responsibilities
-
Security Architecture & Engineering
-
Define network security architecture standards, principles, and reference patterns.
-
Lead security design reviews for network, connectivity, and infrastructure changes.
-
Produce reusable blueprints, standards, and engineering guardrails.
-
Provide technical assurance and risk recommendations for network and infrastructure designs.
-
Network Segmentation, Access Control & Infrastructure Protection
-
Architect secure segmentation models across enterprise, data centre, and remote sites.
-
Design and govern VLAN strategy, east-west and north-south traffic controls, and network access boundaries.
-
Implement and enhance NAC, network zoning, and policy enforcement controls.
-
Define secure standards for routers, switches, firewalls, and core network services.
-
Establish secure connectivity patterns for internal, external, partner, and remote access use cases.
-
Firewall, Perimeter & Traffic Security Engineering
-
Design and maintain firewall policy standards, rule lifecycle governance, and review processes.
-
Engineer preventative controls across next-generation firewalls, IDS/IPS, proxy, and secure web gateways.
-
Define ingress, egress, and inter-network filtering standards.
-
Implement threat prevention, traffic inspection, and secure remote access controls.
-
Drive continuous improvement in rule hygiene, policy optimisation, and attack surface reduction.
-
Load Balancing, Application Delivery & Secure Network Services
-
Define secure load balancer and application delivery controller standards.
-
Implement resilient and secure patterns for internal and external application publishing.
-
Engineer controls for TLS inspection, certificate handling, and secure service exposure.
-
Provide secure design patterns for high-availability network services and traffic distribution.
-
WAN / LAN / SD-WAN Security & Connectivity Governance
-
Define secure design standards for WAN, LAN, internet breakout, and SD-WAN environments.
-
Architect resilient branch and campus security patterns aligned to business and operational needs.
-
Implement segmentation, encrypted transport, routing security, and policy enforcement across hybrid connectivity.
-
Establish standards for site-to-site, third-party, and remote-user connectivity.
-
Security Monitoring, Detection & Infrastructure Telemetry
-
Define infrastructure security logging and telemetry requirements across network platforms.
-
Integrate firewalls, IDS/IPS, load balancers, and network devices with SIEM / SOC processes.
-
Improve visibility of network flows, anomalous traffic, and control effectiveness.
-
Support detection engineering through enriched network security telemetry and event quality improvements.
-
Security Automation & Operational Improvement
-
Automate network security configuration validation, compliance checks, and control assurance.
-
Define repeatable engineering processes for rule reviews, device hardening, and segmentation governance.
-
Implement infrastructure-as-code or policy-driven approaches where applicable.
-
Build reusable standards and automation for secure network onboarding and change delivery.
-
Partner Oversight & Delivery Governance
-
Provide engineering oversight to third parties delivering network and security infrastructure services.
-
Define technical requirements, review solution quality, and validate secure delivery outcomes.
Essential
EXPERIENCE REQUIREMENTS
-
8–12+ years in network security engineering / infrastructure security architecture.
-
Strong expertise in firewalls, IDS/IPS, segmentation, and enterprise network security.
-
Hands-on experience with routers, switches, load balancers, and secure connectivity platforms.
-
Strong understanding of LAN / WAN / SD-WAN, remote access, and hybrid network environments.
-
Experience delivering preventative controls, network hardening, and secure infrastructure design.
Desirable
-
Palo Alto / Fortinet / Check Point / Cisco / F5 certifications or equivalent experience.
-
Experience with NAC, ZTNA, SASE / SSE, and network access control technologies.
-
Familiarity with network automation, infrastructure-as-code, or configuration compliance tooling.
-
TOGAF or architecture training.
Core Skills
-
Network security architecture and design assurance
-
Firewalls, IDS/IPS, and perimeter security engineering
-
Segmentation, VLAN, zoning, and access control
-
Routers, switches, load balancers, and traffic security
-
WAN / LAN / SD-WAN security governance
-
Security monitoring, telemetry, and infrastructure automation
SUCCESS MEASURES
-
Reduction in network exposure and attack surface
-
Improved segmentation and access control maturity
-
Firewall and rule base optimisation
-
Secure onboarding of sites, services, and connectivity changes
-
Increased visibility and assurance across network security controls
Positioning Summary
Network-focused, prevention-led security engineering centred on secure connectivity, resilient infrastructure, segmentation, and scalable guardrails.
Additional Information