Responsibilities
Security Architecture & Design:
- Develop and maintain secure architectures for on-premises, hybrid, and multi-cloud environments (Azure, GCP, etc).
- Design multi-layered security for on-premises, air-gapped environments, including network segmentation, firewall policies, intrusion detection/prevention systems (IDS/IPS), centralized logging and auditing, access control best practices, and secure key management.
- Configure security controls, including network firewalls, VLANs, and access policies, ensuring alignment with compliance frameworks (CIS Benchmarks, IM8, NIST, ISO 27001)
Technical Leadership:
- Serve as a subject matter expert, mentoring junior engineers and leading cross-functional teams on advanced security projects.
- Guide adoption of best practices for network, cloud, and application security.
Threat & Vulnerability Management:
- Lead penetration testing, red teaming, and proactive threat modeling to identify and mitigate risks.
- Maintain and monitor firewalls (Fortigate, Palo Alto), intrusion detection/prevention systems (IDS/IPS), VPNs, PAM solutions, and SIEM systems.
- Monitor and analyze security logs and alerts in real-time to detect and respond to incidents.
Incident Response:
- Lead response teams during security breaches, performing root cause analysis and ensuring timely remediation.
- Develop and implement protocols to reduce security incidents and enhance organizational resilience.
Governance, Risk & Compliance (GRC):
- Ensure systems comply with regulatory and internal standards, including NIST, ISO 27001, and Singapore’s CII requirements.
- Conduct regular audits and vulnerability assessments, documenting security posture and risk mitigation.
Solution Evaluation:
- Conduct PoCs for emerging security technologies to ensure business alignment.
- Deploy and optimize AWS-native security services (IAM, KMS, Shield, WAF) and third-party solutions to strengthen detection, prevention, and response capabilities.
