Sign In
Skip to content
← Back to job listings

Network Security Operations Engineer

Encora · Kuala Lumpur, Malaysia

Operations ManagementQuick applyfull-time1 day ago

About The Role

We are seeking a hands-on Network Security Engineer to operate and continuously improve our network security stack—primarily enterprise firewalls (Palo Alto, Fortinet, Cisco), secure web gateways/proxies, and site-to-site/remote-access VPNs. The ideal candidate is an operator-engineer hybrid with deep knowledge across L2–L7 security controls, strong troubleshooting skills, and proven experience in high-availability, low-latency environments. Experience supporting MAS TRM or BNM RMiT audits is highly preferred.

Operations & Reliability

  • Own day‑to‑day operation of Palo Alto, Fortinet, and Cisco firewalls, Proxies, and VPN appliances (IPSec/SSL).
  • Monitor and maintain HA clusters, dynamic routing (BGP/OSPF) on firewalls, and NAT/policy objects to ensure availability and performance SLAs.
  • Execute change management: rule modifications, NAT adjustments, SSL decryption policies, URL categories and app‑ID signatures.
  • Perform break/fix troubleshooting using methodical, packet‑level analysis (pcaps, flow records, session tables, global counters).

Security Engineering & Hardening

  • Manage segmentation (zones, VRFs, tags), east‑west and north‑south controls, and zero-trust policy baselines.
  • Develop and maintain standardized security templates (objects, groups, security profiles, threat/vulnerability profiles, URL filtering, DLP where applicable).
  • Tune IPS/IDS, Anti‑Malware, URL filtering, WildFire/ATP, DNS Security, and sandboxing controls to reduce false positives while maintaining strong coverage.
  • Integrate firewalls with identity (AD/LDAP, IdP, SSO), SIEM/SOAR, PKI, and EDR/XDR telemetry to enrich detections and automate response.
  • Secure Remote Access & Edge
  • Maintain VPN architectures (IPSec, GlobalProtect/AnyConnect/FortiClient), posture checks, MFA, split vs. full tunnel policies.
  • Support branch/edge (SD‑WAN) security policy application and traffic steering to on‑prem or cloud security services.
  • Manage proxy/SWG policies (e.g., SSL decrypt, file controls, CASB integration) and ensure compliance for web access.
  • Experience in Zero Trust Network Access (ZTNA) is an advantage.
  • Governance, Risk & Compliance
  • Maintain policy standards, rule certification/recertification cycles, and least‑privilege reviews.
  • Ensure controls meet regulatory and industry frameworks (e.g., ISO 27001, NIST 800‑53/CSF, SOC 2, PCI DSS, MAS TRM if applicable).
  • Document and execute disaster recovery and BCP plans for network security platforms.
  • Incident Response & Continuous Improvement
  • Act as an escalation point for network‑security incidents; participate in RCA, and corrective actions.
  • Build dashboards and metrics (utilization, block/allow, threat trends, latency) and drive continuous tuning.
  • Contribute to runbooks, knowledge base articles, and automation (e.g., Ansible, Terraform, Panorama, FortiManager, Cisco FMC APIs).

This listing was posted by a verified recruiter at Encora. Report this listing