Skip to main content

Lead - Security Engineer (Network Infrastructure)

Petrofac

SharjahHybridFull-Time2w ago

Description

ROLE PURPOSE

Own the design and engineering of preventative security controls across network infrastructure, perimeter security, segmentation, and enterprise connectivity.

Act as the technical authority for secure-by-design network and infrastructure security architectures with strong focus on resilience, segmentation, standardisation, and automation.

Primary Accountability Over

  • Network Security & Infrastructure Protection
  • Firewalls, IDS/IPS, Load Balancers, and Secure Connectivity
  • Security Design for LAN / WAN / SD-WAN / Data Centre / Remote Access

Key Responsibilities

  • Security Architecture & Engineering
  • Define network security architecture standards, principles, and reference patterns.
  • Lead security design reviews for network, connectivity, and infrastructure changes.
  • Produce reusable blueprints, standards, and engineering guardrails.
  • Provide technical assurance and risk recommendations for network and infrastructure designs.
  • Network Segmentation, Access Control & Infrastructure Protection
  • Architect secure segmentation models across enterprise, data centre, and remote sites.
  • Design and govern VLAN strategy, east-west and north-south traffic controls, and network access boundaries.
  • Implement and enhance NAC, network zoning, and policy enforcement controls.
  • Define secure standards for routers, switches, firewalls, and core network services.
  • Establish secure connectivity patterns for internal, external, partner, and remote access use cases.
  • Firewall, Perimeter & Traffic Security Engineering
  • Design and maintain firewall policy standards, rule lifecycle governance, and review processes.
  • Engineer preventative controls across next-generation firewalls, IDS/IPS, proxy, and secure web gateways.
  • Define ingress, egress, and inter-network filtering standards.
  • Implement threat prevention, traffic inspection, and secure remote access controls.
  • Drive continuous improvement in rule hygiene, policy optimisation, and attack surface reduction.
  • Load Balancing, Application Delivery & Secure Network Services
  • Define secure load balancer and application delivery controller standards.
  • Implement resilient and secure patterns for internal and external application publishing.
  • Engineer controls for TLS inspection, certificate handling, and secure service exposure.
  • Provide secure design patterns for high-availability network services and traffic distribution.
  • WAN / LAN / SD-WAN Security & Connectivity Governance
  • Define secure design standards for WAN, LAN, internet breakout, and SD-WAN environments.
  • Architect resilient branch and campus security patterns aligned to business and operational needs.
  • Implement segmentation, encrypted transport, routing security, and policy enforcement across hybrid connectivity.
  • Establish standards for site-to-site, third-party, and remote-user connectivity.
  • Security Monitoring, Detection & Infrastructure Telemetry
  • Define infrastructure security logging and telemetry requirements across network platforms.
  • Integrate firewalls, IDS/IPS, load balancers, and network devices with SIEM / SOC processes.
  • Improve visibility of network flows, anomalous traffic, and control effectiveness.
  • Support detection engineering through enriched network security telemetry and event quality improvements.
  • Security Automation & Operational Improvement
  • Automate network security configuration validation, compliance checks, and control assurance.
  • Define repeatable engineering processes for rule reviews, device hardening, and segmentation governance.
  • Implement infrastructure-as-code or policy-driven approaches where applicable.
  • Build reusable standards and automation for secure network onboarding and change delivery.
  • Partner Oversight & Delivery Governance
  • Provide engineering oversight to third parties delivering network and security infrastructure services.
  • Define technical requirements, review solution

More jobs in Sharjah