Network Security Engineer

Keyrus is a global consulting firm specializing in data intelligence, digital transformation, and technology delivery across complex enterprise environments. We are currently supporting a leading international financial services client in the APAC region and are looking for an experienced Network Security Consultant to join the Production Security team.

This role focuses on designing, implementing, and operating network security solutions in a high-availability, production environment. You will work closely with regional and global teams to enhance network security architecture, support BAU operations, and deliver strategic security initiatives.

• Ensure IT governance and operational controls are applied across network security processes
• Design, validate, implement, and document end-to-end network security workflows
• Provide firewall consultation, rule design, and troubleshooting support to internal stakeholders
• Implement and operate network segmentation and Zero Trust / micro-segmentation solutions
• Configure, deploy, and troubleshoot firewall rules; support upgrades, migrations, and platform changes
• Manage Zero-Day web security vulnerabilities and lead security operations response
• Review WAF policies, signatures, and security events; assess risk and recommend mitigations
• Support global and regional security projects within Production Security scope
• Maintain clear technical documentation, process guides, and operational runbooks

• Work with global teams and external vendors on solution delivery and technical support
• Identify process improvement opportunities and automate or optimize existing workflows
• Contribute to Permanent Control frameworks, control plans, and audit activities
• Support incident tracking, root cause analysis, and continuous improvement initiatives
• Participate in off-hours support when required for production-impacting security incidents

• 5–7 years of experience in IT Security, with strong focus on Network Security
• Solid understanding of network security architecture,Zero Trust, andmicro-segmentation
• Hands‑on experience with firewall rule design, implementation, and troubleshooting on: FortiGate / FortiManager, Check Point (R81.10 / R81.20 SmartConsole)
• Experience operating and supporting firewalls, WAF, IPS/IDS in production environments
• Exposure to Illumio PCE (v24.x) and label‑based micro‑segmentation is a strong plus
• Experience with WAF policy enforcement, signature updates, and application security event review
• Familiarity withF5 ASM and/orBroadcom AVI NextGen (WAF / Load Balancer) is preferred
• Experience handling production incidents, root cause analysis, and cross‑team collaboration
• Working knowledge of ServiceNow and standard ITSM processes
• Scripting or automation experience (e.g. Python) is a plus