Job Title: Senior Network Security Engineer
Department: Security

One Ayala, Makati

Hybrid

Position Overview

The Senior Network Security Engineer is a subject matter expert responsible for designing, optimizing, and governing the firm’s network security infrastructure supporting global trading, settlement, and corporate systems. This role leads advanced engineering, operational oversight, and policy development for Palo Alto firewalls, Guardicore micro segmentation, and FortiNAC within a highly regulated financial environment. The engineer acts as a technical authority and escalation point for complex incidents, advising leadership on architecture, risk, and compliance strategy.

Key Responsibilities

• Lead design and architecture of secure network solutions, ensuring scalability, high availability, and regulatory compliance across data centers, trading floors, and cloud integrations.
• Manage and optimize Palo Alto Networks firewalls and Panorama, including advanced rule base governance, threat prevention tuning, SSL decryption strategy, and GlobalProtect VPN access models.
• Oversee Guardicore implementation for segmentation architecture, policy lifecycle management, and continuous improvement of east‑west visibility across production workloads.
• Set strategy for FortiNAC operations, including policy refinement, device posture enforcement, guest access frameworks, and automation of compliance checks across enterprise environments.
• Drive proactive threat detection and root‑cause analysis, correlating network telemetry and security events to identify systemic risks to trading and transactional systems.
• Direct remediation initiatives from internal audit, regulatory, or penetration test findings, ensuring timely closure of high‑risk items and sustainable control improvements.
• Serve as change authority and subject matter expert in risk and change management processes, guiding peers on validation testing, impact assessments, and rollback planning.
• Mentor and provide technical leadership to junior engineers, including knowledge transfer, training, and review of configuration changes and documentation standards.
• Contribute to security governance by developing standards, playbooks, and architectural patterns supporting the firm’s operational resilience and compliance posture.

Required Qualifications

• 8–10 years of experience in network and security engineering, with at least 4 years in a financial institution or similarly regulated environment.
• Extensive expertise in Palo Alto Networks firewalls and Panorama, including App‑ID/User‑ID, SSL/TLS inspection, and advanced threat prevention.
• Proven experience designing or managing micro segmentation strategies using Guardicore (or equivalent solutions such as Illumio).
• Advanced administration of FortiNAC, Cisco ISE, or Aruba ClearPass, including automated profiling and policy‑driven access enforcement.
• Strong command of TCP/IP, routing, switching, VLANs, encryption, and authentication protocols, with an architectural mindset.
• Deep understanding of financial regulatory and audit frameworks .

Preferred Qualifications

• Certifications such as PCNSE, CISSP, CCNP Security, or NSE4–7 strongly preferred.
• Demonstrated experience leading security infrastructure modernization or network segmentation transformation initiatives.
• Background in low‑latency, high‑availability trading or payments environments, including exposure to market freeze windows and parallel testing.

Soft Skills

• Strategic thinker with a high sense of ownership and urgency under regulatory and operational constraints.
• Excellent communicator capable of translating technical risk into business impact for executives and stakeholders.
• Committed to mentorship, documentation quality, and continuous security improvement.