Infrastructure Security Design Engineer

Who We AreNTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.What You’ll Be DoingDesign secure network architectures for enterprise and multi-cloud environments.Develop security zone models, segmentation strategies, and DMZ architectures.Produce high/low-level design documentation and contribute to reference architectures.Design and configure firewalls, IPS/IDS, proxies, and secure remote access solutions.Implement segmentation, VPN, and zero trust network access strategies.Perform network security assessments and optimize security policies.Deploy and configure SIEM, EDR, DLP, NAC, and monitoring solutions.Integrate security tools into infrastructure and operational workflows.Create implementation guides, runbooks, and support technology pilots.Develop CIS-aligned hardening standards and secure baseline configurations.Conduct configuration assessments, remediation planning, and patch management.Validate security controls through technical testing and compliance checks.Design endpoint protection strategies (EDR, AV, application control).Develop secure server architectures for Windows, Linux, and virtualized environments.Implement privileged access workstations, bastion hosts, and secure admin models.Produce architecture documents, diagrams, and security zone mappings.Develop infrastructure security standards, guidelines, and design repositories.Document design decisions and support architecture review processes.What You'll Bring AlongBachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related fieldMinimum 5–10 years of experience in cybersecurity or IT security roles.Strong knowledge of network security architectures and secure design principlesSolid understanding of firewall technologies (Palo Alto, Cisco, Fortinet, Check Point)Experience with IPS/IDS systems, web application firewalls, and email security gatewaysKnowledge of VPN technologies, NAC solutions, and secure remote accessUnderstanding of security monitoring tools including SIEM, EDR, and SOAR platformsNetwork protocols: TCP/IP, routing, switching, VLANs, VXLANs, SD-WANSecurity technologies: Next-gen firewalls, IPS/IDS, proxies, DLP, NACVirtualization: VMware, Hyper-V, virtual security appliancesOperating systems: Windows Server, Linux distributions, hardening practicesCloud platforms: Basic understanding of AWS, Azure, GCP networking and securityUnderstanding of security frameworks (NIST CSF, ISO 27001, CIS Controls)Knowledge of network security best practices and industry standardsFamiliarity with zero trust architecture principlesUnderstanding of secure SDLC and DevSecOps conceptsAwareness of regulatory requirements affecting infrastructure securityClear technical communication and documentation abilitiesCollaboration skills for working with infrastructure, network, and operations teamsProblem-solving approach to complex security design challengesProject coordination and task management capabilitiesWillingness to learn and adapt to new security technologiesSecurity+ or SSCP (Systems Security Certified Practitioner) - MandatoryNetwork security certification: CCNA Security, Fortinet NSE4, or Palo Alto PCNSA - RequiredInfrastructure certification: MCSE, RHCE, or equivalent - PreferredCISSP Associate or working toward CISSP - PreferredExcellent command of both spoken and written English.