Network Engineer - IT Infrastructure

Qualifications● 5+ years of experience as a Network Engineer in IT or enterprise infrastructure.● Strong knowledge of LAN/WAN, VLANs, firewalls, VPNs, and routing protocols.● Hands-on experience with enterprise firewalls (Fortinet, Palo Alto, Cisco, Juniper).● Familiarity with endpoint integrations (EDR, NAC, ZTNA).● Skilled in DNS/DHCP management and filtering solutions.● Proficiency with packet analysis tools (Wireshark, tcpdump).● Understanding of compliance frameworks (ISO 27001, NIST, SOC2, GDPR).Preferred Certifications● Cisco CCNP / CCIE (Enterprise or Security)● Fortinet NSE 4+ or Palo Alto PCNSE● CompTIA Network+ / Security+● Certified Ethical Hacker (CEH) (for network anomaly detection)● Microsoft Certified: Security, Compliance, and Identity Fundamentals (for integration with corporate IT stack)Additional InformationJob location: Kuala Lumpur, MalaysiaReporting & Scope● Reports to: Head of IT● Works closely with: IT Helpdesk, Security Engineers, Cloud EngineersKey Responsibilities1. Office & Data Center Networking● Design, configure, and maintain LAN, WAN, VLANs, and Wi-Fi networks across offices.● Manage data center interconnects, MPLS, and hybrid WAN solutions.● Ensure redundancy and failover capabilities for critical network paths.● Maintain network diagrams, asset inventories, and documentation.2. Firewalls & Secure Connectivity● Deploy and manage enterprise firewalls (Palo Alto, Fortinet, Cisco ASA, or equivalent).● Configure and enforce VPNs, IPsec tunnels, and SSL remote access for staff and partners.● Support AWS Direct Connect and site-to-site VPNs for hybrid workloads.● Implement web filtering, content filtering, and application-layer controls.3. Endpoint & IT Security Integration● Enforce endpoint network policies in collaboration with EDR solutions (CrowdStrike, SentinelOne).● Apply Zero Trust network access (ZTNA) for corporate laptops, VDIs, and mobile devices.● Implement DLP/DLAP prevention rules for outbound corporate traffic.● Monitor network traffic for anomalies, intrusions, or policy violations.4. DNS, DHCP & Identity Services● Administer DNS/DHCP services for corporate IT networks.● Implement DNS filtering (Infoblox, Cisco Umbrella, or Route 53 Resolver Firewall).● Collaborate with IT Identity teams to enforce network access control (NAC) and RBAC/ABAC policies.5. Monitoring & Incident Response● Maintain network monitoring systems (PRTG, SolarWinds, Zabbix, Grafana).● Configure NetFlow, Syslog, and packet captures for incident analysis.● Collaborate with IT Security on SIEM integrations and forensic investigations.● Develop and test incident response playbooks for IT network outages, malware outbreaks, and intrusion attempts.6. IT Operations & User Support● Provide Tier 3 escalation support for network-related IT incidents.● Collaborate with IT Helpdesk to troubleshoot VPN, VDI, and remote access issues.● Ensure smooth integration of video conferencing, VoIP, and collaboration tools.● Train IT staff in network troubleshooting and security best practices.