Key Responsibilities
1. Advanced Network Security Architecture
- Design and enforce multi-tiered network security across high-availability, low-latency cloud and on-premise environments.
- Architect and deploy firewalls, intrusion detection/prevention systems (IDS/IPS), and WAFs.
- Establish zero-trust security models, network segmentation, and secure microservices architecture.
- Harden API and Web3/Web2 environments with industry-standard security measures.
2. Next-Gen Firewall & IDS/IPS Setups
- Configure firewalls (Palo Alto, Fortinet, AWS Network Firewall) and NACLs to restrict unauthorized access.
- Deploy Suricata or Snort-based IDS/IPS for real-time network traffic analysis.
- Manage reverse proxies (NGINX, HAProxy) with TLS termination.
- Secure API gateways with CloudFlare, Imperva, or AWS WAF.
3. Secure Network Protocols & Cryptographic Hardening
- Implement TLS 1.3 / mTLS authentication for secure data transmission.
- Deploy IPSec VPN tunnels & WireGuard-based Zero-Trust Networking.
- Secure APIs using OAuth2, OpenID Connect, JWT, and HMAC authentication.
- Utilize HSMs (AWS CloudHSM, YubiHSM, Thales CipherTrust) for cryptographic key management.
4. SIEM, Threat Intelligence, & Security Monitoring
- Deploy SIEM solutions (Splunk, ELK, Datadog) for real-time log analysis.
- Implement AWS Security Hub, GuardDuty, CloudTrail, and CloudWatch Alarms.
- Automate threat intelligence feeds (MITRE ATT&CK, VirusTotal, AlienVault OTX, Chainalysis for crypto fraud detection).
5. Compliance & Risk Management
- Ensure compliance with ISO 27001, PCI DSS, GDPR, MAS TRM, and SOC 2.
- Conduct regular penetration tests, vulnerability assessments, and red teaming exercises.
- Establish incident response playbooks for ransomware, DDoS, and insider threats.
6. Blockchain & Crypto Security
- Secure crypto custody solutions using MPC, multi-signature authentication, and cold storage.
- Defend against front-running, MEV attacks, and flash loan exploits.
- Implement on-chain risk monitoring tools (CipherTrace, Chainalysis).
What We’re Looking For
- 5+ years in network security, cybersecurity, or cloud security.
- Expertise in network security architecture, firewalls, IDS/IPS, API security, and cryptography.
- Hands-on experience with SIEM, forensic analysis, and threat intelligence.
- Strong knowledge of zero-trust models, PKI, and network hardening.
- Experience with Python, Terraform, and Bash for security automation.
- Blockchain/DeFi security experience is a plus.
Preferred Certifications
- CISSP, CISM, CISA, CEH
- AWS Certified Security – Specialty
- Certified Blockchain Security Professional (CBSP)
- PCI DSS Implementation Specialist