Security Engineer/Security Design Engineer

SECURITY DESIGN ENGINEER 

COMPANY OVERVIEW

NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.

Working under direct supervision, you will apply your developing expertise in security architecture, network security design, and infrastructure protection to create security designs, implement security controls, and support security engineering projects. You will contribute to infrastructure security solutions while building your skills in secure design patterns, security technologies, and architecture frameworks under the guidance of senior engineers and architects.

KEY RESPONSIBILITIES

Security Architecture Design Support

• Create straightforward security architecture designs for network and infrastructure projects under direct supervision
• Develop network security diagrams, security zone models, and data flow diagrams following design standards
• Support enterprise architecture teams with security requirements and design input
• Document security design decisions and architectural rationale clearly
• Contribute to security reference architectures and reusable design patterns
• Participate in architecture review sessions and incorporate feedback into designs

Network Security Design and Implementation

• Design network security solutions including firewall architectures, network segmentation, and DMZ configurations
• Create detailed firewall rulesets, access control lists, and security policy designs
• Design VPN solutions for site-to-site and remote access connectivity
• Develop network security diagrams showing security zones, trust boundaries, and data flows
• Support implementation of network security controls following approved designs
• Document network security configurations and change procedures

Security Technology Solution Design

• Design security technology solutions including SIEM, endpoint protection, and monitoring platforms
• Create technical specifications for security tool deployments under supervision
• Support proof of concept activities for security technology evaluations
• Design integration approaches for security tools within existing infrastructure
• Document technical requirements and implementation procedures for security solutions
• Assist with security technology vendor assessments and product selection

Infrastructure Hardening Design

• Design security hardening standards for servers, network devices, and endpoints under supervision
• Create secure baseline configurations aligned with CIS Benchmarks and industry standards
• Develop security configuration policies and validation procedures
• Design automated hardening and compliance checking solutions
• Document security configuration requirements for infrastructure components
• Support security configuration assessments and remediation planning

Security Design Documentation

• Produce high-quality security architecture documents and design specifications under supervision
• Create technical diagrams including network topology, security architecture, and data flow diagrams
• Develop security design standards and implementation guidelines
• Maintain design document repositories and configuration management
• Write technical security procedures and operational runbooks
• Contribute to security architecture governance and design review processes

Technical Security Assessment Support

• Support security architecture reviews and design assessments under supervision
• Validate security control implementations against design requirements
• Conduct technical security gap analyses and identify design weaknesses
• Assess security risks in infrastructure designs and recommend mitigations
• Perform security configuration reviews and compliance assessments
• Document assessment findings and remediation recommendations

KEY PERFORMANCE INDICATORS

• Quality and completeness of security designs and technical documentation produced
• Successful implementation of security solutions based on approved designs
• Client and stakeholder satisfaction with security design deliverables
• Accuracy of security configurations and minimal rework required
• Progress in professional development and certification achievements
• Contribution to security design standards and best practices

REQUIRED SKILLS & COMPETENCIES

Security Architecture and Design Expertise

• Solid understanding of security architecture principles and design patterns
• Knowledge of network security architectures including defense in depth and zero trust
• Understanding of security zone models, network segmentation, and DMZ designs
• Familiarity with security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Awareness of secure design principles for cloud and hybrid environments

Network and Infrastructure Technical Skills

• Network security: Firewalls, IPS/IDS, VPNs, proxies, NAC, load balancers
• Network protocols: Deep TCP/IP knowledge, routing protocols (BGP, OSPF), MPLS
• Switching and routing: VLANs, VXLANs, spanning tree, port security
• Security platforms: Palo Alto, Cisco ASA/Firepower, Fortinet, Check Point
• Virtualization: VMware NSX, network virtualization, micro-segmentation

Security Technology Knowledge

• SIEM platforms: Splunk, QRadar, Azure Sentinel, ELK Stack
• Endpoint protection: CrowdStrike, Carbon Black, Microsoft Defender
• Network monitoring: NetFlow, IPFIX, packet capture, network behavior analysis
• Identity and access: Active Directory, Azure AD, LDAP, RADIUS, TACACS+
• Cloud security: AWS VPC, Azure Virtual Networks, GCP VPC security

Design and Documentation Tools

• Diagramming: Microsoft Visio, Lucidchart, draw.io, enterprise architecture tools
• Infrastructure as Code: Terraform, CloudFormation, Ansible basics
• Version control: Git, document management systems
• Collaboration: Confluence, SharePoint, technical wikis
• Project management: Jira, ServiceNow, project documentation tools

Professional Skills

• Clear technical communication with engineering teams and stakeholders
• Ability to translate security requirements into technical designs
• Collaborative approach to working with network, infrastructure, and security teams
• Problem-solving skills for complex security design challenges
• Attention to detail in technical specifications and documentation
• Time management and ability to prioritize multiple design activities

Certifications Required

• CCNA Security or SSCP (Systems Security Certified Practitioner) - Mandatory
• Network security certification: Fortinet NSE4, Palo Alto PCNSA/PCNSE, or Cisco CyberOps - Required
• Security+ or equivalent foundation certification - Required
• Working toward: CISSP Associate, CCNP Security, or security architecture certifications
• Eligible: UK SC security clearance

MINIMUM QUALIFICATIONS

Experience

• 2-4 years of experience in network engineering, security engineering, or infrastructure roles
• 1-2 years designing or implementing network security solutions
• Hands-on experience with firewalls, routers, switches, and security technologies
• Experience creating technical documentation and architecture diagrams
• Familiarity with security design principles and frameworks

Project Responsibilities:

• Execute security design work packages on client and internal projects
• Deliver technical security designs and implementation documentation
• Support security technology deployments and configuration activities

CERTIFICATION AND PROFESSIONAL DEVELOPMENT

Professional Requirements

• CCNA Security or SSCP demonstrating networking and security foundations
• Vendor security certification in firewall or security platform technologies
• Security+ as baseline security knowledge certification
• Continuous learning in emerging security technologies and design patterns

Development Expectations

• Progress toward advanced certifications (CISSP, CCNP Security, CCSP)
• Develop specialized skills in cloud security architecture or specific security domains
• Regular participation in technical training and vendor certification programs
• Contribution to internal security design standards and best practices
• Preparation for progression to P3 Infrastructure Security Design Consultant

WORK ENVIRONMENT

• Technical design and engineering environment with client project delivery
• Collaboration with network, infrastructure, cloud, and security operations teams
• Mix of design activities, technical implementation support, and documentation
• Exposure to diverse security technologies and enterprise architectures
• Hybrid working model with occasional client site visits for design workshop

TECHNICAL COMPETENCY AREAS

Core Design Capabilities

• Network security architecture: Firewall designs, DMZ, network segmentation, VPN, zero trust
• Security technology design: SIEM, endpoint protection, monitoring, detection platforms
• Identity architecture: AD design, federation, MFA, privileged access management
• Data protection design: Encryption, DLP, backup, disaster recovery architectures
• Cloud security design: AWS, Azure, GCP security architecture patterns

Design Deliverables

• High-level design documents with security architecture overview
• Low-level design documents with detailed technical specifications
• Network and security zone topology diagrams
• Data flow diagrams showing security control points
• Security configuration specifications and hardening guides