ICT Security Engineer

COMPANY OVERVIEW

We are a Singapore-based ICT solutions integrator specialising in compute infrastructure, enterprise storage, and cybersecurity. We serve clients across the commercial, government, and healthcare sectors, delivering end-to-end solutions from design and procurement through to deployment, hardening, and lifecycle management. Our engineers are central to delivering reliable, secure, and scalable IT environments that our clients depend on.

ROLE SUMMARY

The ICT Security Engineer is a technically hands-on role centred on compute infrastructure, storage systems, and systems administration, with security principles embedded at every layer. The engineer takes ownership across the full project lifecycle - from pre-sales solution scoping and design, to physical installation, systems configuration, hardening, and ongoing post-sales support.

This role demands deep competency in server platforms, operating systems, virtualisation, and enterprise storage, complemented by working knowledge of network security and client-facing communication skills. The ideal candidate thrives in both a data centre environment and a client engagement setting, and approaches every task with a learning mindset and a positive, collaborative attitude.

KEY RESPONSIBILITIES

1. Pre-Sales & Solution Consulting

. Engage prospective clients to understand their compute, storage, and security requirements through site surveys and technical discussions.

. Architect and size server, storage, and hyper-converged infrastructure (HCI) solutions aligned to client workloads and security posture.

. Prepare technical proposals, Bills of Materials (BOM), rack elevation diagrams, and high-level design (HLD) documents.

. Conduct product demonstrations, proof-of-concept (POC) deployments, and benchmark evaluations at client or lab environments.

. Support the sales team in responding to tenders, RFPs, RFQs, and government quotations with technically accurate submissions.

. Recommend appropriate licensing models (subscription, perpetual, SaaS) and advise on total cost of ownership (TCO).

2. Physical Deployment & Data Centre Works

. Execute end-to-end physical deployment including racking, stacking, and structured cabling of servers, storage arrays, switches, and appliances.

. Perform power-on, POST diagnostics, BIOS/UEFI configuration, RAID setup, and firmware baseline updates on new hardware.

. Install and configure out-of-band management interfaces - iDRAC (Dell), iLO (HPE), IMM/XCC (Lenovo), IPMI for remote server management.

. Conduct cable management, labelling, and documentation to data centre standards.

. Coordinate with facilities and client IT teams for data centre access, power budgeting, and cooling considerations.

. Decommission, wipe, and dispose of end-of-life hardware in accordance with data sanitisation standards (DoD 5220.22-M, NIST 800-88).

3. Compute Infrastructure & Operating Systems Administration

Server Platforms

. Deploy and administer rackmount, blade, and tower servers across major OEM platforms: Dell, HPE, Lenovo etc.

. Manage server hardware lifecycle - component replacement (drives, DIMMs, PSU, fans), warranty management, and proactive health monitoring.

. Configure and manage RAID levels (0, 1, 5, 6, 10) using hardware RAID controllers

Windows Server

. Install, configure, and administer Windows Server 2016 / 2019 / 2022 environments.

. Design and manage Active Directory Domain Services (AD DS): domain structure, Organisational Units (OUs), Group Policy Objects (GPOs), and trust relationships.

. Deploy and maintain core Windows Server roles: DNS, DHCP, DFS, WSUS, NPS, IIS, and Certificate Services (AD CS / PKI).

. Manage Windows Server security baselines using Microsoft Security Compliance Toolkit, CIS Benchmarks, and GPO hardening.

. Administer user and group accounts, RBAC, and privileged access using Active Directory and Microsoft Entra ID (Azure AD).

. Configure Windows Server failover clustering, NLB, and high-availability (HA) configurations for critical workloads.

Linux Server

. Deploy and administer Linux distributions in production: RHEL, CentOS Stream, Ubuntu Server, and Debian.

. Configure services including SSH hardening, sudoers policy, PAM, auditd, SELinux/AppArmor, and iptables/firewalld.

. Manage package repositories, scheduled tasks (cron/systemd timers), log management (rsyslog, journald), and system performance tuning.

. Script routine administration and security tasks using Bash and/or Python.

Endpoint & System Hardening

. Apply CIS Level 1/2 Benchmarks and DISA STIG hardening across Windows and Linux server builds.

. Manage patch cycles using WSUS, SCCM, Ansible, or vendor-specific tooling track CVEs and remediate vulnerabilities within defined SLAs.

. Configure host-based firewalls, auditing policies, account lockout policies, and privilege escalation controls.

. Implement application whitelisting and software restriction policies where applicable.

4. Enterprise Storage Administration

. Deploy and manage SAN (Fibre Channel and iSCSI), NAS, and object storage systems from vendors such as Dell EMC, NetApp, HPE Nimble/Primera, and Pure Storage.

. Configure and administer storage protocols: FC, iSCSI, NFS (v3/v4), SMB/CIFS, and S3-compatible object storage.

. Manage LUN provisioning, volume groups, thin/thick provisioning, snapshots, replication (synchronous and asynchronous), and storage tiering.

. Implement and test storage-level backup, recovery, and disaster recovery (DR) procedures including RTO/RPO validation.

. Monitor storage performance (IOPS, latency, throughput) and capacity utilisation conduct capacity planning reviews.

. Administer tape libraries and backup appliances (Veeam, Commvault, Veritas NetBackup, Dell EMC Avamar/Data Domain) for backup and archival workflows.

. Manage Storage Area Network fabric: Brocade/Cisco FC switches, zoning, and HBA configuration.

5. Virtualisation & Hyper-Converged Infrastructure (HCI)

. Deploy and administer VMware vSphere / vCenter / ESXi environments including cluster configuration, vMotion, HA, DRS, and vSAN.

. Manage Microsoft Hyper-V clusters with SCVMM configure live migration, storage migration, and Hyper-V Replica.

. Install and configure HCI platforms: VMware vSAN, Nutanix AOS/AHV, or equivalent.

. Right-size virtual machine (VM) resources manage VM templates, snapshots, and cloning workflows.

. Implement virtualisation-layer security: VM isolation, vNetwork security policies, encrypted vMotion, and vTPM.

. Manage host profiles, update manager (VUM/VLCM), and lifecycle upgrades for hypervisor clusters.

6. ICT Security - Infrastructure & Endpoint

. Implement and manage endpoint detection and response (EDR) and antivirus solutions across servers and workstations (CrowdStrike, SentinelOne, Trend Micro, Symantec).

. Deploy and maintain Data Loss Prevention (DLP), Privileged Access Management (PAM), and Identity & Access Management (IAM) solutions.

. Administer multi-factor authentication (MFA) and Single Sign-On (SSO) integrations for domain and cloud services.

. Configure and manage SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel): onboard log sources, write detection rules, and investigate alerts.

. Perform internal vulnerability assessments using tools such as Nessus, Qualys, or OpenVAS prioritise and track remediation.

. Conduct security reviews against frameworks: NIST CSF, ISO 27001 controls, MAS TRM, and CSA Singapore advisories.

. Support penetration test engagements: scoping, evidence gathering, and remediation verification.

. Participate in security incident response - containment, root-cause analysis, evidence preservation, and post-incident reporting.

7. Networking (Supporting Knowledge)

. Configure and manage network security devices: next-generation firewalls (Fortinet FortiGate, Palo Alto, Cisco ASA/FTD), switches, and routers.

. Manage LAN/WAN topology: VLANs, trunking (802.1Q), inter-VLAN routing, STP/RSTP, and link aggregation (LACP).

. Configure site-to-site and remote access VPNs (IPSec, SSL/TLS) administer SD-WAN solutions where deployed.

. Administer network access control (NAC), 802.1X authentication with RADIUS, and network segmentation for DMZ and server zones.

. Conduct basic network troubleshooting using packet capture (Wireshark), traceroute, and SNMP monitoring tools.

. Understand and apply micro-segmentation and zero-trust network access (ZTNA) principles in server and storage environments.

8. Cloud & Hybrid Infrastructure (Advantageous)

. Extend on-premises compute and storage management into hybrid cloud environments (AWS, Microsoft Azure, or Google Cloud Platform).

. Configure cloud security posture: IAM policies, security groups, RBAC, encryption at rest and in transit, and cloud-native monitoring.

. Manage backup and DR replication to cloud targets using Veeam Cloud Connect or native cloud backup services.

. Administer Microsoft 365 and Azure AD / Entra ID for identity, device compliance (Intune/MDM), and conditional access policies.

9. Post-Sales Support, Documentation & Reporting

. Provide Level 2 and Level 3 post-implementation technical support manage issues through to resolution within agreed SLAs.

. Produce and maintain accurate as-built documentation: network diagrams, rack layouts, IP address management (IPAM), system runbooks, and change records.

. Conduct periodic health checks, capacity reviews, and security assessments for managed clients.

. Prepare client-facing reports covering infrastructure status, vulnerability exposure, and remediation progress.

. Manage vendor relationships for hardware support contracts, RMA, licensing renewals, and technical escalations.

. Participate in after-hours on-call and standby support on a rostered basis respond to P1/P2 incidents in a timely manner.

QUALIFICATIONS & REQUIREMENTS

Education

. Diploma or Degree in Computer Science, Information Technology, Computer Engineering, Cybersecurity, or equivalent.

. Fresh Diploma graduates with strong practical experience (internship, labs, project work) are welcome to apply.

Experience

. 2-5 years of hands-on experience in systems administration, infrastructure engineering, or ICT security.

. Demonstrated experience managing Windows Server and/or Linux in production environments.

. Hands-on exposure to enterprise storage platforms, virtualisation, and physical server deployment.

. Experience in a systems integrator, managed service provider (MSP), or enterprise IT environment is advantageous.

. Fresh Degree graduates with relevant internship or project experience and certifications will be considered at the junior level.

Certifications (Preferred / Advantageous)

Candidates holding one or more of the following will be given preference:

. Microsoft: MCSA / MCSE, AZ-800/801 (Windows Server Hybrid), AZ-500 (Azure Security)

. VMware: VCP-DCV (Data Centre Virtualisation)

. CompTIA: Server+, Security+, CySA+

. Storage: NetApp NCDA, Dell EMC Proven Professional, Pure Storage PSCP

. Linux: RHCSA (Red Hat), LPIC-1/2

. Network Security: Fortinet NSE 4/5, CCNA, Palo Alto PCNSE

. Security: CISSP, CISM, CEH, or equivalent (for senior-level candidates)