We are looking for a Senior DDI Engineer to design, manage, and secure enterprise DNS, DHCP, IPAM, and NTP services across internal networks, DMZ, internet-facing services, B2B/third-party connectivity, hybrid, and cloud environments. The role requires strong hands-on expertise, security awareness, and the ability to support DDI as a critical enterprise infrastructure and security service.
Key Responsibilities:
- Design, deploy, and manage enterprise DNS, DHCP, IPAM, and NTP services.
- Support internal, external, recursive, and authoritative DNS environments.
- Manage DDI services for data centres, DMZ, internet-facing applications, B2B/third-party connectivity, hybrid, and cloud platforms.
- Implement DNS security controls such as split-horizon DNS, restricted zone transfers, secure delegation, logging, filtering, and anomaly detection.
- Prevent and support remediation of DNS-based threats, including tunnelling, exfiltration, amplification, and other DNS attacks.
- Design and operate enterprise DHCP services across segmented environments.
- Maintain accurate IPAM records for audits, incident response, capacity planning, and compliance.
- Manage secure and resilient NTP services for network devices, security platforms, servers, and applications.
- Ensure DDI architecture aligns with internal security standards, regulatory requirements, and audit expectations.
- Support Architecture Review Board discussions, security risk assessments, exception reviews, and remediation planning.
- Act as L3/L4 escalation point for DDI-related incidents and complex troubleshooting.
- Drive automation, standardisation, monitoring, alerting, and operational resilience.
- Work closely with network, firewall, WAF, cloud security, application, infrastructure, and security operations teams.
- Prepare technical documentation, design artefacts, SOPs, and operational runbooks.
Required Skills and Experience:
- 13 to 15 years of relevant IT infrastructure, network, or security engineering experience.
- Strong hands-on experience with DNS, DHCP, IPAM, and NTP in large enterprise environments.
- Experience with enterprise DDI platforms such as Infoblox, BlueCat, EfficientIP, Nokia VitalQIP, or equivalent.
- Strong understanding of DNS, DHCP, IPAM, and NTP protocols and relevant industry RFCs.
- Experience supporting internet-facing, DMZ, B2B, third-party connectivity, hybrid, and cloud environments.
- Good understanding of network security, segmentation, trust boundaries, DMZ design, and secure service exposure.
- Familiarity with firewalls, WAF, IDS/IPS, DNS security, SIEM, logging, and monitoring platforms.
- Experience working in regulated, multi-region enterprise environments, preferably banking or financial services.
- Relevant product, networking, cloud, or security certifications are preferred.
To apply,simply click the Apply button or send your updated profile to [Confidential Information]
EA Licence No.:18S9405 / EA Reg. No.:R1330864
Percept Solutions is expanding and actively seeking talented individuals. We encourage applicants to follow Percept Solutions on LinkedIn at https://www.linkedin.com/company/percept-solutions/to stay informed about new opportunities and events.
