Senior Technology Consultant (Malaysia)

Senior Technology Consultant (Malaysia)

This role has been designed as 'Onsite with an expectation that you will primarily work from an HPE partner/customer office.

Job Description:

The Senior Technical Consultant, Network Cybersecurity is a customerfacing expert responsible for designing, implementing, and optimizing secure network architectures across onprem, hybrid, and cloud environments. The role spans nextgen firewalls, Zero Trust and SASE, microsegmentation, secure SDWAN, identitycentric controls, SOC integration, and security automation. You will partner with customers, architects, project managers, and SOC/Network teams to deliver resilient, compliant, and costeffective security outcomes.

Key Responsibilities

.1) Architecture & Design

.Lead the design of secure network architectures (campus, branch, data center, OT/ICS, and cloud edge).

.Define Zero Trust segmentation, SASE/SSE patterns, ZTNA, and microsegmentation (host- and network-based).

.Produce HLD/LLD, security design patterns, policy matrices, and traffic flow diagrams.

.Integrate security with cloud networking (Azure vWAN/VNet, AWS VPC, GCP VPC), private connectivity (ExpressRoute/Direct Connect), and edge.

.2) Implementation & Migration

.Deploy and tune NGFW, IDS/IPS, WAF, SWG/CASB, SSE, DLP, email security, VPN/SDWAN, and NAC.

.Implement SIEM/SOAR integrations, syslog/NetFlow, EDR/XDR signal sharing, and playbooks for automated response.

.Execute phased migrations and cutovers with rollback plans and customer communication.

.3) Security Operations & Hardening

.Build/optimize security monitoring use cases (MITRE ATT&CK mapping, UEBA, threat intel).

.Harden network/security platforms (CIS benchmarks, secure baselines, PKI/TLS, SSH, least privilege, password vaulting).

.Lead/assist incident response: triage, containment, forensics coordination, lessons learned.

.4) Governance, Risk & Compliance

.Align designs with NIST CSF, ISO/IEC 27001, CIS Controls, and applicable regulations.

.Define security policies/standards, data classification enforcement at network boundaries, and change control.

.Produce compliance artifacts: risk registers, control matrices, test evidence, and audit responses.

.5) Advisory & Stakeholder Management

.Act as trusted advisor to CISO, Network, Cloud, Infrastructure, and App teams.

.Run assessments (maturity, gap, architecture), TCO/ROI, and cost optimization for security tooling.

.Deliver workshops, knowledge transfer, and clear documentation.

.6) Mentoring & Practice Development

.Mentor consultants/engineers, review designs, and contribute reference architectures, runbooks, and reusable templates.

.Support presales: discovery, scoping, level of effort, and solution proposals.

Required Qualifications

.Technical Skills (Senior-Level Depth)

.Network Security: NGFW, IPS/IDS, SSL/TLS decryption, DNS security, WAF, DDoS protection, bot defense.

.Zero Trust & SASE: ZTNA, identityaware policies, continuous verification, SASE/SSE platforms integration.

.Segmentation: VLANs, VRFs, ACLs, microsegmentation (NSX-T, Illumio, Guardicore), host firewalls.

.NAC & Identity: 802.1X, TACACS+/RADIUS, NAC (e.g., ClearPass/ISE), IAM/PAM integration.

.SDWAN & Edge: SDWAN design and security, QoS, path selection, cloud onramp.

.Cloud Security & Networking: VNet/VPC design, transit gateways, security groups/NACLs, private endpoints, WAF, cloud firewalls, CASB/SWG, cloud posture (CSPM) awareness.

.SOC Integrations:SIEM (e.g., Microsoft Sentinel, Splunk), SOAR, EDR/XDR, threat intel (STIX/TAXII), UEBA.

.Protocols & Tools: BGP/OSPF, IPsec/SSL VPN, DHCP/DNS, PKI, certificates, NTP, syslog, NetFlow/IPFIX, packet capture/analysis.

.Automation & Scripting: Infrastructure as Code, API integration, Ansible, Terraform, Python/PowerShell for policy deployment and checks.

Experience

.7-12 years in network security/consulting with enterprise-scale design and delivery.

.Proven success delivering multisite, hybrid/cloud security programs and complex cutovers.

.Experience collaborating across Network, Cloud, SOC, Infra, and App teams comfortable leading workshops and steering committees.

.Education & Certifications (Preferred)

.Bachelor's degree in Computer Science, Information Security, or equivalent experience.

.Vendor: Palo Alto Networks (PCNSE), Fortinet (NSE 7/8), Cisco (CCNP Security/CCIE Security), Check Point (CCSE), Zscaler (ZCP/ZCCP), Netskope, CrowdStrike, Microsoft (SC100/SC200).

.Frameworks/General: CISSP, CCSP, CISM, ISO 27001 LA, ITIL.

.Cloud: Azure Security (SC100/SC200, AZ500), AWS Security Specialty, GCP Professional Security Engineer.

Soft Skills

.Strong consultative communication able to translate risks into business impact.

.Structured problem solving calm leadership during incidents/change windows.

.Influences stakeholders and drives consensus across diverse technical teams.

.Ownership mindset, documentation excellence, and mentoring orientation.

Key Performance Indicators (KPIs)

.Design quality: Peer review scores, defect rates, security control coverage.

.Delivery performance: Ontime, onbudget, and change success rate (no unplanned outages).

.Risk reduction: Reduction in critical findings, improved dwell time/MTTR with SOC.

.Customer satisfaction: CSAT/NPS, workshop feedback, adoption of recommended controls.

.Automation impact: Reduction in manual policy changes, standardized baselines across environments.

Tools & Technologies

.Firewalls/NGFW: Palo Alto, Fortinet, Cisco Firepower, Check Point.

.SASE/SSE/ZTNA: Zscaler, Prisma Access, Netskope, Cisco SSE, Cloudflare.

.NAC: Aruba ClearPass, Cisco ISE.

.SDWAN: Aruba EdgeConnect, Cisco SDWAN, Fortinet Secure SDWAN, Prisma SDWAN.

.SIEM/SOAR: Microsoft Sentinel, Splunk ES/Phantom, QRadar, Cortex XSOAR.

.Microsegmentation: VMware NSXT DFW, Illumio, Guardicore.

.DNS/DP/Email/WAF/DDoS: Infoblox, Proofpoint/Microsoft Defender, Akamai/F5/Cloudflare.

.Cloud security: Azure Firewall/Firewall Manager, AWS Network Firewall, GCP Cloud Armor, CSPM/CNAPP.

Sample Role Levels & Scope

.Delivery Focus: 60-70% billable delivery, 15-20% advisory/architecture, 10-15% presales/enablement.

.Regional Exposure: Multisite enterprise programs, hybrid DCcloud networks, and SOC integrations.

Why This Role Matters (Malaysia/SEA & HPE Context)

.Malaysia and SEA customers are accelerating hybrid cloud adoption security is the top priority due to regional regulatory pressure.

.Aruba networking and HPE GreenLake security solutions are rapidly expanding in SEA as customers shift toward consumption-based models.

.SEATH delivery requirements demand multi-country readiness, strong documentation discipline, and consistent architecture delivery across diverse environments.

Accountability, Accountability, Active Learning, Active Listening, Bias, Business Growth, Client Expectations Management, Coaching, Creativity, Critical Thinking, Cross-Functional Teamwork, Customer Centric Solutions, Customer Relationship Management (CRM), Design Thinking, Empathy, Follow-Through, Growth Mindset, Information Technology (IT) Infrastructure, Infrastructure as a Service (IaaS), Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity, Process Improvements, Product Services, Relationship Building + 5 more

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have - whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Job:

Services

Job Level:

TCP_04

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

No Fees Notice & Recruitment Fraud Disclaimer