Senior Technology Consultant (Malaysia)

  

This role has been designed as ‘’Onsite’ with an expectation that you will primarily work from an HPE partner/customer office.

Job Description:

   

The Senior Technical Consultant, Network Cybersecurity is a customer‑facing expert responsible for designing, implementing, and optimizing secure network architectures across on‑prem, hybrid, and cloud environments. The role spans next‑gen firewalls, Zero Trust and SASE, micro‑segmentation, secure SD‑WAN, identity‑centric controls, SOC integration, and security automation. You will partner with customers, architects, project managers, and SOC/Network teams to deliver resilient, compliant, and cost‑effective security outcomes.

Key Responsibilities

·       1) Architecture & Design

·       Lead the design of secure network architectures (campus, branch, data center, OT/ICS, and cloud edge).

·       Define Zero Trust segmentation, SASE/SSE patterns, ZTNA, and micro‑segmentation (host- and network-based).

·       Produce HLD/LLD, security design patterns, policy matrices, and traffic flow diagrams.

·       Integrate security with cloud networking (Azure vWAN/VNet, AWS VPC, GCP VPC), private connectivity (ExpressRoute/Direct Connect), and edge.

·       2) Implementation & Migration

·       Deploy and tune NGFW, IDS/IPS, WAF, SWG/CASB, SSE, DLP, email security, VPN/SD‑WAN, and NAC.

·       Implement SIEM/SOAR integrations, syslog/NetFlow, EDR/XDR signal sharing, and playbooks for automated response.

·       Execute phased migrations and cutovers with rollback plans and customer communication.

·       3) Security Operations & Hardening

·       Build/optimize security monitoring use cases (MITRE ATT&CK mapping, UEBA, threat intel).

·       Harden network/security platforms (CIS benchmarks, secure baselines, PKI/TLS, SSH, least privilege, password vaulting).

·       Lead/assist incident response: triage, containment, forensics coordination, lessons learned.

·       4) Governance, Risk & Compliance

·       Align designs with NIST CSF, ISO/IEC 27001, CIS Controls, and applicable regulations.

·       Define security policies/standards, data classification enforcement at network boundaries, and change control.

·       Produce compliance artifacts: risk registers, control matrices, test evidence, and audit responses.

·       5) Advisory & Stakeholder Management

·       Act as trusted advisor to CISO, Network, Cloud, Infrastructure, and App teams.

·       Run assessments (maturity, gap, architecture), TCO/ROI, and cost optimization for security tooling.

·       Deliver workshops, knowledge transfer, and clear documentation.

·       6) Mentoring & Practice Development

·       Mentor consultants/engineers, review designs, and contribute reference architectures, runbooks, and reusable templates.

·       Support pre‑sales: discovery, scoping, level of effort, and solution proposals.

Required Qualifications

·       Technical Skills (Senior-Level Depth)

·       Network Security: NGFW, IPS/IDS, SSL/TLS decryption, DNS security, WAF, DDoS protection, bot defense.

·       Zero Trust & SASE: ZTNA, identity‑aware policies, continuous verification, SASE/SSE platforms integration.

·       Segmentation: VLANs, VRFs, ACLs, micro‑segmentation (NSX-T, Illumio, Guardicore), host firewalls.

·       NAC & Identity: 802.1X, TACACS+/RADIUS, NAC (e.g., ClearPass/ISE), IAM/PAM integration.

·       SD‑WAN & Edge: SD‑WAN design and security, QoS, path selection, cloud on‑ramp.

·       Cloud Security & Networking: VNet/VPC design, transit gateways, security groups/NACLs, private endpoints, WAF, cloud firewalls, CASB/SWG, cloud posture (CSPM) awareness.

·       SOC Integrations: SIEM (e.g., Microsoft Sentinel, Splunk), SOAR, EDR/XDR, threat intel (STIX/TAXII), UEBA.

·       Protocols & Tools: BGP/OSPF, IPsec/SSL VPN, DHCP/DNS, PKI, certificates, NTP, syslog, NetFlow/IPFIX, packet capture/analysis.

·       Automation & Scripting: Infrastructure as Code, API integration, Ansible, Terraform, Python/PowerShell for policy deployment and checks.

Experience

·       7–12 years in network security/consulting with enterprise-scale design and delivery.

·       Proven success delivering multi‑site, hybrid/cloud security programs and complex cutovers.

·       Experience collaborating across Network, Cloud, SOC, Infra, and App teams; comfortable leading workshops and steering committees.

·       Education & Certifications (Preferred)

·       Bachelor’s degree in Computer Science, Information Security, or equivalent experience.

·       Vendor: Palo Alto Networks (PCNSE), Fortinet (NSE 7/8), Cisco (CCNP Security/CCIE Security), Check Point (CCSE), Zscaler (ZCP/ZCCP), Netskope, CrowdStrike, Microsoft (SC‑100/SC‑200).

·       Frameworks/General: CISSP, CCSP, CISM, ISO 27001 LA, ITIL.

·       Cloud: Azure Security (SC‑100/SC‑200, AZ‑500), AWS Security Specialty, GCP Professional Security Engineer.

Soft Skills

·       Strong consultative communication; able to translate risks into business impact.

·       Structured problem solving; calm leadership during incidents/change windows.

·       Influences stakeholders and drives consensus across diverse technical teams.

·       Ownership mindset, documentation excellence, and mentoring orientation.

Key Performance Indicators (KPIs)

·       Design quality: Peer review scores, defect rates, security control coverage.

·       Delivery performance: On‑time, on‑budget, and change success rate (no unplanned outages).

·       Risk reduction: Reduction in critical findings, improved dwell time/MTTR with SOC.

·       Customer satisfaction: CSAT/NPS, workshop feedback, adoption of recommended controls.

·       Automation impact: Reduction in manual policy changes, standardized baselines across environments.

Tools & Technologies

·       Firewalls/NGFW: Palo Alto, Fortinet, Cisco Firepower, Check Point.

·       SASE/SSE/ZTNA: Zscaler, Prisma Access, Netskope, Cisco SSE, Cloudflare.

·       NAC: Aruba ClearPass, Cisco ISE.

·       SD‑WAN: Aruba EdgeConnect, Cisco SD‑WAN, Fortinet Secure SD‑WAN, Prisma SD‑WAN.

·       SIEM/SOAR: Microsoft Sentinel, Splunk ES/Phantom, QRadar, Cortex XSOAR.

·       Micro‑segmentation: VMware NSX‑T DFW, Illumio, Guardicore.

·       DNS/DP/Email/WAF/DDoS: Infoblox, Proofpoint/Microsoft Defender, Akamai/F5/Cloudflare.

·       Cloud security: Azure Firewall/Firewall Manager, AWS Network Firewall, GCP Cloud Armor, CSPM/CNAPP.

Sample Role Levels & Scope

·       Delivery Focus: 60–70% billable delivery, 15–20% advisory/architecture, 10–15% pre‑sales/enablement.

·       Regional Exposure: Multi‑site enterprise programs, hybrid DC‑cloud networks, and SOC integrations.

Why This Role Matters (Malaysia/SEA & HPE Context)

·       Malaysia and SEA customers are accelerating hybrid cloud adoption; security is the top priority due to regional regulatory pressure.

·       Aruba networking and HPE GreenLake security solutions are rapidly expanding in SEA as customers shift toward consumption-based models.

·       SEATH delivery requirements demand multi-country readiness, strong documentation discipline, and consistent architecture delivery across diverse environments.

Accountability, Accountability, Active Learning, Active Listening, Bias, Business Growth, Client Expectations Management, Coaching, Creativity, Critical Thinking, Cross-Functional Teamwork, Customer Centric Solutions, Customer Relationship Management (CRM), Design Thinking, Empathy, Follow-Through, Growth Mindset, Information Technology (IT) Infrastructure, Infrastructure as a Service (IaaS), Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity, Process Improvements, Product Services, Relationship Building {+ 5 more}

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Job:

Services

Job Level:

TCP_04

    

    

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

   

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

   

No Fees Notice & Recruitment Fraud Disclaimer

 

It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates.  These scammers often seek to obtain personal information or money from candidates.

 

Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process.  The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.