Lead AI Platform Network & Security Engineer

ITCAN PTE. LIMITED

Position Summary

• Lead the design, implementation and operations of secure, resilient and scalable network and connectivity architecture for Singtel’s Central AI Platform hosted on RE:AI IaaS.

• Establish and manage end-to-end connectivity across multi-cloud, on-premises systems, external SaaS platforms and API endpoints to enable enterprise AI use cases.

• Oversee network capacity planning, redundancy design, performance optimization and lifecycle management to support platform growth and commercialization.

• Ensure robust security architecture including firewall policies, segmentation, secure access controls and alignment with Singtel cybersecurity and DevSecOps standards.

• Serve as the primary technical authority for networking and security architecture of the AI platform, coordinating across RE:AI, Cloud, Cybersecurity, Infrastructure and Application teams.

• Enable a secure-by-design, scalable and high-availability network foundation to support enterprise-grade AI workloads and future expansion.

• Designing and implementing hybrid connectivity architecture across RE:AI IaaS, public cloud platforms, on-prem environments and external partners for AIDA’s Central AI Platform.

• Defining network segmentation, routing, peering, VPN, Direct Connect/ExpressRoute and API gateway patterns to enable seamless AI workload connectivity.

• Ensuring high availability, fault tolerance and redundancy across critical AI platform components.

• Leading firewall design, configuration standards, access control models and network security zoning.

• Implementing secure connectivity patterns including Zero Trust principles, encryption in transit and privileged access controls.

• Coordinating with Cybersecurity and DevSecOps teams on vulnerability management, security monitoring and incident response.

• Overseeing setup and maintenance of physical connectivity (e.g., cross-connects, colocation, data center interconnects).

• Monitoring bandwidth utilization, latency, throughput and network health, and executing proactive capacity expansion.

• Establishing network operations procedures, change management controls and escalation processes.

• Overseeing troubleshooting of connectivity and security incidents across hybrid environments.

• Acting as the central coordination point across internal teams and external partners.

Qualifications & Certifications

• Bachelor’s degree in Computer Engineering, Network Engineering, Computer Science, Information Security or related discipline.

• Professional networking certifications (e.g., CCNP/CCIE, AWS/Azure/GCP Networking Specialty).

• Security certifications (e.g., CISSP, CISM) are advantageous.

Experience

• 5–10 years of experience in enterprise networking, hybrid cloud connectivity or infrastructure architecture.

• Proven experience designing and operating secure hybrid environments (cloud + on-prem).

• Hands-on experience with firewall configuration, network segmentation and secure access models.

• Experience in network capacity planning and high-availability architecture.

• Experience working with cybersecurity and DevSecOps teams in regulated environments.

• Familiarity with RedHat OpenShift networking and security is a plus.

Technical Skills

• Strong knowledge of TCP/IP, routing protocols, BGP, SD-WAN, VPN, MPLS and data center networking.

• Experience with cloud networking architectures (AWS, Azure, GCP or equivalent).

• Deep understanding of firewall policies, IDS/IPS, network segmentation and Zero Trust frameworks.

• Knowledge of API security, secure integration patterns and encryption standards.

• Familiarity with network monitoring tools, SIEM integration and performance analytics.

• Exposure to AI workload connectivity and security concepts is advantageous.

Soft Skills

• Strong systems thinking and architectural mindset.

• Ability to balance security, performance and cost considerations.

• Strong stakeholder management across cross-functional teams.

• Ability to communicate complex technical concepts to both technical and non-technical audiences.

• Proactive risk identification and mitigation capability.