Lead AI Platform Network & Security Engineer
ITCAN PTE. LIMITED
Position Summary
• Lead the design, implementation and operations of secure, resilient and scalable network and connectivity architecture for Singtel’s Central AI Platform hosted on RE:AI IaaS.
• Establish and manage end-to-end connectivity across multi-cloud, on-premises systems, external SaaS platforms and API endpoints to enable enterprise AI use cases.
• Oversee network capacity planning, redundancy design, performance optimization and lifecycle management to support platform growth and commercialization.
• Ensure robust security architecture including firewall policies, segmentation, secure access controls and alignment with Singtel cybersecurity and DevSecOps standards.
• Serve as the primary technical authority for networking and security architecture of the AI platform, coordinating across RE:AI, Cloud, Cybersecurity, Infrastructure and Application teams.
• Enable a secure-by-design, scalable and high-availability network foundation to support enterprise-grade AI workloads and future expansion.
• Designing and implementing hybrid connectivity architecture across RE:AI IaaS, public cloud platforms, on-prem environments and external partners for AIDA’s Central AI Platform.
• Defining network segmentation, routing, peering, VPN, Direct Connect/ExpressRoute and API gateway patterns to enable seamless AI workload connectivity.
• Ensuring high availability, fault tolerance and redundancy across critical AI platform components.
• Leading firewall design, configuration standards, access control models and network security zoning.
• Implementing secure connectivity patterns including Zero Trust principles, encryption in transit and privileged access controls.
• Coordinating with Cybersecurity and DevSecOps teams on vulnerability management, security monitoring and incident response.
• Overseeing setup and maintenance of physical connectivity (e.g., cross-connects, colocation, data center interconnects).
• Monitoring bandwidth utilization, latency, throughput and network health, and executing proactive capacity expansion.
• Establishing network operations procedures, change management controls and escalation processes.
• Overseeing troubleshooting of connectivity and security incidents across hybrid environments.
• Acting as the central coordination point across internal teams and external partners.
Qualifications & Certifications
• Bachelor’s degree in Computer Engineering, Network Engineering, Computer Science, Information Security or related discipline.
• Professional networking certifications (e.g., CCNP/CCIE, AWS/Azure/GCP Networking Specialty).
• Security certifications (e.g., CISSP, CISM) are advantageous.
Experience
• 5–10 years of experience in enterprise networking, hybrid cloud connectivity or infrastructure architecture.
• Proven experience designing and operating secure hybrid environments (cloud + on-prem).
• Hands-on experience with firewall configuration, network segmentation and secure access models.
• Experience in network capacity planning and high-availability architecture.
• Experience working with cybersecurity and DevSecOps teams in regulated environments.
• Familiarity with RedHat OpenShift networking and security is a plus.
Technical Skills
• Strong knowledge of TCP/IP, routing protocols, BGP, SD-WAN, VPN, MPLS and data center networking.
• Experience with cloud networking architectures (AWS, Azure, GCP or equivalent).
• Deep understanding of firewall policies, IDS/IPS, network segmentation and Zero Trust frameworks.
• Knowledge of API security, secure integration patterns and encryption standards.
• Familiarity with network monitoring tools, SIEM integration and performance analytics.
• Exposure to AI workload connectivity and security concepts is advantageous.
Soft Skills
• Strong systems thinking and architectural mindset.
• Ability to balance security, performance and cost considerations.
• Strong stakeholder management across cross-functional teams.
• Ability to communicate complex technical concepts to both technical and non-technical audiences.
• Proactive risk identification and mitigation capability.