Network Architect & Administrator

Harvey Nash
Chicago, United States of America
10 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 190K

Job location

Remote
Chicago, United States of America

Tech stack

Microsoft Access
Algorithmic Trading
Amazon Web Services (AWS)
Application Firewall
Application Layers
Azure
Cloud Computing
Cryptographic Protocols
Identity and Access Management
Internet Protocol Security (IP SEC)
Virtual Private Networks (VPN)
Python
Network Security
Network Architecture
Network Monitoring
Routing
Network Segmentation
Network administration
Ping (Networking Utility)
Powershell
Role-Based Access Control
Remote Access Technology
Azure
Cloud Services
Ansible
Zero Trust Network Access
SAP Sales and Distribution
Security Information and Event Management
Data Logging
Network Routers
Cloud-native Network Functions (CNF)
Google Cloud Platform
Okta
System Availability
Software Security
QRadar
Cyber Threat Analysis
Firewalls (Computer Science)
Low Latency
Fortinet
Firepower
Api Gateway
Firewall Services Module
Splunk
Network Server
Cisco networks

Job description

The Senior Network Architect & Administrator ensures the network is fast, resilient, secure, and audit ready-a foundational requirement for trading operations, client trust, and regulatory compliance. This role is instrumental in advancing the firm's Zero Trust strategy, cloud modernization, and long-term technology roadmap., * The Senior Network Architect & Administrator is a critical technical leader responsible for designing, implementing, and maintaining a highly available, low latency, and secure enterprise network infrastructure.

  • This role blends strategic architecture with hands on engineering, ensuring the network can support the demanding needs of trading systems, financial partner connectivity, cloud expansion, and regulatory compliance.
  • The ideal candidate brings deep expertise in enterprise networking, hybrid cloud architecture, Zero Trust principles, and financial sector connectivity requirements. This position is essential to building a resilient, scalable, and secure network foundation that enables the firm's growth and protects mission critical operations.

Key Responsibilities

Enterprise Network Architecture & Modernization

  • Architect and maintain a multi-tier, highly available enterprise network supporting trading, clearing, research, and client facing platforms.
  • Design and enforce advanced network segmentation for users, servers, trading systems, cloud workloads, and privileged administrative zones.
  • Lead the development of a Zero Trust Network Architecture (ZTNA), including micro segmentation, identity aware routing, and continuous verification.
  • Engineer secure, redundant partner connections (DTCC, BNYM, Bloomberg, MarketAxess, ArrowStreet) using dedicated circuits, VPNs, private connectivity, and strict ACLs.
  • Integrate cloud networking (AWS, Azure, GCP) with secure routing, private endpoints, and unified policy enforcement across hybrid environments.

Perimeter, Cloud, and Application Security Hardening

  • Architect and administer next generation firewalls (NGFW) with IPS, TLS inspection, sandboxing, and threat intelligence integrations.
  • Deploy and maintain Web Application Firewalls (WAF) and API gateways supporting trading platforms and client portals.
  • Strengthening cloud security posture using CSPM, CNAPP, and cloud native controls (Security Groups, NACLs, PrivateLink, IAM boundaries).
  • Implement secure remote access solutions using ZTNA, MFA, device posture checks, and continuous session monitoring.
  • Standardize encryption protocols (TLS 1.2/1.3, IPsec, MACsec) across internal, external, and partner connections.

Network Monitoring, Performance, and Threat Visibility

  • Build and maintain a unified network monitoring and logging architecture across firewalls, routers, switches, cloud networks, and partner circuits.
  • Collaborate with security teams to integrate network telemetry into SIEM platforms (Splunk, Sentinel, QRadar, Elastic).
  • Develop detection logic for anomalous trading activity, insider threats, credential abuse, and partner circuit deviations.
  • Participate in threat hunting activities and support automated response workflows through SOAR integrations.

Identity, Access, and Privileged Access Controls

  • Integrate network infrastructure with centralized IAM platforms (Azure AD/Entra, Okta, Ping) for SSO, MFA, and conditional access.
  • Implement and maintain Privileged Access Management (PAM) for network administrators and service accounts.
  • Define and enforce RBAC and least privilege models across network, cloud, and application layers.
  • Ensure IAM and network logs feed into SIEM for real time detection of credential misuse.

Governance, Compliance & Partner Connectivity Assurance

  • Develop and maintain network security standards and policies for segmentation, encryption, firewall rules, cloud access, and partner circuits.
  • Conduct risk assessments for all P2P and financial partner connections.
  • Define onboarding/offboarding processes for new business partners, including security validation and continuous monitoring.
  • Ensure compliance with FFIEC, SEC, FINRA, SOX, and internal audit requirements.
  • Create and maintain runbooks and playbooks for network incidents, partner link outages, and trading system disruptions.

Requirements

  • 8+ years of experience in enterprise network engineering, architecture, or administration.
  • Expert level knowledge of routing, switching, firewalls, VPNs, SD WAN, and network segmentation.
  • Hands on experience with NGFW platforms (Palo Alto, Fortinet, Check Point, Cisco Firepower).
  • Strong understanding of cloud networking (AWS, Azure, GCP) and hybrid connectivity.
  • Experience supporting trading systems or financial sector connectivity.
  • Familiarity with regulatory frameworks (FFIEC, SEC, FINRA, SOX).

Preferred

  • Certifications such as CCNP/CCIE, PCNSE, NSE7+, JNCIP/JNCIE, or equivalent.
  • Experience with Zero Trust, SASE, CASB, and modern remote access technologies.
  • Proficiency in automation and scripting (Python, PowerShell, Ansible).
  • Experience designing network architectures for high availability, low latency environments.

Benefits & conditions

A reasonable, good faith estimate of the minimum and maximum base salary for this position is $160 K to $190 K per year with Bonus. Employee benefits will also be available, and details are available like Pension/401K/ Paid Vacation/ Life, Medical & Dental insurance etc., Medical coverage Dental coverage Vision coverage 401(k) retirement plan

Apply for this position