Director, Network Architect

Fmr LLC
Westlake, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Remote
Westlake, United States of America

Tech stack

Secure Shell (SSH)
Microsoft Access
Access Network
Amazon Web Services (AWS)
Azure
Border Gateway Protocol
Cloud Computing
Computer Security
Data Centers
Dynamic Host Configuration Protocol
DNS
Datagram Transport Layer Security
Internet Control Message Protocol
Multi-protocol Systems
Session Initiation Protocols
Kerberos (Protocol)
Key Management
Network Security
Lightweight Directory Access Protocols (LDAP)
Network Architecture
Network Segmentation
Open Shortest Path First
NT LAN Manager
Akamai
Zero Trust Network Access
SAP Sales and Distribution
Simple Network Management Protocols
Syslog
Transmission Control Protocol (TCP)
Virtual Local Area Networks
Wide Area Networks
Remote Desktop Protocol (RDP)
Network Access Control
Computer Network Technologies
Multi-Cloud
Firewalls (Computer Science)
Templating
Palo Alto Networks
Cisco networks

Job description

Role is for a visionary and highly technical Network Architect to protect critical assets, and enforce zero-trust principles. This architect will specialize in Network Segmentation technologies to design, implement, and evolve our next-generation enterprise network security architecture. In this role, you will be the primary blueprint contributor to define how our global network separates networks, isolates endpoint threats, and segments workloads. You will lead the strategic shift from traditional flat networks to highly secure, micro-segmented environments across on-premises data centers, global offices, and multi-cloud infrastructure., * Architecture and Strategy

  • Design Zero-Trust Frameworks: Define the overarching architectural strategy for macro- and micro-segmentation solutions across various areas of the Fidelity Multiservice Network: global WAN, regional centers, domestic and international satellite sites, data centers, colocation centers, investor centers, and public cloud environments (AWS, Azure).
  • Technology Selection: Evaluate, pilot, and select enterprise-grade segmentation technologies, including Software-Defined Access (SD-Access), Software-Defined WAN (SD-WAN), Zero Trust Network Access (ZTNA), Next-Generation Firewalls, and workload micro-segmentation
  • Standardization: Develop and maintain network and security standards, reference architectures, blueprint designs and Fact Sheets, and design templates.
  • Engineering and Implementation
  • Micro-Segmentation Deployment: Architect and oversee the deployment of host-based and fabric-based micro-segmentation solutions to protect critical workloads and applications.
  • Identity and Access Integration: Integrate network segmentation policies with enterprise identity providers (IdP) and Network Access Control (NAC) systems to enforce dynamic, identity-aware access controls.
  • Cloud and Hybrid Connectivity: Design secure, seamless, yet segmented connectivity between on-premise and cloud environments.
  • Collaboration and Governance
  • Cross-Functional Alignment: Partner closely with partners in Enterprise Cybersecurity and Network Engineering teams to translate architectural visions, strategies, and blueprints into deployment plans.
  • Risk and Compliance Support: Ensure network architectures comply with all relevant policies, standards and guidelines.
  • Mentorship: Provide technical leadership and mentorship to network engineering and operations teams, ensuring smooth operational handoffs.

Requirements

  • Required Experience: Network engineering and architecture. Focus on network security and segmentation initiatives. Core networking protocol knowledge: BGP, OSPF, EVPN-VXLAN, MPLS, VRF-Lite, and VLAN design.
  • Segmentation Expertise: Hands-on experience and architectural design using technologies such as Cisco TrustSec/ISE, Cisco Tetration/Secure Workload, Akamai Guardicore, Illumio, and/or Palo Alto Networks NGFW/App-ID.
  • Enterprise Security: Strong understanding of Zero-Trust Network Access (ZTNA), Secure Access Service Edge (SASE) architectures, and stateful firewalling.
  • In-depth knowledge of L3/4 protocols such as TCP,UDP, ICMP, and L7 protocols such as DNS, DHCP, Kerberos/NTLM, LDAP, SSH, RDP, DTLS, SMB, IKE, ISAKMP, HTTP/s, SIP, SNMP, Syslog, etc.
  • Strong understanding of encryption methods and technologies at all layers: network, link, file/block, table column/row/field, associated ciphers, and key management practices for both certificate private/public asymmetric keys as well as symmetric keys

Apply for this position