Solutions Architect - Network Security & AI
Role details
Job location
Tech stack
Job description
- Own the end-to-end POV / POC lifecycle across the Americas - qualification, scoping, success criteria definition, lab and on-site build, test plan execution, results analysis, executive readouts, and handoff to post-sales.
- Partner with account teams (Account Executives, SEs, Channel Managers) as the lead technical authority on NGFW, Maestro, and AI security opportunities; translate customer business requirements into winning technical solutions.
- Architect, demonstrate, and validate NGFW platforms across on-prem, colo, hybrid cloud, and AI factory environments, with a focus on high availability, elastic scale, low-latency throughput, and Zero Trust segmentation.
- Design and demonstrate Check Point Maestro hyperscale deployments, including multi-stack scaling, multi-MHO orchestration, security group design, and seamless inter-site / inter-DC interconnect.
- Engineer reference designs and POC topologies for the underlying data center fabric required to support Maestro orchestration, micro-segmentation, and east/west inspection at scale across leaf/spine and EVPN-VXLAN topologies.
- Demonstrate and validate Nvidia BlueField DPU integrations at 100 GbE (and emerging 400 GbE) for accelerated security services, including DOCA familiarity, host onboarding, and performance benchmarking.
- Architect and showcase security for AI factories and AI-ready data centers, including GPU cluster east/west protection, secure multi-tenant model training and inference fabrics, and high-throughput inspection points across RoCEv2 / InfiniBand-adjacent networks.
- Lead AI security POVs across the GenAI stack - securing RAG pipelines (vector DB access, embedding integrity, data poisoning, prompt-injection defense), MCP servers and agentic tool-use workflows, model and inference endpoints, and shadow-AI discovery - aligned to OWASP Top 10 for LLMs, MITRE ATLAS, and NIST AI RMF.
- Position and demonstrate AI-SPM (AI Security Posture Management), DLP, and CASB-style controls to govern enterprise GenAI usage and protect sensitive data in transit to public and private LLMs.
- Architect and demonstrate integrated SASE / SD-WAN solutions with data center security, delivering unified policy across user-to-app, branch-to-DC, and DC-to-cloud traffic flows.
- Develop and deliver technical enablement - instructor-led training, hands-on labs, design workshops, lunch-and-learns, and reference materials - for customers, partners, and internal field teams across the Americas.
- Lead competitive evaluations, bake-offs, and migrations between Check Point and other NGFW platforms (Palo Alto, Fortinet, Cisco, Juniper, Zscaler, etc.); produce HLDs, LLDs, BoMs, design guides, and operational runbooks.
- Represent the company at customer briefings, executive business reviews (EBRs), partner events, regional trade shows, and industry conferences across the Americas.
- Provide structured field feedback to Product Management and Engineering on customer requirements, competitive gaps, and emerging use cases - particularly in AI security and AI infrastructur e.
Requirements
-
8+ years in network security, with significant time in a customer-facing pre-sales, solutions architect, or sales engineering role.
-
Demonstrated track record owning and winning NGFW and Maestro POVs / POCs end-to-end, with strong stakeholder management through to technical decision and commercial close.
-
Extensive hands-on NGFW experience in enterprise data center and hybrid cloud environments - not branch / campus only.
-
Strong production experience with Check Point Maestro hyperscale architectures, including multi-MHO topologies, security group design, and inter-stack interconnect.
-
Hands-on experience with at least one additional Tier-1 NGFW platform at comparable scale (Palo Alto PAN-OS / Strata, Fortinet FortiGate, Cisco Secure Firewall / Firepower, Juniper SRX, or equivalent).
-
Working knowledge of SASE / SSE / SD-WAN architectures and modern threat prevention services - IPS, anti-bot, anti-malware, sandboxing/threat emulation, URL filtering, TLS/SSL inspection, DNS security, and CDR.
-
Demonstrated understanding of AI security across the GenAI lifecycle, including:
-
RAG pipeline security (vector store hardening, embedding leakage, data poisoning, retrieval injection)
-
MCP (Model Context Protocol) server exposure and agentic tool-use risk
-
LLM application security aligned to OWASP Top 10 for LLMs, MITRE ATLAS, and NIST AI RMF
-
AI-SPM, model supply chain risk, and shadow-AI / GenAI usage governance
Familiarity with AI data center / AI factory concepts: GPU cluster networking, RoCEv2 / InfiniBand awareness, Nvidia Spectrum-X and DGX reference architectures, and secure east/west insertion for training and inference workloads.
Exposure to AI smart factory / Industry 4.0 environments, including IT/OT convergence, IEC 62443-aligned segmentation, industrial protocol awareness (Modbus, OPC UA, Profinet, EtherNet/IP), and securing AI-driven automation, computer vision, and predictive maintenance workloads.
Proven experience designing and delivering technical enablement (ILT, VILT, hands-on labs, workshops) to customers and partners.
Deep data center switching expertise: L2/L3, VLAN/VXLAN, EVPN, BGP, LACP/MLAG, and the design considerations for inserting firewall clusters into modern leaf/spine fabrics.
Hands-on experience with Nvidia BlueField DPUs (or comparable SmartNIC / IPU platforms) at 100 GbE, including provisioning, offload configuration, DOCA familiarity, and performance troubleshooting.
Excellent written, verbal, and whiteboarding skills; able to present credibly to network/security engineers, enterprise architects, and C-level stakeholders (CISO, CIO, CTO).
Comfortable traveling 20-30% across the Americas, including occasional LATAM travel; valid passport required.
Spanish or Portuguese language skills are a plus given LATAM coverage. Nice to Have
- CCIE / CCNP, CCSE / CCSM / CCTE, PCNSE, NSE 7+, or equivalent industry certifications.
- Check Point Certified Trainer (CCSI) or equivalent formal training credential.
- Prior experience in a vendor or VAR pre-sales SA / SE organization with regional or theater-level coverage.
- Hands-on experience with GenAI security platforms (Check Point GenAI Protect, Palo Alto AI Runtime Security, Protect AI, Prompt Security, Lakera, Robust Intelligence) and guardrail frameworks (NeMo Guardrails, Llama Guard, Guardrails AI).
- Exposure to Nvidia AI reference architectures (DGX SuperPOD, Spectrum-X, BlueField DOCA) and AI factory / smart manufacturing deployments.
- Automation and Infrastructure-as-Code experience (Ansible, Terraform, Python) for firewall policy, fabric, and security service orchestration.
- Familiarity with cloud-native security (CNAPP, CWPP, CSPM) and container/Kubernetes security in AI/ML pipelines.
- Experience with DPU-accelerated security and networking use cases (DOCA, OVS offload, line-rate telemetry, in-line threat inspection).
Location & Travel Requirement Candidate must be based in the Dallas / DFW metro area - this is an on-site role at our local hub when not traveling.