Arista Certified Engineer (ACE) L3 certification is required
AWS Certified Cloud Practitioner, Google Professional Cloud Architect, Azure Solutions Architect Expert (One or more Required)
Cisco Certified Network Professional (CCNP), Arista Certified Engineer ACE: L3 or higher, Palo Alto Networks Certified Network Security Engineer (PCNSE) (One or more required)
Job Summary
Responsible for creating new network and network security architecture documents and designing complex network solutions that meet the organization's requirements for performance, automation, resiliency, scalability, security, and compliance. Work closely with the Lead Architect, Lead Engineers, and other IT teams, such as infrastructure, security, and applications, to ensure that the network is designed to meet the organization's needs.
Utilize standard architecture templates to design network and network security solutions and strictly adheres to enterprise standards.
Design comprehensive secure network solutions by carefully selecting hardware and software components, ensuring optimal alignment with project requirements and objectives.
Assists the Lead Architect in activities of the Network Architect Team, ensuring seamless collaboration and alignment with organizational objectives.
Research and recommend innovative technologies and approaches for network and network security management, upgrades, or improvements.
Perform complex technology and system assessments, collect business and technical requirements, and employ advanced methodologies to assess the efficiency and effectiveness of existing systems.
Create detailed network and network security documentation, including network diagrams and provide clear guidelines and seamless handover to network engineering team.
Incorporate network and network security principles and practices into network architecture, ensuring the implementation of effective security controls, such as firewalls, intrusion detection systems, and encryption protocols, to safeguard the network against cyber threats.
Assessing network capacity requirements based on current and projected usage patterns and planning for scalability to accommodate future growth and changing business needs.
Use approved architecture templates to produce and maintain documentation with regards to design and architecture principals that will aid engineers in building, configuring, and testing of new systems or system changes.
Maintain service level agreements of SNS metrics, key performance indicators and adhere to strict project timelines.
Maintain/Improve security posture, promptly addressing design issues, vulnerabilities, and security requirements according to regulatory guidelines (PCIDSS, PII, CIS, NIST)
Required:
Experience with architecture and design principles.
Experience in network and network security architecture, design, and documentation of medium-large scale enterprise networks (10,000+ users)
Experience with Cisco and Arista enterprise technologies, such as:
Layer 2 LAN technologies (STP, VLANs, VTP, LACP)
High availability technologies (VPC, SVL, HSRP, VRRP, MLAG)
Experience with designing Network Access Control (NAC) solutions (Forescout/Cisco ISE)
Experience in designing secure and scalable network solutions for Cloud environments.
Familiarity with Certificate management (Venafi), Cryptographic protocols and algorithms, certificate PKI.
Familiarity with Infoblox DNS/IPAM functions.
Familiarity with Cloud computing principles.
Familiarity with Automation/scripting experience (Python, Ansible)
Familiarity with Network performance optimization, capacity planning and load balancing.
Familiarity with the following monitoring platforms: Microsoft SevOne, SolarWinds, DataDog, Splunk)
Familiarity with Information Security concepts, practices, and procedures, encompassing all aspects of safeguarding information assets.
Familiarity with Information Security programs including, but not limited to, audit reviews, risk assessment, awareness and training, identity and access management, data protections, secure SDLC, incident management, disaster recovery procedures, vulnerability assessment, penetration testing, third-party assessment, secure configurations, and patch management.
Familiarity with Cryptographic protocols and algorithms.
Familiarity with government regulations, compliance and requirements related to Information Security (e.g., GLBA, GDPR, SOXA 404, FFIEC, PCI, Privacy, HIPAA, etc.).
Familiarity with emerging technologies, such as 5G, software-defined networking (SDN), and network functions virtualization (NFV).
EDUCATION AND EXPERIENCE
Bachelor's degree in computer science, information technology or a related field.
10+ years of relevant experience in Network or Information Security, or an equivalent combination of education, training and experience.
Financial services experience highly preferred.
Cisco Certified Internetwork Expert (CCIE) is Preferred
ITIL v3 Master Certification (Preferred)
Security and control certifications (CISSP, CISM, CISA, CRISC) (Preferred)GIAC/SANS Certificates (Sec504/Sec560) (Preferred)