Enterprise Cloud & Network Security Architect

Job Description

• The enterprise cloud & network security architect will lead the design, development, implementation, and operation of the hybrid cloud security strategy (public/private) directly contributing to the global infrastructure and across all type of consumption method IaaS/PaaS/SaaS.
• Serve as the network security (LAN/WAN/Wi-Fi/Cellular) central point of contact for other technology teams within the organization.
  • Oversee the design and build of network & security-specific solutions. Plan systems by evaluating network and security technologies; developing requirements for Local Area Networks (LANs), Wide Area Networks (WANs), Virtual Private Networks (VPNs), Routers, Firewalls, and related security & network devices.
• Develop cloud and network security policies, processes, technical controls, and governance model in compliance with industry standards and regulatory guidelines.
• Design, deploy and operate the Security-as-a-Service and work with product engineering, IT infrastructure, and business application development organizations to implement adequate security controls under guidance of corporate security policies and standards.
• Keep track of emerging security threats, technology trends and maintain agile solution framework that can align to growing need of organization while offering resilient cyber security control.
• Work with partner organization to manage cloud and network Security operations. Operate in-scope cyber security controls at highest assurance level.
• Maintain and report on committed SLA level for Security-as-a-Service KPIs.
• Identify the white space to implement most cost-effective means of achieving organizational goals.
• Be champion of cyber security discipline and participate/offer user training, educational sessions to internal / external users.

• 12+ years of experience as security engineer/architect - must have worked on large enterprise-wide cloud and network security policy, process, and technology implementation.
• Industry recognized certifications are a plus - e.g., CISSP, CCIE, MS AZ-500 or similar
• In-depth knowledge of NIST CSF -1.1, NIST SP 800-53, NIST SP 800-207, NIST SP 800-160, NIST SP 800-144, NIST SP 800-41, NIST SP 800-42, NIST SP 800-48
• In-Depth knowledge of Microsoft 365, Microsoft Azure and VMWare security technology and services:
  • Web Application Firewall / Gateway, Azure AD and AD Domain Services, Azure DDoS Protection, Azure HSM and Key-Vault, Azure Defender, Azure Attestation, Azure Defender IoT, Azure Information Protection
  • Microsoft Enterprise Mobility, MS Intune, MS Endpoint Configuration Manager, MS Defender for Identity, MS Secure Score
  • VMware Carbon Black, VMware NSX
• Extensive experience in network security controls: Zero Trust Network Access, Cloud Access Security Broker, NGFW, IDS/IPS and Remote-Access technology design and operations.
• Bachelor's degree in Engineering or related field.

• Strong understanding of security products and vendors, relevant technologies and trends, and industry standards.
• Demonstrated experience in gathering and transforming business requirements into a comprehensive technology solution definition.
• Strong team player - work with internal and external stakeholder to solve problems and actively incorporate input from various sources.
• Excellent communication skills and collaborative working style. Strong critical thinking and analytical skills and ability to think "out of the box" required.
• Willing to travel
• Bachelor's degree in Engineering or related field