Senior Network Perimeter Security Architect

Benefit Information:

ABM offers a comprehensive benefits package. For information about ABMs benefits visit:

Recruiting Flyer - Staff & Mgmt

1.1 Job Description

ABM is currently seeking an initiative-taking and experienced Senior Network Perimeter Security Architect. This role is responsible for the leading design implementation and management of our enterprise perimeter security infrastructure. Must architect robust defenses against external threats while ensuring scalability compliance accountable for the technical aspects of the enterprise information security architecture stability and resiliency related to network security solutions and operational efficiency. This role requires deep expertise in firewalls intrusion detection/prevention systems (IDS/IPS) cloud perimeter security and secure access technologies. The Senior Network Perimeter Security Architect works closely with many diverse and dynamic teams including but not limited to: Security Engineering IT Infrastructure Network Engineering Application Development Security/IT Operations Security Audit & Compliance and our End Users. This position is also responsible for architecting solutions to secure business-to-business initiatives third-party relationships outsourced solutions and vendors.

1.2 Responsibilities:

In the role of the Senior Network Perimeter Security Architect you will:

Design and maintain the enterprises perimeter security architecture including firewalls secure web gateways VPNs proxies and DDoS mitigation.

Evaluate and recommend next-generation firewall (NGFW) and threat prevention technologies.

Lead architecture reviews and risk assessments for new network and cloud deployments.

Develop and enforce security standards policies and procedures related to perimeter defense.

Collaborate with network engineering cloud operations SOC and application security teams.

Provide expert-level guidance on secure network segmentation micro segmentation and zero trust principles.

Lead security architecture initiatives in hybrid cloud environments integrating on-prem virtual and cloud native controls.

Evaluate new security tools conduct POCs and lead deployment strategies.

Respond to and analyze security incidents involving perimeter technologies.

Support regulatory and compliance initiatives (e.g. PCI DSS HIPAA ISO 27001 NIST).

Mentor junior team members and provide technical leadership across projects.

Proactively analyze identify and resolve performance bottlenecks.

Assist with strategy implementation and recovery point/time objective for business continuity and disaster recovery.

Stay up to date with cybersecurity threats risks and vulnerabilities with potential impact on services.

Form relationships with colleagues in operations engineering software development and risk management.

Collaborate with IT and cybersecurity leadership to develop practices to reduce attack surface as well as countermeasures to impede internal threats and external attackers.

Attend project and implementation meetings and advise on secure application and infrastructure configurations.

Be willing to work nonstandard business hours for projects business impact issues and incident response.

Assist in the definition of the strategy and technology roadmap for Network Security Architecture assess and deliver fit for purpose technical security solutions.

Identify plan and execute needed security changes to existing methods and techniques used throughout the organization.

Lead projects and initiatives with broad scope and high impact to the business and be a recognized expert in Network Security.

Define key performance indicators objectives and key results and metrics to illustrate efficacy with cloud infrastructure and applications.

Maintain detailed documentation including diagrams configurations and procedures.

1.3 Technical Qualifications:

Familiarity with Azure AWS and GCP.

SaaS solutions such as Salesforce Workday MS Office 365 SAP OCF.

Identity and Access Management (IAM) platforms and related protocols such as SAML SPML XACML SCIM OpenID and OAuth.

Experience with Zero Trust Network Access (ZTNA) cloud-based security platforms like Zscaler (ZIA/ZPA).

Understanding corporate network monitoring and security and common network protocols such as TCP/IP VLANS DNS DHCP BGP OSPF RADIUS WIFI.

Networking and firewalls CISCO FortiGate Meraki Checkpoint Juniper Palo Alto and Virtual Firewall appliances.

Experience managing 200 Firewalls in an Enterprise.

Firsthand experience with VMware NSX including NSX-T and NSX-v with focus on micro segmentation and distributed firewalling.

Experience implementing and managing End-point protection using Microsoft Intune.

Experience with Web-Application Firewalls implementing and managing.

Familiar with operating systems including Linux Microsoft Windows 11 and Server.

1.4 Preferred Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science Information Systems or related field.

Possess 7 to 10 years of experience in IT and security operations 5 to 7 years in an architecture or lead role with a focus on cyber/perimeter network security.

Deep expertise with enterprise-class firewalls (e.g. Palo Alto Fortinet Meraki Cisco ASA/Firepower).

Strong understanding of IPS/IDS SSL decryption NAC and secure remote access solutions.

Experience with cloud-native security controls across AWS Azure or GCP (e.g. security groups WAFs transit gateways).

Knowledge of routing switching VPNs (IPSec SSL) BGP and SD-WAN security.

Familiarity with zero trust architecture and modern network access models.

Possess industry certifications such as CISSP CCSP CCNP Security Palo Alto PCNSE or similar qualifications.

5 years of experience with Cisco Identity Service Engine (ISE) or another 3rd party Network Access Control (NAC) product.

Ability to comprehend complex technical infrastructure managed services and third-party dependencies.

Knowledge in one or more: NIST 800-144 CIS CSA-CCM ISO ( 27001).

Experience with Automation/Cloud Tools (e.g. Ansible Terraform Kubernetes Puppet Python JavaScript Bash)

Enterprise Network Monitoring software experience (SolarWinds Orion).

Experience developing strategies for implementation of QoS and Multicast.

Experience with packet capture and analysis tools NetFlow IP SLA etc.