The Network Security Architect serves as the expert in information security providing consultation and direction for the enterprise in designing, building, testing and implementing systems within Allstate’s network. The successful candidate will demonstrate a strong understanding of multiple information security domains and be up to date with industry accepted security standards, systems and authentication protocols. The individual will need to be comfortable with driving direction in complex / quickly evolving projects, be capable of coordinating with users to clarify/document requirements, and ensuring network improvements are implemented in a secure manner.
- Create, maintain and drive information security technology strategies and roadmaps related to Network Security, addressing from legacy Data Center network to Cloud network.
- Partner with the security group to plan and drive the implementation of the technology and its capabilities. Responsible for the architecture of the technology in Network Security, such as NG Firewall, Proxy/Reverse Proxy, IDS/IPS, Network Segmentation, SDN, SDP, etc.
- Set up best practices and provide directions and guidance of how to utilize the technology and its capabilities. Drive the development of security specifications, standards, and processes to ensure adequate protection of corporate network
- Work with other architects to design security solutions for applications or systems, and/or provide expertise and consulting to the project teams on appropriate security controls
- Help govern security standards and architectures associated with networksecurity
- Serve as an information security advisor to key technology and business stakeholders, establishing trust relationships through active engagement and collaboration
- 3+ years experience in understanding securityrisks, identifying gaps and creating strategies, roadmaps, and architecture directions and patterns. Demonstrated experience in driving strategies, architecture directions, universal architectures, and working across boundary to improve security posture for the organization
- 3+ years experience in designing, architecting, and implementing complex enterprise applications, infrastructures, platforms and systems, addressing security, performance, scalability, and reliability. Demonstrated ability to perform a risk-based approach to securing applications, databases or infrastructure based upon technology and business needs
- Extensive knowledge and 5+ years experience on one or more of the following
- Demonstrated strong knowledge andexperiences onnetwork theory, services, devices, technologies, and standards especially related tosecurity, including:
- Stateful inspection and next generation firewalls
- Web application firewalls
- Web proxies and caching appliances with content filtering
- Web Services Gateway
- Email gateways (Anti-virus, Anti-Spam, DLP)
- Server load balancers
- SSL VPN appliances
- Routers and switches
- Wireless networks
- Extensive knowledge ofnetworksecurityarchitectures and designs, including:
- Data Center (Your own or Co-Lo) Network Design
- B2B connectivity
- DMZ/Application hosting
- Remote access, including VPN, VDI, RDP, etc
- LAN/WAN networks
- 802. 1x and NAC
- ACI, ISE
- Cloud Network Design (AWS, Azure, etc) and Connectivity Architecture
- Technologies from Cisco, F5, Palo Alto, Citrix, InfoBlox, Bluecoat, VMWare etc
- General knowledge of informationsecurity, including:
- application security
- identity and access management
- data security
- threat intelligence
- compliance frameworks, and other regulatory requirements such as PCI and SOX.
- Network certifications (e. g. CCNP, CCIE) or Security certifications (CISSP)
- Strong ability to think strategically and be innovative
- Strong ability to look at big pictures, connect the dots and architect the solution
- Strong ability to drive and lead conversations, and collaborate well with all parties
- Strong ability to give direction, identify the path, and troubleshoot infrastructure and application problems
- Excellent communication skills, including listening, communicating with Sr. Leadership, business and all levels of IT groups.
- Self-motivated and passionate about network and security
- Be willing to take risks and be able to step up to take initiative
- Be a quick learner and adapter, and be willing to challenge oneself
Be good at writing concise, high-quality technical documents
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.