This role is located in New York City and will require a hybrid work schedule of at least 2 days in office per week.Depending on experience, this role is open to Vice President or Assistance Vice President level candidates.
Department Overview:The Americas Division ("AD") was established in the Sumitomo Mitsui Trust Bank, Limited, New York Branch) ("SMTBNY") to perform corporate functions and supervise U.S. entities. Established under the AD are the "Global Banking Unit ("GBU"), Americas Division" and "Global Markets Unit ("GMU"), Americas Division" which performs business functions. The Information Technology Department ("ITD") provides the users of the Branch's information systems with sufficient and appropriate system resources and functionality to complete their day-to-day business and keeps security and consistency of the important information that is stored in the systems.
Your Position Overview:Fully knowledgeable in the day-to-day operations of enterprise network, cybersecurity, and AWS cloud environments. Resolves complex issues requiring expertise in interpreting policies, security frameworks, and operational guidelines. Acts as a subject matter expert across networking, firewall security, and cloud infrastructure. Focuses on hands-on operational execution while contributing to strategic planning and implementing new projects. May manage or mentor junior staff and collaborate closely with operations and security teams.
Your Duties and Responsibilities:
- Manages and maintains Fortinet firewalls and Cisco switches across corporate offices and data centers, including firewall policy conversion, rule optimization, and traffic validation.
- Designs, optimizes, and audits firewall rule sets aligned with NIST, CIS Benchmarks, and internal security standards.
- Performs cybersecurity audits, identifies security gaps, and leads remediation efforts to meet regulatory and organizational requirements.
- Design and optimizes network architectures to improve performance, reduce latency, and ensure scalability and resiliency.
- Configures and troubleshoots routing protocols including MPLS, EIGRP, BGP, and OSPF across enterprise and cloud environments.
- Administers and supports Cisco ISE for network access control and policy enforcement.
- Designs, implements, and troubleshoots NAT configurations (Static NAT, Dynamic NAT, PAT).
- Implements and supports WAN solutions, including policy-based traffic steering, failover mechanisms, and performance troubleshooting.
- Administers cloud security and Zero Trust architecture, including secure web access, proxy configurations, and remote user access controls.
- Manages AWS networking and security services, including VPC design, security groups, NACLs, VPNs, and monitoring/logging integrations.
- Implements and maintain threat protection controls, including DDoS mitigation, IDS/IPS, and collaborates with SOC teams for incident response.
- Leads advanced troubleshooting efforts using packet captures, log analysis, and performance diagnostics.
- Collaborate with vendors such as Cisco, Fortinet, KEMP, and AWS to resolve complex networking and security issues.
- Administers CyberArk Privileged Access Management (PAM), including credential vaulting, access policies, and compliance enforcement.
- Develops and maintains technical documentation, including firewall rules, network diagrams, and audit evidence.
- Creates automation scripts using Python, Bash, or PowerShell to improve operational efficiency and streamline audits.
- Works closely with IT Operation teams, providing technical guidance while remaining hands-on in engineering and troubleshooting.
- Support infrastructure technologies such as VMware vSphere, Windows Server, Active Directory, and enterprise storage (NetApp, Pure) (preferred).
- Engineer and implement new infrastructure and security solutions.
- Perform system upgrades, patching, and routine maintenance activities.
- Update procedures and documentation in response to system and environmental changes.
- Assist in planning and executing disaster recovery (DR) tests.
- Perform additional duties as assigned by management.
Your Qualifications:- 7+ years of experience in network engineering and cybersecurity.
- Strong expertise in Fortinet firewalls and Cisco networking technologies.
- Advanced knowledge of routing protocols (BGP, OSPF, EIGRP, MPLS).
- Hands-on experience with AWS networking and cloud security services.
- Deep understanding of network security principles, Zero Trust architecture, and compliance frameworks (NIST, CIS Benchmarks).
- Experience with Cisco ISE and CyberArk PAM solutions.
- Strong knowledge of NAT, VPNs, WAN technologies, and high availability design.
- Advanced troubleshooting skills using packet capture tools and log analysis.
- Experience with automation scripting (Python, Bash, PowerShell).
- Familiarity with VMware ESXi / vSphere 8.x or higher, and Storage technology.
- Experience with data center infrastructure, hybrid cloud environments, and disaster recovery planning.
- Strong organizational, analytical, and multitasking capabilities.
- Proven project management and execution skills.
- The Employee Benefits package includes: Paid Time Off, medical, HSA, vision, dental, FSA, 401(k), profit sharing, legal plan, cancer indemnity plan, disability insurance, life insurance, employee assistance program, commuter benefits, business travel accident, paid volunteer day, paid memberships, paid seminars, and tuition assistance.
- We offer many socialization opportunities for wellness, financial wellbeing, runs/walks, team building, happy hours, and activities to support the Sustainable Developmental Goals.
Check out our LinkedIn for our employee experience: https://www.linkedin.com/company/smtbny
