Job Title: Senior Network Architect/Admin
Location: Chicago IL 60605 /New York City, NY -- 4 days
onsite, 1 day remote
Perm/FTE Role
Job Summary:
The Senior Network Architect & Administrator ensures the network is fast, resilient, secure, and audit ready—a foundational requirement for trading operations, client trust, and regulatory compliance. This role is instrumental in advancing the firm’s Zero Trust strategy, cloud modernization, and long-term technology roadmap.
Job Details:
Senior
Network Architect & Administrator
Position
Overview
- The Senior Network Architect & Administrator is a
critical technical leader responsible for designing, implementing, and
maintaining a highly available, low latency, and secure enterprise network
infrastructure.
- This role blends strategic architecture with hands on
engineering, ensuring the network can support the demanding needs of
trading systems, financial partner connectivity, cloud expansion, and
regulatory compliance.
- The ideal candidate brings deep expertise in
enterprise networking, hybrid cloud architecture, Zero Trust principles,
and financial sector connectivity requirements.
This position is essential to building a resilient, scalable, and secure network foundation that enables the firm’s growth and protects mission critical operations.
Key
Responsibilities
Enterprise Network Architecture & Modernization
- Architect and maintain a
multi-tier, highly available enterprise network supporting trading,
clearing, research, and client facing platforms.
- Design and enforce advanced
network segmentation for users, servers, trading systems, cloud workloads,
and privileged administrative zones.
- Lead the development of a Zero
Trust Network Architecture (ZTNA), including micro segmentation, identity
aware routing, and continuous verification.
- Engineer secure, redundant
partner connections (DTCC, BNYM, Bloomberg, MarketAxess, ArrowStreet)
using dedicated circuits, VPNs, private connectivity, and strict ACLs.
- Integrate cloud networking (AWS,
Azure, GCP) with secure routing, private endpoints, and unified policy
enforcement across hybrid environments.
Perimeter,
Cloud, and Application Security Hardening
- Architect and administer next
generation firewalls (NGFW) with IPS, TLS inspection, sandboxing, and
threat intelligence integrations.
- Deploy and maintain Web
Application Firewalls (WAF) and API gateways supporting trading platforms
and client portals.
- Strengthening cloud security
posture using CSPM, CNAPP, and cloud native controls (Security Groups,
NACLs, PrivateLink, IAM boundaries).
- Implement secure remote access
solutions using ZTNA, MFA, device posture checks, and continuous session
monitoring.
- Standardize encryption protocols
(TLS 1.2/1.3, IPsec, MACsec) across internal, external, and partner
connections.
Network
Monitoring, Performance, and Threat Visibility
- Build and maintain a unified
network monitoring and logging architecture across firewalls, routers,
switches, cloud networks, and partner circuits.
- Collaborate with security teams
to integrate network telemetry into SIEM platforms (Splunk, Sentinel,
QRadar, Elastic).
- Develop detection logic for
anomalous trading activity, insider threats, credential abuse, and partner
circuit deviations.
- Participate in threat hunting
activities and support automated response workflows through SOAR
integrations.
Identity,
Access, and Privileged Access Controls
- Integrate network infrastructure
with centralized IAM platforms (Azure AD/Entra, Okta, Ping) for SSO, MFA,
and conditional access.
- Implement and maintain Privileged
Access Management (PAM) for network administrators and service accounts.
- Define and enforce RBAC and least
privilege models across network, cloud, and application layers.
- Ensure IAM and network logs feed
into SIEM for real time detection of credential misuse.
Governance,
Compliance & Partner Connectivity Assurance
- Develop and maintain network
security standards and policies for segmentation, encryption, firewall
rules, cloud access, and partner circuits.
- Conduct risk assessments for all
P2P and financial partner connections.
- Define onboarding/offboarding
processes for new business partners, including security validation and
continuous monitoring.
- Ensure compliance with FFIEC,
SEC, FINRA, SOX, and internal audit requirements.
- Create and maintain runbooks and
playbooks for network incidents, partner link outages, and trading system
disruptions.
Qualifications
Required
- 8+ years of experience in
enterprise network engineering, architecture, or administration.
- Expert level knowledge of
routing, switching, firewalls, VPNs, SD WAN, and network segmentation.
- Hands on experience with NGFW
platforms (Palo Alto, Fortinet, Check Point, Cisco Firepower).
- Strong understanding of cloud
networking (AWS, Azure, GCP) and hybrid connectivity.
- Experience supporting trading
systems or financial sector connectivity.
- Familiarity with regulatory
frameworks (FFIEC, SEC, FINRA, SOX).
Preferred
- Certifications such as CCNP/CCIE,
PCNSE, NSE7+, JNCIP/JNCIE, or equivalent.
- Experience with Zero Trust, SASE,
CASB, and modern remote access technologies.
- Proficiency in automation and
scripting (Python, PowerShell, Ansible).
- Experience designing network
architectures for high availability, low latency environments.
* The pay range listed above reflects the expected
starting salary /Pay rate for this role. This range may be adjusted based on
market conditions, location, and other relevant factors. The Company will
determine the final starting salary/Pay rate in consultation with the selected
candidate(s), in full compliance with applicable laws