Principal Network Architect - Network Security (Hybrid)
Description3 Days Hybrid from any of our locations in RI, NJ, MA, NC, TX or AZ Role is not relocation eligible. At Citizens, we invest in the humans who build the logic, ideas, and innovations that bring new technologies to life. As Principal Network Architect - Network Security, you will be instrumental in bringing innovative ideas to fruition. Your role will be central to the successful integration of disruptive technologies within the organization. As part of our team, you’re made ready for a fulfilling career with exciting new challenges and opportunities to stretch yourself. You will be responsible for providing architectural mentorship and oversight at a Company Platform level, including its supporting Technical Platform with a deep understanding of technology capabilities and comparative industry trends. You will incorporate a strong consultant-oriented approach and work cross functionally with both technical and nontechnical teams, including business development, product management, software engineering, cybersecurity and departmental executives to drive tangible results. You will have the opportunity to present designs and ideas to an Architecture Review Board and to Technology and Business senior management. Most importantly, you’ll feel valued for who you are and supported to achieve what’s important to you, personally and professionally!Primary responsibilities include
Security Architecture: Design and implement secure network architectures in AWS, Azure, and on-premises data centers, ensuring high availability, performance, and scalability. This includes:
Developing and documenting network security standards and guidelines. Conducting security assessments and penetration testing to identify vulnerabilities. Implementing network segmentation and access control mechanisms.
Firewall Administration: Manage and optimize the configuration of firewalls (e.g., Palo Alto Networks) to prevent unauthorized access and data breaches. This includes:
Developing and implementing firewall rules and policies. Monitoring firewall logs and alerts for suspicious activity. Performing regular firewall updates and maintenance.
Load Balancing: Implement and manage load balancers (ALB/NLB) to ensure high availability and optimal performance of critical applications. This includes:
Configuring load balancing algorithms and health checks. Monitoring load balancer performance and capacity. Troubleshooting load balancing issues.
Compliance: Ensure adherence to industry regulations (e.g., PCI DSS, SOX, GLBA) and internal security policies. This includes:
Conducting regular security audits and risk assessments. Implementing security controls to meet compliance requirements. Staying up-to-date on the latest security regulations and best practices.
Automation and Orchestration: Develop and implement automated processes to improve efficiency and reduce the risk of human error. This includes:
Automating tasks such as access requests; VIP creation, etcUtilizing scripting languages (e.g., Python, PowerShell) and automation tools (e.g., Ansible, Terraform).
Threat Response: Collaborate with security teams to investigate security incidents, identify vulnerabilities, and implement effective countermeasures.
Vendor Collaboration: Manage relationships with security vendors (e.g., F5, Netskope, Palo Alto Networks, Akamai) to ensure optimal performance and support.
Tier 4 On-Call Support: Provide Tier 4 on-call support for all network technologies, including firewalls, load balancers, and cloud infrastructure. This support will be required for major incidents classified as P1 or P2.
Qualifications, Education, Certifications and/or Other Professional Credentials
Education: Bachelor's degree in Computer Science, Information Security, or a related field preferred, or equivalent experience.
Experience: 5+ years of proven experience designing and implementing secure network architectures in complex enterprise environments.
Technical Skills:
In-depth knowledge of network security protocols (TCP/IP, BGP, OSPF), cloud security best practices, and web application firewalls (WAF).Extensive experience with security technologies such as Palo Alto Networks firewalls, F5 load balancers, and Akamai CDN.Strong understanding of network segmentation, access control, and intrusion detection/prevention systems.
GRC Expertise: Familiarity with GRC frameworks (e.g., NIST, ISO 27001) and the ability to translate security requirements into technical solutions.
Automation Skills: Proficiency in scripting languages (e.g., Python, PowerShell) and experience with automation tools (e.g., Ansible, Terraform).
Cloud Experience: Hands-on experience with AWS and Azure cloud environments, including security best practices for multi-cloud design.
Certifications: CISSP, CCNP Security, or other relevant certifications are a plus.
Hours & Work Schedule
Hours per Week: 40-50
Work Schedule: weekdays, Monday - Friday during business hours; with change windows in the evenings and weekends
Pay Transparency The salary range for this position is 162400 - 243600 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits .Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.Equal Employment OpportunityAt Citizens, we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity EmployerCitizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.Why Work for UsAt Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growthBackground CheckAny offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.12/10/2024