Sr. Network Security Architect

AES Corporation

Aug 29

Job
Full-time
Expert Level
Indianapolis
Remote
Quick Apply

AI generated summary

You need strong cybersecurity documentation skills, cloud security knowledge, experience with security tools, vulnerability discovery, effective communication, relevant certifications, and scripting capabilities.
You will enhance network security controls, design NAC and VPN solutions, manage Zscaler deployment, monitor performance, conduct audits, respond to incidents, and train global teams on cybersecurity.

Requirements

Demonstrable experience in defining, reviewing, analyzing, and creating cybersecurity documentation, including actionable security standards, implementation procedures, cyber risk assessments, cyber security audits, remediation plans, and cyber control guidelines.
Solid grasp of security controls in Physical (network, platforms) and Cloud environments (i.e., IaaS, PaaS, SaaS, multi-cloud).
Familiarity with Cloud Security Alliance (CSA) guidelines.
Extensive experience in the development and delivery of security-level agreements and metrics via real-time reporting and alerting dashboards (SharePoint, Power BI, SQL, Office 365, Microsoft Teams).
Proficient with a broad array of security software applications and data leak protection tools with an emphasis on Zscaler and Cisco security technologies.
Detailed understanding of network-related modern systems including firewalls, encryption, network access control, wireless and wired secure access, SD-WAN, SD-Access, secure remote network access, and password protection and authentication.
Understanding of cyber security frameworks for the OT environment including Industrial control systems (ICS)—the devices, controls, and networks that handle different industrial processes—, supervisory control and data acquisition (SCADA) systems, and distributed control systems (DCS).
Solid understanding of cyber-security technologies like AV, Sandbox, IPS, IDS, NGFW, and WAF.
Very solid background with vulnerability discovery and demonstration of exploitations.
Ability to see through bad actors’ eyes and find ways to break open the cyber security protocols and technologies embraced within the organization.
A data-driven, problem-solving, curious candidate with strong analytical skills and who is not afraid to challenge the status quo.
A self-starter with a goal-oriented, can-do attitude who is comfortable communicating cyber concepts, and risk management to all levels of personnel.
Ability to influence other IT professionals, including network engineers, digital support, application owners, project managers, and system managers, to integrate security network controls into existing systems and processes.
Proven ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts in clear, concise, and understandable terms.
Bachelor's degree required in technology, information security or related fields or equivalent work experience.
Demonstrated ability in computer systems with some specialization in computer security highly preferred.
Knowledge of foundational security controls and how they protect an enterprise environment.
Relevant certifications (e.g., Certified Information Systems Security Professional - CISSP, Certified Information Security Manager - CISM).
Very strong capacity to create new exploits or craft existing exploits to identify security loopholes in the network control cyber security plane.
Experience with PowerShell and SQL query creation and modification.
Scripting - Working knowledge of computer programming language.
This is a remote position; however, we require that the candidate be located close to one of the AES locations.
Some travel required (~15-20%)

Responsibilities

Analyze existing network security controls and strengthen the controls that could make vulnerability exploitation more likely – such as Data Loss Protection, technical debt, etc.
Design and implement a global NAC solution (e.g. Cisco ISE) to control and authenticate network access including port-based network access control 802.1X.
Research and propose new VPN, ZTNA, and VPN-less access solutions to provide secure remote access for authorized users and site-to-site remote access.
Design, architect, and deploy Zscaler cloud-based solution infrastructure across SDWAN-based sites.
Manage implementation plans and operations supervision of Zscaler solutions (ZIA, ZPA, ZDX, etc.).
Proactively monitor reporting and consumption information along with policy configurations of Zscaler technologies and make ongoing recommendations to improve the overall experience.
Review and architecture restricted access to contractors and third-party employees to ensure security and reliability in a self-service environment.
Develop and automate tools and techniques to scale and accelerate network offensive emulation, anomaly detection, and vulnerability discovery using AI technology. Collaborate with teams to influence implementation, measurement, and mitigation of these vulnerabilities.
Develop, improve, and communicate a compelling strategy and roadmap for network vulnerability and data leak prevention management.
Design, implement, maintain, monitor, and support company-wide network security best practices. Draft and share network services configuration hardening standards.
Build relationships with cyber security teams, network operations, digital assets support, and business areas in support of the global data protection initiative.
Measure, report, and automate the network security team’s performance against objectives, policy compliance targets, and network security goals (e.g., SLAs, KPIs, KRIs, OKRs).
Install security measures and operate software to protect systems and information infrastructure, including assisting with firewalls security rules, and data security implementation. Regularly review and request updates of firewall rules and configurations to address emerging security risks.
Collaborate with analysis and responses to alerts generated by IDPS tools.
Conduct regular security audits of network infrastructure and devices.
Understand secured web traffic flow standards and custom application-based traffic and design firewall and proxy services.
Expect to assist as L3 SME for critical business impact P0/P1 network security escalations during operational and non-operational hours.
Provide data and root cause analysis of network security incidents with corrective actions for improvement. Fix detected vulnerabilities.
Closely working with compliance and internal audit departments to ensure network security standards are in place, enforced, and maintained, and provide evidence samples according to the requirement.
Research upcoming trends in information technology and security, stay updated on potential threats and attacks, and come up with preventive roadmaps.
Help develop and maintain network security content in the internal Knowledge Base.
Develop and provide network-related Cyber Security Training and improve network Cyber Security Awareness around the global network teams.

FAQs

What is the job title for this position at AES?

The job title is Sr. Network Security Architect.

What type of company is The AES Corporation?

The AES Corporation is a Fortune 500 company that is actively shaping the future of the global energy revolution.

What are the primary responsibilities of the Sr. Network Security Architect?

The primary responsibilities include architecting, designing, deploying, monitoring, maintaining, and refreshing secure global IT/OT network infrastructures, analyzing existing network security controls, designing and implementing network access control solutions, and collaborating with global teams to secure critical information assets.

What qualifications are required for this position?

Required qualifications include demonstrable experience in cybersecurity documentation, solid grasp of security controls in physical and cloud environments, familiarity with Cloud Security Alliance guidelines, extensive experience in security-level agreements, proficiency with security software applications, and a strong understanding of network security technologies.

Is a specific educational background required for this role?

Yes, a Bachelor's degree in technology, information security, or related fields, or equivalent work experience, is required.

What certifications are preferred for this position?

Preferred certifications include Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).

Is travel required for this position?

Yes, some travel is required, approximately 15-20%.

Does this position allow for remote work?

Yes, this position is remote; however, candidates are required to be located close to one of the AES locations.

What skills are important for candidates applying for this role?

Important skills include strong analytical skills, a data-driven problem-solving mindset, the ability to influence IT professionals, effective communication across all levels of the organization, and proficiency in scripting and programming languages.

What is the company's commitment to diversity and inclusion?

AES is committed to building strength and delivering long-term sustainability through diversity and inclusion, ensuring all qualified applicants receive consideration for employment without regard to various protected characteristics.

AES Corporation

Energy

Industry

5001-10,000

Employees

1981

Founded Year

Mission & Purpose

The world no longer thinks of energy as a matter of supply and demand. Now it’s a space for innovation and partnership. With this transformation comes a responsibility to work with a smarter approach, new thinking informed by past experiences, and with stronger collaboration between regulators and innovators, old systems and new technologies. At AES, we partner with our organizations from industries of every kind, across all markets and at every stage of development, and we’ve been doing it for decades. We know that every organization is at a unique place in their energy journey. A one-size fits all approach using outdated technology isn’t going to cut it. When you work with AES, you can expect to work in partnership with us to create innovative, customized energy solutions that deliver the most value to you and your energy goals while empowering the growth of your business.