Network Security Architect
New York, NY

Job Description

Network security plays an ever-increasing role in our clients' businesses today. This preventive mechanism against vulnerability to data theft, can lead to an uncontrolled access-list sprawl, lack of methodology standardization for firewalls, and complex operations due to non-conforming architectures. At Deloitte, we help clients reimagine network security, not only to make it more manageable, but also to make it pervasive across the organization's environments. For example, as cloud adoption grows and transforms into business as usual, network security must account for environments beyond the hardware firewall in order to provide a comprehensive solution. Security is not a destination, but rather a journey that Deloitte Network Security practitioners embark on to help clients mitigate cyber risk in a borderless world.

Work you'll do

Our practitioners work collaboratively within integrated, cross-functional teams to provide broad-based network transformation projects to provide value for our clients. Network Security practitioners will be expected to bring infrastructure security expertise, helping other practitioners better estimate the effort involved with network transformation, identifying key milestones that need to be achieved to meet a client's ask, and be able to translate business requirements into technical specifications. Network Security practitioners are also asked to help perform current-state assessments for clients looking for an object perspective and provide thought leadership on where the industry is heading and the appropriate next steps. Moreover, Network Security practitioners are called upon to help propose, design, and implement modern network security enclaves that tick all the boxes that clients typically ask for, including scalability, flexibility, availability, and programmability. Finally, Network Security practitioners are expected to help client IT teams adopt new methods, own their new security infrastructure and help mentor junior Deloitte practitioners interested in network security.

The team

Cloud Engineering

Our Cloud Engineering team focuses on enabling our client's end-to-end journey from On-Premise to Cloud, with opportunities in the areas of: Cloud Strategy, Op Model Transformation, Cloud Development, Cloud Integration & APIs, Cloud Migration, Cloud Infrastructure & Engineering, and Cloud Managed Services. We help our clients see the transformational capabilities of Cloud as an opportunity for business enablement and competitive advantage.

Cloud Engineering supports our clients as they improve agility and resilience, and identifies opportunities to reduce IT operations spend through automation by enabling Cloud. We accelerate our clients towards a technology-driven future, leveraging vendor solutions and Deloitte-developed software products, tools, and accelerators.

Qualifications

Required

* Experience designing and working with next-generation firewall and intrusion prevention systems; this includes deploying appliances in routed or bridged modes and in varying high availability modes


* Experience deploying distributed and widely available remote access solutions, including SSL or IKEv2 VPN


* Experience deploying and troubleshooting site-to-site IPSEC tunnels from a variety of platforms


* Experience in rolling out micro-segmentation initiatives in the data center virtual environment


* Extensive experience designing and implementing network access control solutions across wired and wireless infrastructures; this includes understanding the 802.1X framework and other forms of authenticating client devices


* Experience troubleshooting and deploying solutions involving certificates and public key infrastructures - such as for 802.1X or SSL Decryption and Offloading


* Experience designing and deploying web proxy and content filtering solutions for data loss prevention


* Extensive experience in performing packet and flow analysis across a variety of toolsets, such as in-line taps, on firewall/IPS appliances, network routers, and on hosts themselves


* Exposure to enterprise network monitoring platforms and solutions; ability to gather useful insights from reports to further justify a proposed solution


* Fundamental understanding of the value public cloud offers to customers and how private networks are provisioned; proven experience with interconnecting enterprise networks to public cloud environments either through leased lines or virtual private networks (VPN) over the internet


* Specialization with installation, configuration, troubleshooting, and supporting of network security equipment - hands on keyboard experience


* Experience in documenting and articulating network topologies to broad audiences


* Ability to model and build test virtual networks for proof of concepts that showcase leading practices


* Knowledge of application transport and network infrastructure protocols (DNS, DHCP, IPAM,SSL/TLS, WINS, NTP, FTP, HTTP, HTTPS, SMTP, LDAP, and Microsoft AD)


* Experience with FW, VPN, web proxy, IPS, DNSSEC, and router hardening


* Understanding of network traffic analysis for troubleshooting end to end performance and connectivity issues with tools such as Wireshark, tcpdump, and iperf


* Strong understanding of the value that software defined networking and network orchestration provides network security operators


* Familiarity interacting with APIs as well as the ability to read common data models and markup languages such as YANG and JSON for helping customers better understand how to interact programmatically with networks


* Exposure to or experience with programming/scripting languages or configuration management tools used to automate networks (e.g. Python, Ansible)


* 6+ years of relevant consulting or industry experience


* Experience in assisting Senior leadership team to design technology, process landscape and develop overall solution strategy


* Ability to create critical collaterals for client workshops and customer interactive sessions


* Excellent articulation, communication and strong inter personal skills


* Experience in participating in transformation initiatives for mid to large scale organizations


* Ability to work with a multi-location team


* Willingness to travel 80 - 100% of the time (Monday - Thursday/Friday)



Preferred

* Network certifications e.g. CCIE, CCNP, CCNA, OSCP, CISSP, CEH or equivalent


* Experience with continuous integration/continuous delivery tools (Git, Jenkins, etc.) and configuration management tools (Ansible, Puppet, Chef, SaltStack) to allow operations teams to adopt network automation
* Experience designing and implementing security measures within public cloud environments, such as AWS and Azure
* Proven experience migrating legacy firewall environments to modern ones in phased approaches to reduce downtime and mitigate risk



How you'll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte's culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.

Recruiter tips

We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.

#LI:PTY

#IND:PT

As used in this posting, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. https://www2.deloitte.com/us/en/pages/careers/articles/ban-the-box-notices.html

Requisition code: E20NATCSPMTC002-CBO

*
*
*
*
*
*