Network Security Architect

Overview: H-E-B is one of the largest, independently owned food retailers in the nation operating over 420 stores throughout Texas and Mexico, with annual sales generating over $34 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 145,000 Partners (employees), competitive compensation and benefits program and comprehensive training that lead to successful careers.

Responsibilities:

Our Partners thrive The H-E-B Way. As a Network Security Architect, you would have a…

HEART FOR PEOPLE… you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams

HEAD FOR BUSINESS… you have an ownership mentality and a consistent track record of timely delivery of high-quality software

PASSION FOR RESULTS… the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions

Network Security Architects create and drive the architecture and design patterns for the network security architecture of H-E-B. Network Security Architects will perform analysis of existing network security and ancillary service configurations and design and create new or enhanced security improvements. Network Security Architects also provide consultative services and work with internal business team members and external vendors to collect requirements, design specifications, and create solutions that are aligned with H-E-B network security strategy.

ROLE

• Assess existing network security architecture against industry best practices and control frameworks and propose solutions and architectural improvements.
• Build network security patterns and designs as part of initiatives to modernize the company network security posture
• Works with Information System Owners and Administrators to develop the overall vision, strategy, roadmap, and operational guidance for the network security domain.
• Works with H-E-B teams to align on strategic direction, translate business requirements into the network security framework and participate in planning a roadmap that will realize the design.
• Works with H-E-B teams to educate and ensure understanding of H-E-B’s network security architecture, its end-to-end design, and ensure architectural gaps, dependencies and defects are identified and addressed.
• Works with H-E-B teams and external network security solution vendors to scope, configure and validate solutions to support H-E-B’s network security architecture.
• Leads the iterative development of next generation network security architecture, including requirements specification, vendor evaluation and selection, interoperability, data driven POCs, testing, and automation.
• Builds and maintains vendor partnerships to further H-E-B’s mission and goals.
• Provide oversight of all network security domain documentation to include architecture, roadmaps, and standards.
• Proactively create and review performance metrics and recommend tuning strategies.
• Researches and remains up to date with emerging threats and solutions relevant to network security and its implementations. Maintains current knowledge of industry trends and standards in information security.
• Participates in team activities and team planning in regard to improving team skills, awareness and quality of work.
• Responsible for continued personal growth in the areas of technology, business knowledge, and H-E-B policies and platforms.
• Mentors team members.
• Develops and documents standards and best practices.
• Designs, develops, and documents network security architecture patterns as code.

REQUIRED

• Minimum of eight (8) years of development and support experience with network security solutions in medium to large enterprises.
• Minimum combined five (5) years’ experience developing, designing, and maintaining enterprise networks based on Cisco, Aruba, Juniper, and Fortinet technologies.
• Experience with published standards, guidance, and frameworks related to network security architecture, network security controls, and practical implementation in an enterprise.
• Demonstrated experience designing, developing, configuring, implementing, and managing enterprise networks with diverse solutions from multiple vendors.
• Demonstrated experience across network and cloud security architecture (firewalls, IDS/IPS, NBAD, DNS, WAF, DDoS protection, network segmentation, etc.)
• Working knowledge of SD-WAN solutions, Zero Trust Architecture and micro-segmentation.
• Working knowledge of information security frameworks and industry best practices relevant to the network security architecture domain (e.g., ISO 27001 and NIST).
• Working knowledge of network security protocols, cryptography, authentication, and authorization.
• Working knowledge of network protocols, including but not limited to TCP/IP, IPv6, BGP, MPLS, Qos/CoS, OSPF, Spanning Tree, RPVST /VSTP, LACP, LISP, 802.1X and 802.1q.
• Experience developing multi-site, resilient, self-healing network architectures, and disaster recovery plans.
• Experience with firewall policy, management, and automation tooling.
• Experience with PKI, digital certificate management, and platform/OS security.
• Experience with the management and administration of highly available network infrastructure, including routers, switches, load balancers, SSL acceleration technology, etc.
• Experience working with hybrid cloud infrastructures.
• Able to handle highly confidential information in a strictly professional manner.
• Demonstrate a logical and structured approach to time management and task prioritization.
• Demonstrate a high level of communication skills, verbal and written.
• Familiarity with Agile and other project management methodologies.
• Ability to work well under pressure and have great organizational and interpersonal skills.

RECOMMENDED

• A Bachelor’s degree in Computer Science or Software Engineering.
• Working knowledge of Python, Golang, JavaScript, PowerShell, Perl, or *nix Shell scripting.
• Experience implementing and maintaining infrastructure as code
• Experience with AWS, GCP, and Azure networking
• One or more professional security certifications such as CISSP, CISA, GIAC; or relevant networking and technology certifications such as PCNSE, PCCSE, CCNP, or CCIE.