Senior Network Perimeter Security Architect

Job description

**Overview**

**Benefit Information:**

ABM offers a comprehensive benefits package.

For information about ABM’s benefits, visit:

Recruiting Flyer - Staff & Mgmt (https://media.abm.com/wp-content/uploads/AnnualBenefitFlyers/Recruiting%20Flyer%20-%20Staff%20&%20Mgmt.pdf)

**1.1 Job Description**

ABM is currently seeking an initiative-taking and experienced Senior Network Perimeter Security Architect.

This role is responsible for the leading design, implementation, and management of our enterprise perimeter security infrastructure.

Must architect robust defenses against external threats while ensuring scalability, compliance, accountable for the technical aspects of the enterprise information security architecture, stability, and resiliency related to network security solutions and operational efficiency.

This role requires deep expertise in firewalls, intrusion detection/prevention systems (IDS/IPS), cloud perimeter security, and secure access technologies.

The Senior Network Perimeter Security Architect works closely with many diverse and dynamic teams, including, but not limited to: Security Engineering, IT Infrastructure, Network Engineering, Application Development, Security/IT Operations, Security Audit & Compliance, and our End Users.

This position is also responsible for architecting solutions to secure business-to-business initiatives, third-party relationships, outsourced solutions, and vendors.

**1.2 Responsibilities:**

In the role of the Senior Network Perimeter Security Architect, you will:

• Design and maintain the enterprise’s perimeter security architecture, including firewalls, secure web gateways, VPNs, proxies, and DDoS mitigation.

• Evaluate and recommend next-generation firewall (NGFW) and threat prevention technologies.

• Lead architecture reviews and risk assessments for new network and cloud deployments.

• Develop and enforce security standards, policies, and procedures related to perimeter defense.

• Collaborate with network engineering, cloud operations, SOC, and application security teams.

• Provide expert-level guidance on secure network segmentation, micro segmentation, and zero trust principles.

• Lead security architecture initiatives in hybrid cloud environments, integrating on-prem, virtual, and cloud native controls.

• Evaluate new security tools, conduct POCs, and lead deployment strategies.

• Respond to and analyze security incidents involving perimeter technologies.

• Support regulatory and compliance initiatives (e.g., PCI DSS, HIPAA, ISO 27001, NIST).

• Mentor junior team members and provide technical leadership across projects.

• Proactively analyze, identify, and resolve performance bottlenecks.

• Assist with strategy, implementation and recovery point/time objective for business continuity and disaster recovery.

• Stay up to date with cybersecurity threats, risks, and vulnerabilities with potential impact on services.

• Form relationships with colleagues in operations, engineering, software development and risk management.

• Collaborate with IT and cybersecurity leadership to develop practices to reduce attack surface, as well as countermeasures to impede internal threats and external attackers.

• Attend project and implementation meetings and advise on secure application and infrastructure configurations.

• Be willing to work nonstandard business hours for projects, business impact issues and incident response.

• Assist in the definition of the strategy and technology roadmap for Network Security Architecture, assess, and deliver fit for purpose technical security solutions.

• Identify, plan, and execute needed security changes to existing methods and techniques used throughout the organization.

• Lead projects and initiatives with broad scope and high impact to the business and be a recognized expert in Network Security.

• Define key performance indicators, objectives and key results, and metrics to illustrate efficacy with cloud infrastructure and applications.

• Maintain detailed documentation, including diagrams, configurations, and procedures.

**1.3 Technical Qualifications:**

• Familiarity with Azure, AWS and GCP.

• SaaS solutions such as Salesforce, Workday, MS Office 365, SAP, OCF.

• Identity and Access Management (IAM) platforms and related protocols such as SAML, SPML, XACML, SCIM, OpenID and OAuth.

• Experience with Zero Trust Network Access (ZTNA) cloud-based security platforms, like Zscaler (ZIA/ZPA).

• Understanding corporate network monitoring and security and common network protocols such as TCP/IP, VLANS, DNS, DHCP, BGP, OSPF, RADIUS, WIFI.

• Networking and firewalls – CISCO, FortiGate, Meraki, Checkpoint, Juniper, Palo Alto, and Virtual Firewall appliances.

• Experience managing 200+ Firewalls in an Enterprise.

• Firsthand experience with VMware NSX, including NSX-T and NSX-v, with focus on micro segmentation and distributed firewalling.

• Experience implementing and managing End-point protection using Microsoft Intune.

• Experience with Web-Application Firewalls implementing and managing.

• Familiar with operating systems including Linux, Microsoft Windows 11, and Server 2012, 2016, 2019, 2025.

**1.4 Preferred Qualifications:**

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or related field.

• Possess 7 to 10 years of experience in IT and security operations, 5 to 7 years in an architecture or lead role with a focus on cyber/perimeter network security.

• Deep expertise with enterprise-class firewalls (e.g., Palo Alto, Fortinet, Meraki, Cisco ASA/Firepower).

• Strong understanding of IPS/IDS, SSL decryption, NAC, and secure remote access solutions.

• Experience with cloud-native security controls across AWS, Azure, or GCP (e.g., security groups, WAFs, transit gateways).

• Knowledge of routing, switching, VPNs (IPSec, SSL), BGP, and SD-WAN security.

• Familiarity with zero trust architecture and modern network access models.

• Possess industry certifications such as CISSP, CCSP, CCNP Security, Palo Alto PCNSE, or similar qualifications.

• 5 + years of experience with Cisco Identity Service Engine (ISE) or another 3rd party Network Access Control (NAC) product.

• Ability to comprehend complex technical infrastructure, managed services, and third-party dependencies.

• Knowledge in one or more: NIST 800-144, CIS, CSA-CCM, ISO (27040, 27017, 27001).

• Experience with Automation/Cloud Tools (e.g., Ansible, Terraform, Kubernetes, Puppet, Python, JavaScript, Bash)

• Enterprise Network Monitoring software experience (SolarWinds Orion).

• Experience developing strategies for implementation of QoS, and Multicast.

• Experience with packet capture and analysis tools, NetFlow, IP SLA, etc.

REQNUMBER: 131908
ABM is proud to be an Equal Opportunity Employer qualified applicants without regard race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran or any other protected factor under federal, state, or local law.

ABM is committed to working with and providing reasonable accommodation to individuals with disabilities.

If you have a disability and need assistance in completing the employment application, please call 888-328-8606.

We will provide you with assistance and make a determination on your request for reasonable accommodation on a case-by-case basis.

Required Skill Profession

Other General