Technical DMZ Architect

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:
This role is responsible for defining an architectural vision and architecture for large, complex DMZs, which align with the enterprise architecture strategy, technology, and platform choices for the defined technology. Key responsibilities include describing the DMZ intent/associated operating environment, evaluating system impacts and determining the primary systems/subsystems and their interfaces, assisting with end-to-end solution design where needed, defining nonfunctional requirements/architectural runway to support new epics/features and expand into new opportunities. This role ensures the solution is fit for purpose and use by working with stakeholders, vendors/service providers, and evaluating the impact of strategic design decisions. They also contribute to best practices, standard templates, and the architecture roadmap for defined domains.

Responsibilities:

• Works across the business, operations and technology to create the solution intent and architectural vision for complex solutions and prioritize functional and non-functional requirements into a technology backlog to enable the technology roadmap and functionality to support evolving capabilities and services
• Contributes to the creation of the architecture roadmap of defined domains (Business, Application, Data, and Technology) in support of the product roadmap and the development of best practices including standardized templates
• Clarifies the architecture, assists with system design to support implementation, and provides solution options to resolve any architectural impediments
• Facilitates solution driven discussions, leads the design of complex architectures, and finds creative solutions through knowledge of domain, practical experiments, and proof of concepts while ensuring architecture is flexible, modular, and adaptable
• Educates team members on the technology practices, standardization strategies, and best practices to create innovative solutions
• Supports the team as needed to select the technology stack required for solutions and helps select preferred technology products
• Performs design and code reviews to ensure all non-functional requirements are sufficiently met (for example, security, performance, maintainability, scalability, usability, and reliability)

Position Summary:

Technical DMZ network architect responsible for DMZ network project designs with focus on SASE and Cloud designs. Also provide DMZ/Remote Access/SDWAN/Hosting/B2B/VPN Infrastructure Architecture for various LOB and B2B customers across various DMZ Zones including creation of network level HLD and LLD designs and solution delivery.

Assess design submissions for security compliance against baselines. Shepard requestors through technical challenges until designs are complete. Act in a liaison role between Global Information Security and as an escalation point for engineering / operations.

Self-starter who can lead projects. Must be able to troubleshoot multivendor solutions in lab or POC environments. Manage assigned networking projects, program components and deployments to deliver services in accordance with established company objectives. Maintain a thorough understanding of Network Infrastructure, IPv4/v6, IP Routing, DNS, Security, HTTP(S), VPN, and Network Monitoring tools.

Required Qualifications:

• 10 years industry experience with technology domain experience
• This resource must have extensive Arista Fabric experience to be considered.

• Experience integrating solutions with Cloud provider environments such as MS Azure, AWS, Google, IBM

• Must have solid routing, switching, Arista, Cisco Nexus, Firepower/ASA, Fortinet router and DMZ/ISP experience.

• Solid understanding of TCP/IP concepts, SDN, OSPF, BGP, VLAN, IPSEC, ISAKMP, PKI, QOS, Multicast, trunking/port-channeling, VRRP, FHRP protocols, enterprise level MPLS, VDC, flavors of VPC, SDN.

• Ability to utilize DDoS tools like Arbor and Prolexic/Akamai & F5/Silverline for mitigations to include Application layer, TCP state table and Bandwidth DDoS threats.

• Experience with large scale, complex network/DMZ environments and Authentication mechanisms (e.g. Active Directory, Ping federate)

• Contribute to the creation of the architecture roadmap of defined technology domains in support of the product roadmap.

• Work across business and technology to create the solution intent and architectural vision for large complex solutions and evolve it based on an emerging requirements.

• Lead rapid shaping of a high-level architecture with details filled in with emerging business requirements; ensure architecture is flexible, modular, and designed to adapt easily.

• Facilitate solution driven discussions, lead the design of complex architectures, and find creative solutions through their knowledge of the domain, practical experiments, and Proof of Concepts (POCs).

• Clarify the architecture and assist with system design (where needed) for the development teams to support implementation and provide solution options to resolve any architectural impediments.

• Perform design and code reviews to ensure all nonfunctional requirements for a solution are sufficiently met (for example, security, performance, maintainability, scalability, usability, and reliability).

Desired Qualifications

• Familiar with best practices to install and deploy various Arista & Cisco routing and switching platforms such as ISR, ASR, Catalyst and Nexus.

• Technology degree or substantial equivalent experience

• Experience with scripting languages

• Support the Principal Engineer as needed to select the technology stack required for solutions and help select preferred technology products.

• Contribute to the development of best practices including standardized templates.

Skills:

• Analytical Thinking
• Architecture
• Result Orientation
• Solution Design
• Technical Strategy Development
• Application Development
• Collaboration
• Data Management
• DevOps Practices
• Risk Management
• Agile Practices
• Automation
• Influence
• Solution Delivery Process
• Test Engineering

Shift:

Hours Per Week: