Banking Network Solution Architect - Hands-on or strong conceptual experience with Micro-segmentation - 102891-1

Banking Network Solution Architect

Line of Business: Network Security Engineering

Duration: 12 months

Hybrid - 1 day/week (Wednesday) + 3rd Friday in office

Office Location: 81 Bay Street

What does the LOB do:

The Network Security Engineering team is responsible for designing, implementing, and maintaining enterprise security controls across the organization’s infrastructure. The team focuses on advanced security practices such as micro-segmentation to control east-west traffic, reduce attack surface, and prevent unauthorized lateral movement across systems.

Enterprise-wide micro-segmentation program leveraging Guardicore (Akamai). The contractor will focus on analyzing server communication, identifying required traffic, and labeling required flows, creating segmentation policies, and securing infrastructure. The role will also support building tagging strategies, governance frameworks, and integrating micro-segmentation into existing security operations

Responsibilities:

As a Guardicore Micro-segmentation Solution Architect, you will play a critical role within the Network Security Engineering team, focusing on the design, implementation, and governance of micro-segmentation across the enterprise.

You will analyze server-to-server communication, identify required traffic flows, and define policies that allow only necessary interactions while blocking all other traffic. Acting as a bridge between security engineering and application operations, you will develop and document segmentation strategies that improve security posture and reduce risk.

Key responsibilities include:

• Design and implement micro-segmentation architecture and policies

• Analyze and classify infrastructure and application traffic (e.g., DNS, domain controllers, ports, protocols)

• Develop and maintain an accurate inventory of assets and communication flows

• Create and manage tagging strategies and governance frameworks

• Document security designs, policies, and processes

• Collaborate with application and operations teams to enable implementation

• Support integration of micro-segmentation solutions into existing security environments

• Enhance security for legacy systems and modern infrastructure

• Enforce least-privilege communication across systems

Must Have Requirement:

(Expected years of experience: 8-10)

Strong Network Engineering expertise (routing, switching, protocols, TCP/IP)

Strong Firewall and network security experience

Solid System Administration background (Windows/Linux)

Strong understanding of server-to-server communication and traffic analysis

Experience interpreting ports, protocols, DNS, and domain controller traffic

Hands-on or strong conceptual experience with Micro-segmentation

Experience designing security policies (allow/block models, least privilege)

Experience with infrastructure/application dependency mapping

Strong troubleshooting and investigative skills for traffic analysis

Experience working in enterprise environments with complex infrastructure

Ability to create documentation, inventory, and architecture artifacts

Experience working with security engineering and application teams

Nice to Have:

Guardicore (Akamai) experience

Experience with other micro-segmentation tools (e.g., Illumio, VMware NSX)

Familiarity with ServiceNow and enterprise ITSM tools

Knowledge of banking/financial services environments