Sr. Network Security Architect @ AES

Indianapolis, IN, United States

AES AES is a global energy company that creates greener, smarter and innovative energy solutions. Together, we can accelerate the future of energy. View company page

Are you ready to be part of a company that's not just talking about the future, but actively shaping it? Join The AES Corporation (NYSE: AES), a Fortune 500 company that's leading the charge in the global energy revolution. With operations spanning 14 countries, AES is committed to shaping a future through innovation and collaboration. Our dedication to innovation has earned us recognition as one of the Top Ten Best Workplaces for Innovators by Fast Company in 2022. And with our certification as a Great Place to Work, you can be confident that you're joining a company that values its people just as much as its groundbreaking ideas.

AES is proudly ranked #1 globally in renewable energy sales to corporations, and with $12.7B in revenues in 2023, we have the resources and expertise to make a significant impact as we provide electricity to 25 million customers worldwide. As the world moves towards a net-zero future, AES is committed to meeting the Paris Agreement's goals by 2050. Our innovative solutions, such as 24/7 carbon-free energy for data centers, are setting the pace for rapid, global decarbonization.

If you're ready to be part of a company that's not just adapting to change, but driving it, AES is the place for you. We're not just building a cleaner, more sustainable future - we're powering it. Apply now and energize your career with a true leader in the global energy transformation.

We are seeking a skilled and seasoned Senior Security Network Engineer to join our network team. The successful candidate will play a critical role in architecting, designing, deploying, monitoring, maintaining, and refreshing secure global IT/OT network infrastructures to protect digital assets from leakage, unauthorized access, and cyber-attacks.

The Senior Security Network Engineer will collaborate with cross-functional and multi-cultural global teams to prevent, detect, and respond to threats to the organization's critical information assets. .

Responsibilities

Analyze existing network security controls and strengthen the controls that could make vulnerability exploitation more likely – such as Data Loss Protection, technical debt, etc.

Design and implement a global NAC solution (e.g. Cisco ISE) to control and authenticate network access including port-based network access control 802.1X.

Research and propose new VPN, ZTNA, and VPN-less access solutions to provide secure remote access for authorized users and site-to-site remote access.

Design, architect, and deploy Zscaler cloud -based solution infrastructure across SDWAN-based sites.

Manage implementation plans and operations supervision of Zscaler solutions (ZIA, ZPA, ZDX, etc.).

Proactively monitor reporting and consumption information along with policy configurations of Zscaler technologies and make ongoing recommendations to improve the overall experience.

Review and architecture restricted access to contractors and third-party employees to ensure security and reliability in a self-service environment.

Develop and automate tools and techniques to scale and accelerate network offensive emulation, anomaly detection, and vulnerability discovery using AI technology. Collaborate with teams to influence implementation, measurement, and mitigation of these vulnerabilities.

Develop, improve, and communicate a compelling strategy and roadmap for network vulnerability and data leak prevention management.

Design, implement, maintain, monitor, and support company-wide network security best practices. Draft and share network services configuration hardening standards.

Build relationships with cyber security teams, network operations, digital assets support, and business areas in support of the global data protection initiative.

Measure, report, and automate the network security team’s performance against objectives, policy compliance targets, and network security goals (e.g., SLAs, KPIs, KRIs, OKRs)

Install security measures and operate software to protect systems and information infrastructure, including assisting with firewalls security rules, and data security implementation. Regularly review and request updates of firewall rules and configurations to address emerging security risks.

Collaborate with analysis and responses to alerts generated by IDPS tools.

Conduct regular security audits of network infrastructure and devices.

Understand secured web traffic flow standards and custom application-based traffic and design firewall and proxy services.

Expect to assist as L3 SME for critical business impact P0/P1 network security escalations during operational and non-operational hours.

Provide data and root cause analysis of network security incidents with corrective actions for improvement. Fix detected vulnerabilities.

Closely working with compliance and internal audit departments to ensure network security standards are in place, enforced, and maintained, and provide evidence samples according to the requirement.

Research upcoming trends in information technology and security, stay updated on potential threats and attacks, and come up with preventive roadmaps.

Help develop and maintain network security content in the internal Knowledge Base.

Develop and provide network-related Cyber Security Training and improve network Cyber Security Awareness around the global network teams.

Qualifications

Demonstrable experience in defining, reviewing, analyzing, and creating cybersecurity documentation, including actionable security standards, implementation procedures, cyber risk assessments, cyber security audits, remediation plans, and cyber control guidelines.

Solid grasp of security controls in Physical (network, platforms) and Cloud environments (i.e., IaaS, PaaS, SaaS, multi-cloud).

Familiarity with Cloud Security Alliance (CSA) guidelines.

Extensive experience in the development and delivery of security-level agreements and metrics via real-time reporting and alerting dashboards (SharePoint, Power BI, SQL, Office 365, Microsoft Teams).

Proficient with a broad array of security software applications and data leak protection tools with an emphasis on Zscaler and Cisco security technologies.

Detailed understanding of network-related modern systems including firewalls, encryption, network access control, wireless and wired secure access, SD-WAN, SD-Access, secure remote network access, and password protection and authentication.

Understanding of cyber security frameworks for the OT environment including Industrial control systems (ICS)—the devices, controls, and networks that handle different industrial processes—, supervisory control and data acquisition (SCADA) systems, and distributed control systems (DCS).

Solid understanding of cyber-security technologies like AV, Sandbox, IPS, IDS, NGFW, and WAF.

Very solid background with vulnerability discovery and demonstration of exploitations.

Ability to see through bad actors’ eyes and find ways to break open the cyber security protocols and technologies embraced within the organization.

A data-driven, problem-solving, curious candidate with strong analytical skills and who is not afraid to challenge the status quo.

A self-starter with a goal-oriented, can-do attitude who is comfortable communicating cyber concepts, and risk management to all levels of personnel.

Ability to influence other IT professionals, including network engineers, digital support, application owners, project managers, and system managers, to integrate security network controls into existing systems and processes.

Proven ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts in clear, concise, and understandable terms.

Preferred Qualifications

Bachelor's degree required in technology, information security or related fields or equivalent work experience.

Demonstrated ability in computer systems with some specialization in computer security highly preferred.

Knowledge of foundational security controls and how they protect an enterprise environment.

Relevant certifications (e.g., Certified Information Systems Security Professional - CISSP, Certified Information Security Manager - CISM).

Very strong capacity to create new exploits or craft existing exploits to identify security loopholes in the network control cyber security plane.

Experience with PowerShell and SQL query creation and modification.

Scripting - Working knowledge of computer programming language.

This is a remote position; however, we require that the candidate be located close to one of the AES locations.

Some travel required (~15-20%)

Are you ready to be part of a company that's not just talking about the future, but actively shaping it? Join The AES Corporation (NYSE: AES), a Fortune 500 company that's leading the charge in the global energy revolution. With operations spanning 14 countries, AES is committed to shaping a future through innovation and collaboration. Our dedication to innovation has earned us recognition as one of the Top Ten Best Workplaces for Innovators by Fast Company in 2022. And with our certification as a Great Place to Work, you can be confident that you're joining a company that values its people just as much as its groundbreaking ideas.

AES is proudly ranked #1 globally in renewable energy sales to corporations, and with $12.7B in revenues in 2023, we have the resources and expertise to make a significant impact as we provide electricity to 25 million customers worldwide. As the world moves towards a net-zero future, AES is committed to meeting the Paris Agreement's goals by 2050. Our innovative solutions, such as 24/7 carbon-free energy for data centers, are setting the pace for rapid, global decarbonization.

If you're ready to be part of a company that's not just adapting to change, but driving it, AES is the place for you. We're not just building a cleaner, more sustainable future - we're powering it. Apply now and energize your career with a true leader in the global energy transformation.

We are seeking a skilled and seasoned Senior Security Network Engineer to join our network team. The successful candidate will play a critical role in architecting, designing, deploying, monitoring, maintaining, and refreshing secure global IT/OT network infrastructures to protect digital assets from leakage, unauthorized access, and cyber-attacks.

The Senior Security Network Engineer will collaborate with cross-functional and multi-cultural global teams to prevent, detect, and respond to threats to the organization's critical information assets. .

Responsibilities

Analyze existing network security controls and strengthen the controls that could make vulnerability exploitation more likely – such as Data Loss Protection, technical debt, etc.

Design and implement a global NAC solution (e.g. Cisco ISE) to control and authenticate network access including port-based network access control 802.1X.

Research and propose new VPN, ZTNA, and VPN-less access solutions to provide secure remote access for authorized users and site-to-site remote access.

Design, architect, and deploy Zscaler cloud -based solution infrastructure across SDWAN-based sites.

Manage implementation plans and operations supervision of Zscaler solutions (ZIA, ZPA, ZDX, etc.).

Proactively monitor reporting and consumption information along with policy configurations of Zscaler technologies and make ongoing recommendations to improve the overall experience.

Review and architecture restricted access to contractors and third-party employees to ensure security and reliability in a self-service environment.

Develop and automate tools and techniques to scale and accelerate network offensive emulation, anomaly detection, and vulnerability discovery using AI technology. Collaborate with teams to influence implementation, measurement, and mitigation of these vulnerabilities.

Develop, improve, and communicate a compelling strategy and roadmap for network vulnerability and data leak prevention management.

Design, implement, maintain, monitor, and support company-wide network security best practices. Draft and share network services configuration hardening standards.

Build relationships with cyber security teams, network operations, digital assets support, and business areas in support of the global data protection initiative.

Measure, report, and automate the network security team’s performance against objectives, policy compliance targets, and network security goals (e.g., SLAs, KPIs, KRIs, OKRs)

Install security measures and operate software to protect systems and information infrastructure, including assisting with firewalls security rules, and data security implementation. Regularly review and request updates of firewall rules and configurations to address emerging security risks.

Collaborate with analysis and responses to alerts generated by IDPS tools.

Conduct regular security audits of network infrastructure and devices.

Understand secured web traffic flow standards and custom application-based traffic and design firewall and proxy services.

Expect to assist as L3 SME for critical business impact P0/P1 network security escalations during operational and non-operational hours.

Provide data and root cause analysis of network security incidents with corrective actions for improvement. Fix detected vulnerabilities.

Closely working with compliance and internal audit departments to ensure network security standards are in place, enforced, and maintained, and provide evidence samples according to the requirement.

Research upcoming trends in information technology and security, stay updated on potential threats and attacks, and come up with preventive roadmaps.

Help develop and maintain network security content in the internal Knowledge Base.

Develop and provide network-related Cyber Security Training and improve network Cyber Security Awareness around the global network teams.

Qualifications

Demonstrable experience in defining, reviewing, analyzing, and creating cybersecurity documentation, including actionable security standards, implementation procedures, cyber risk assessments, cyber security audits, remediation plans, and cyber control guidelines.

Solid grasp of security controls in Physical (network, platforms) and Cloud environments (i.e., IaaS, PaaS, SaaS, multi-cloud).

Familiarity with Cloud Security Alliance (CSA) guidelines.

Extensive experience in the development and delivery of security-level agreements and metrics via real-time reporting and alerting dashboards (SharePoint, Power BI, SQL, Office 365, Microsoft Teams).

Proficient with a broad array of security software applications and data leak protection tools with an emphasis on Zscaler and Cisco security technologies.

Detailed understanding of network-related modern systems including firewalls, encryption, network access control, wireless and wired secure access, SD-WAN, SD-Access, secure remote network access, and password protection and authentication.

Understanding of cyber security frameworks for the OT environment including Industrial control systems (ICS)—the devices, controls, and networks that handle different industrial processes—, supervisory control and data acquisition (SCADA) systems, and distributed control systems (DCS).

Solid understanding of cyber-security technologies like AV, Sandbox, IPS, IDS, NGFW, and WAF.

Very solid background with vulnerability discovery and demonstration of exploitations.

Ability to see through bad actors’ eyes and find ways to break open the cyber security protocols and technologies embraced within the organization.

A data-driven, problem-solving, curious candidate with strong analytical skills and who is not afraid to challenge the status quo.

A self-starter with a goal-oriented, can-do attitude who is comfortable communicating cyber concepts, and risk management to all levels of personnel.

Ability to influence other IT professionals, including network engineers, digital support, application owners, project managers, and system managers, to integrate security network controls into existing systems and processes.

Proven ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts in clear, concise, and understandable terms.

Preferred Qualifications

Bachelor's degree required in technology, information security or related fields or equivalent work experience.

Demonstrated ability in computer systems with some specialization in computer security highly preferred.

Knowledge of foundational security controls and how they protect an enterprise environment.

Relevant certifications (e.g., Certified Information Systems Security Professional - CISSP, Certified Information Security Manager - CISM).

Very strong capacity to create new exploits or craft existing exploits to identify security loopholes in the network control cyber security plane.

Experience with PowerShell and SQL query creation and modification.

Scripting - Working knowledge of computer programming language.

This is a remote position; however, we require that the candidate be located close to one of the AES locations.

Some travel required (~15-20%)

AES is an Equal Opportunity Employer who is committed to building strength and delivering long-term sustainability through diversity and inclusion. Respecting all backgrounds, differences and perspectives enables us to improve the lives of our people, customers, suppliers, contractors, and the communities in which we live and work. All qualified applicants will receive consideration for employment without regard to sex, sexual orientation, gender, gender identity and/or expression, race, national origin, ethnicity, age, religion, marital status, physical or mental disability, pregnancy, childbirth, or related medical condition, military or veteran status, or any other characteristic protected under applicable law. E-Verify Notice: AES will provide the Social Security Administration (SSA) and if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization. Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr