Hands on Network Security Engineer (Zscaler, CheckPoint, Forescout, Cisco)
About this role
Technology & Operations
Technology & Operations is the backbone for both the client lifecycle and the investment lifecycle. The group’s Follow the Sun Model ensures that the firm’s operations are consistent and efficient across all investment products, client channels and regions, helping to deliver an outstanding client experience and drive scalability. Technology & Operations is driven by a global network of Operating Centers of Excellence, which centralizes...Description
About this role
Technology & Operations
Technology & Operations is the backbone for both the client lifecycle and the investment lifecycle. The group’s Follow the Sun Model ensures that the firm’s operations are consistent and efficient across all investment products, client channels and regions, helping to deliver an outstanding client experience and drive scalability. Technology & Operations is driven by a global network of Operating Centers of Excellence, which centralizes knowledge and equips support teams with the data and timely information needed to innovate and deliver on behalf of internal partners and clients.
BlackRock’s Technology & Enterprise Service Group seeks to provide BlackRock Employees with robust technology infrastructure and strategic workplace solutions to deliver a consistent employee experience around the world, while handling information security and data integrity. Teams aligned to support the firm’s functions.
As a Network Engineer, you will:
- Be part of the BlackRock Technology Infrastructure Network Engineering team within Technology & Operations that provides strategy, design, engineering, and level-3 operational support for both BlackRock's corporate as well as externally facing client Aladdin environments. The team has members in Delaware, Princeton, Denver, London, and Singapore supporting a diverse array of technologies from routing, switching, data center, security, and optimization technologies.
- Be an experienced senior Network Engineer with a focus on security solutions, but also with broad skills across traditional routing and switching.
- The role will develop and deliver the network security solutions required for our on-premises environments as well as to support the firm’s direction to move to the Cloud. This includes cloud-based remote-access and web-proxy solutions as well as Cloud hosted virtual firewall appliances. The scope will also include providing solutions for Internet and third-party connectivity as well as for the segmentation of the corporate network.
- Lead and contribute to the setting of technical strategies and standards, the delivery of Network Engineering projects and provide level-3 technical support across the global network infrastructure.
Relevant technologies include but are not limited to:
- Zscaler Internet Access, Private Access, and Client Connectors.
- Cisco and Checkpoint solutions for firewalling and remote access.
- F5 Global and Local load-balancing solutions.
- Forescout Network Access Control.
- Encryption technologies including VPNs, IPSec and MACsec.
- Cisco routing and switching including OSPF, BGP, Layer-1 and 2 technologies.
- Cisco Identity Services Engine (ISE) including distributed personas.
- Scripting languages (Python, Ansible, Terraform).
What You'll Need:
- 7+ years hands-on network engineering experience for global enterprise(s), preferably in the Financial Services sector.
- Extensive experience delivering global remote access solutions utilizing traditional VPN and zero-trust VPN. Experience with Zscaler/Cisco AnyConnect is preferred.
- Comprehensive understanding of internal application access and control policies.
- Extensive experience with web-proxy solutions.
- Experience of designing and deploying secure firewall environments supporting segmentation of the network, as well as Internet and third-party connectivity. The firewalls would ideally be Cisco and Checkpoint with both physical appliances on-prem and virtual appliances within the Cloud (Azure, AWS, Google).
- Experience in design, deployment and management of Global and Local load-balancing solutions including both physical and Cloud hosted virtual appliances. Experience with F5 is preferred.
- Experience of Forescout solutions for Network Access Control (NAC) is preferred.
- Experience in Cisco ISE including the profiling and permissions for hosts connecting to the network in support of micro-segmentation policies is preferred.
- Extensive experience extracting requirements, producing designs, strategies, and project plans, leading to implementation and high-quality operational handovers.
- Experience with Cisco campus and data center routers and switches with associated technologies and protocols. CCNP Cisco certification or equivalent preferred.
- Experience with VMware NSX-T firewalling is preferred.
- Experience scripting and providing automation solutions for networks (Python, Ansible, Terraform) is highly desirable.
- Flexible and able to shift rapidly with a constantly evolving environment.
- Ability to run projects, working independently as well as within a team.
- Must possess ability to multi-task in a fast-paced environment and deliver when under pressure.
- Excellent written, verbal communication, as well as strong customer service skills.
- Experience of working in a highly regulated environment.
- Demonstrate a hands-on approach and willingness to work out-of-hours as required is essential.
Who You Are:
- You are passionate about crafting and evolving the services you are responsible for to better serve our internal and external clients!
- You enjoy rolling up your sleeves and going deep when necessary.
- You persevere where others do not!
- You take emotional ownership of the technologies and services you deliver.
- You are committed to a diverse, inclusive, and equitable working environment.
For New York City only: The salary range for this position is $161,500 – $200,000. Additionally, employees are eligible for an annual discretionary bonus, and benefits including heath care, leave benefits, and retirement benefits. BlackRock operates a pay-for-performance compensation philosophy and your total compensation may vary based on role, location, and firm, department and individual performance.
To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.
Our hybrid work model
BlackRock’s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person – aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock.
At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children’s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.
This mission would not be possible without our smartest investment – the one we make in our employees. It’s why we’re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive.
BlackRock is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.
BlackRock will consider for employment qualified applicants with arrest or conviction records in a manner consistent with the requirements of the law, including any applicable fair chance law.