Job Title Senior Manager, Network Security Architect
Division: Corporate IT, Infrastructure
Location: Berkeley Heights, New Jersey
Reports To: Director, Network Architect
Who We Are:
For more than a century, L’Oréal has devoted its energy, innovation, and scientific excellence solely to one business: Beauty. Our goal is to offer each and every person around the world the best of beauty in terms of quality, efficacy, safety, sincerity and responsibility to satisfy all beauty needs and desires in their infinite diversity.
At L'Oréal, our IT teams design and build solutions to ensure high performance for all our business sectors by imagining new ways of doing things, from designing websites to building algorithms and predicting new trends. They can be found leading teams towards a more connected and digitalized future in IT retail, e-commerce, CRM, data, AI, cybersecurity, Cloud and E-Marketing. You never stop learning at L'Oréal IT because things change at the speed of light! Come join our dynamic team!
What You Will Do:
As a Cloud Network Security Architect, you will lead the design, implementation, and maintenance of the security infrastructure spanning both cloud-based and on-premise networks. This includes but not limited to firewalls, load balancers, web application firewalls (WAF), routing, switching technologies, proxies, SD-WAN solutions, DDoS mitigation systems, and automation tools. Your role is pivotal in ensuring the availability, scalability, and security of our network environment, encompassing both cloud and on-premise components. You will collaborate closely with IT teams to identify security vulnerabilities, develop solutions to mitigate risks, and ensure compliance with security standards and best practices across all environments. Additionally, you will provide guidance on security architecture and participate in incident response and forensic investigations related to network security. The Network Security Architect participates in the development and implementation of policies and procedures and to ensure consistency with company goals, industry best practices and regulatory requirements. The candidate will be a key team member on strategic or enterprise-wide technology projects or issues.
- Design and implement solutions to protect the organization's network infrastructure, integrating cloud-based and on-premise components such as firewalls, load balancers, WAF, routing, switching technologies, proxies, SD-WAN solutions, DDoS mitigation systems, cloud connectivity and APM tools to optimize traffic distribution, secure communication between network segments, and control outbound internet access.
- Responsible for designing networks, including local area networks (LANs), wide area networks (WANs), software defined networks, wireless networks, and other data and voice communications systems
- Lead the detailed technical analysis of network security capabilities with the aim of delivery new or enhanced security capabilities.
- The candidate will be responsible for engineering network security tools and their configuration, including the business analysis and gathering requirements, gaining stakeholder acceptance, creating test plans and documenting test results.
- Work with global teams to analyze cyber security risks, how they will impact L’Oreal and outline the options available to remediate the risks.
- Focus on people and processes with all new technologies to ensure operationally effective solutions are delivered to our customers.
- Create both short and long-term enterprise network technology roadmaps based on an understanding of the organizational strategic requirements, technology context and business needs
- Be involved in making architecture and design decisions across all networking (data, voice and video) technologies in collaboration with the business and customers
- Establish governing principles for network security design and deployment
- Provide thought leadership to adopt new technologies and drive proof-of-concepts with selected vendors and develop use cases, lead technical feasibility studies
- Deliver high-quality executive architecture presentations and demonstrations
- Has an expert level understanding of network security
- Hands-on and remote configuration of Cisco routers, switches, load balancers, firewalls, and other related network gear.
- Work closely with other technical groups located locally and remotely
- Mentor junior team members
What We Are Looking For:
- 7+ years of exp with Bachelor's Degree or higher in STEM areas such as Computer Science, Information Management, Big Data & Analytics, or equivalent work experience
- Passionate about deploying large scale, reliable and secure high performance network infrastructure
- Display an in-depth knowledge of TCP/IP and predominant communication protocols (e.g., DNS, IPSec, Routing, GRE tunnels, multicasting, and traffic balancing, and high availability techniques).
- Expert level experience configuring routing protocols and other network technologies such as BGP, OSPF, EIGRP, VRF, SSL VPN, IPSEC, GRE, L2TPv3, NAT/PAT, MPLS, QoS, STP, HSRP, VTP, VPC, VDC, OTV, Ether channel, WAN Acceleration, IPv4, IPv6
- Proven experience in creating Layer 2 (physical, port to port mapping) and Layer 3 (logical, network topology, connectivity, relationships, traffic flow) diagrams.
- Experience integrating hybrid environments with Cloud providers (Azure/AWS).
- Experience working with cloud-based network infrastructures, such as AWS / Azure / GCP, including AWS Direct Connect and Azure Express Route VPC/VNET setup, routing, and troubleshooting, Security Group, Load balancer set up and troubleshooting.
- Understanding of Cloud connectivity partners (Megaport, Equinix, Cloud Exchange, etc.)
- Must have a deep understanding of Load Balancing concepts, including in-line, SNAT, one-arm, scheduling, persistence, SSL Offloading, Application Delivery, GSLB/GTM
- In depth experience with F5 LTM, APM
- Expert level experience with Palo Alto Networks, Fortinet and Cloud proxy solutions (ZScaler).
- Knowledge and hands-on experience with Next Gen Firewall Features like URL, IPS, Malware and content filtering
- Familiar with PKI & SSL Certificate management
- Knowledge of Public DNS
- Proficient in how Active Directory works
- Expert level experience with WAN deployments including: EIGRP/BGP route redistribution over MPLS and/or sd-wan networks, route maps and filtering, traffic prioritization and QOS policies
- Experience with indoor and outdoor wireless network technologies.
- Provide expert knowledge and experience performing deep packet troubleshooting with Wireshark, packet analyzer.
- Solid analytical skills to troubleshoot high-level, complex and technical problems.
- Ability to prioritize and execute tasks in a high pressure environment and make sound decisions in emergency situations
- Strong organization skills and multi-tasking ability
- Self-motivated individual that can work independently on projects, as well as a team player working towards a common goal
- Strong and proven architecture documentation and presentation skills, creating technology roadmaps and strategic direction
- Strong Project Management skills to direct and oversee implementation of architecture
- Adapts quickly to changes in business requirements
- Maintain close awareness of the priorities and activities of the internal customers and how they relate to overall objective/target; challenge initiatives when needed
- Willingness to learn, be a team player and a strong cross functional partner
- Willingness to operate in a VUCA (volatile, uncertain, complex and ambiguous) environment
- Minimum 10 years experience in designing, developing and implementations in an enterprise environment
- Familiarity with ITIL processes are a plus
- Outstanding customer service and interaction skills, as well as excellent verbal and written communications skills.
- Must have demonstrated analytical and problem solving skills
- Demonstrated ability to be a team player with a high level of initiative
- Ability to interface with various levels of management
What’s In It For You:
- Competitive Benefit Package (Medical, Dental, Vision, 401K, Pension Plan)
- Hybrid Work Policy (3 Days in Office, 2 Days Work from Home)
- Flexible Time Off (Paid Company Holidays, Paid Vacation, Vacation Buy Program, Volunteer Time, Summer Fridays & More!)
- Access to Company Perks (VIP Access to L’Oréal’s Internal Shop for Discounted Products, Monthly Mobile Allowance)
- Learning & Development Opportunities (Unlimited Access to E-learnings, Lunch & Learn Sessions, Mentorship Programs, & More!)
- Employee Resource Groups (Think Tanks and Innovation Squads)
- Access to Mental Health & Wellness Programs
Don’t meet every single requirement? At L'Oréal, we are dedicated to building a diverse, inclusive, and innovative workplace. If you’re excited about this role but your past experience doesn’t align perfectly with the qualifications listed in the job description, we encourage you to apply anyways! You may just be the right candidate for this or other roles!
We are an Equal Opportunity Employer and take pride in a diverse environment. We would love to find out more about you as a candidate and do not discriminate in recruitment, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.
If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by contacting [email protected]. If you need assistance to accommodate a disability, you may request an accommodation at any time.
Our Safe Together Plan: Your safety is our highest priority. We will proceed with caution and adhere to enhanced protection standards to ensure our sites are safe for all employees. We must all operate with the shared responsibility for each other’s health & safety in mind.