Senior Architect Perimeter & DMZ

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates' physical, emotional, and financial wellness through affordable, competitive and flexible benefits.

• Works across the business, operations and technology to create the solution intent and architectural vision for complex solutions and prioritize functional and non-functional requirements into a technology backlog to enable the technology roadmap and functionality to support evolving capabilities and services
• Contributes to the creation of the architecture roadmap of defined domains (Business, Application, Data, and Technology) in support of the product roadmap and the development of best practices including standardized templates
• Clarifies the architecture, assists with system design to support implementation, and provides solution options to resolve any architectural impediments
• Facilitates solution driven discussions, leads the design of complex architectures, and finds creative solutions through knowledge of domain, practical experiments, and proof of concepts while ensuring architecture is flexible, modular, and adaptable
• Educates team members on the technology practices, standardization strategies, and best practices to create innovative solutions
• Supports the team as needed to select the technology stack required for solutions and helps select preferred technology products
• Performs design and code reviews to ensure all non-functional requirements are sufficiently met (for example, security, performance, maintainability, scalability, usability, and reliability)
• Defines scalable and secure designs for ingress/egress. Internet facing services, B2B integration, and third-party access. The role drives the modernization of perimeter controls including firewalls, proxies, segmentation, and decentralized internet breakout strategies.
• Designs secure architecture for inbound and outbound services, including zero trust ingress.
• Acts as a design authority across programs involving network segmentation, partner access, and external service hosting.
• Develops reusable frameworks to standardize policy enforcement, inspection, and observability
• Partners with security, infrastructure, and application teams to embed security into network and perimeter designs.
• Provides thought leadership, influences product direction, and ensures adoption of approved patterns.
• Acts as mentor to engineering and security teams, embedding "secure by design" principles across delivery

• 10+ years of progressive infrastructure / network / security engineering experience with 5+ years in architecture or senior technical leadership roles
• Must have experience taking ownership of perimeter security and DMZ architectures for large-scale, high-availability enterprise environments
• Proven delivery experience in regulated industries (financial services strongly preferred) with strong understanding of audit, risk, and control expectations
• Strong experience leading cross-functional initiatives involving Network, Security, App teams, IAM, SRE/Operations, and Governance/Risk/Compliance (GRC)
• Deep expertise designing and implementing segmented DMZ and perimeter architectures.
• Experience embedding security measures.
• Familiarity with threat modeling for internet-facing applications and partner connectivity
• Demonstrated ability to create and enforce reference architectures, standards, patterns, and guardrails.

• Hands-on experience with one or more of: Palo Alto, Fortinet, Check Point, Cisco, Juniper SRX F5, HAProxy, NGINX, cloud LBs, Akamai/Cloudflare (WAF/DDoS/CDN), Imperva, API gateways (Apigee, Kong, Mulesoft, AWS API Gateway / Azure APIM) SIEM integrations (Splunk, Sentinel, QRadar)
• Security/network certifications such as: CISSP / CCSP (security architecture), PCNSE/CCNP Security, GIAC (e.g., GSEC, GCIA), or equivalent

• Analytical Thinking
• Architecture
• Result Orientation
• Solution Design
• Technical Strategy Development
• Application Development
• Collaboration
• Data Management
• DevOps Practices
• Risk Management
• Agile Practices
• Automation
• Influence
• Solution Delivery Process
• Test Engineering