Senior Network Security Engineer

Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms. About Haventree Bank Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the bank’s mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system. Position Summary: Reporting to the IT Operations Team Lead, the Sr. Network Security Engineer works with internal IT, Managed Network Provider and MSSP, to promote secure practices and improve network and infrastructure resiliency. This position manages all technology and security related domains, resources and workflows related to On-prem, Cloud (Azure & AWS) LAN, WAN, Firewalls, VPN, Routing/Switching, server, and end-user infrastructure and equipment in compliance with industry frameworks such as CIS, NIST, SSE, SASE & ZTNA etc. This is a dynamic role that is responsible for technical guidance related to all core technology security needs corporate-wide as well as timely patch management and vulnerability remediation, firmware upgrades, investigation and defense against network and security and cybercrime incidents. Major Duties & Responsibilities: Responsible for operational management of platforms such as Fortinet, Dell, Microsoft Azure and 365, AWS, and associated supporting services. Provide end-user support for VPN and network related issues. Design and configure SASE/ZTNA/SSE framework, network, SD-WAN, and infrastructure security components (Firewall) in cloud (AWS & Azure), and on-prem environments as per the CIS/NIST guidelines and industry best practices. Proactively ensure the highest levels of systems and infrastructure confidentiality, integrity, and availability. Maintain network/VPN uptime, security, and redundancy strategies. Create and maintain up to date diagrams, as it is related to HTB network and system configurations. Make recommendations to improve process efficiency and effectiveness; lead cost saving initiatives, uphold architectural design standards and configurations to ensure consistency, maintainability, and flexibility with respect to overall system, technical and product roadmaps. Develop and promote operational interaction within the Network & Security Managed Providers and internal IT teams. Analyze and create security procedures to determine weakness in infrastructure security. Assess existing WAN network and make cost-saving recommendations and proposals including price negotiation with the new and existing service providers. Monitor & manage security systems and equipment servicing and/or maintenance in conjunction with other departments, as appropriate. Collaborate with cross-functional teams to better protect and serve our clients and partners. Sets an example for team members of commitment, network and security knowledge, strong work ethics, leadership, and integrity. Create and updates network diagrams/topology documentation, uptime reports, dashboards, etc. Create, manage and maintain records for physical cabling and switch/patch panel connectivity. Degrees, Diplomas & Certifications: The position requires a bachelor’s degree in Information Technology, Engineering or related discipline, or equivalent experience preferably in a service provider environment. Professional certifications or demonstrated experience: CCNP, NSE4 and above, CISSP, CCSP. Specialty certifications in AWS and Azure networking and/or Security is considered an asset. Technical Experience Required to Perform the Job: In-depth working knowledge of network security principles, frameworks, protocols, architectures, and technologies is essential. This includes strong working knowledge of industry leading technology providers within the following areas: Fortinet Virtual and Physical - Next Generation Firewalls (NGFWs). Network Access Control (NAC). Email Security. Network Segregation and Microsegmentation. Content Delivery Network (CDN). Zero Trust Network Architecture (ZTNA) and Software-Defined Perimeter (SDP). Cloud Native Security. Secure Access Service Edge (SASE). Security Services Edge (SSE). Familiarity with Google and Azure cloud computing platforms and understanding of cloud security best practices. Ability to implement security controls, monitor cloud environments, and address unique security challenges in the cloud. Hands-on experience with networking protocols configuration and services such as: BGP, OSPF, MC-LAG, DNS and DHCP. In-depth experience with Cloud networking and security. Experience designing and operating secured DDoS resilient infrastructures with WAF, CDNs, SLB, security gateways and content filtering. Demonstrated excellence in documenting complex enterprise level systems, processes, and proactively sharing and communicating complex technical information. Excellent knowledge of information security standards and best practices. Excellent knowledge in overall network security assessment, penetration testing and vulnerability management. Years and Range of Experience Required to Perform the Job: The position requires at least 7 years’ experience working in the IT industry specializing in network and security. Familiar with commonly used information security frameworks such as CIS and NIST. While we thank everyone for their interest in Haventree Bank, please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation, we will work with you to meet your needs. Haventree Bank embraces equal opportunity, diversity, and inclusion. Please let us know if you require any accommodations during the recruitment and selection process by contacting [email protected]. #J-18808-Ljbffr