LC
Senior Network Architect & Administrator
Accepting applicationsLoop Capital · Chicago, IL
Full-Time Senior Pythonaiaterfsic
Posted
27 Apr
Category
Test
Experience
Senior
Country
United States
Loop Capital is a full-service investment bank, brokerage, asset management and advisory firm that provides creative capital solutions for corporate, governmental, and institutional entities across the globe. Loop Capital and its affiliates serve clients in fixed income asset management, corporate and public finance, financial advisory services, tax exempt and global equity sales, trading and research, analytical services and financial consulting services. Loop Capital values diversity and inclusion, professional growth opportunities, purpose driven work and a collaborative and innovative culture.
Position Overview
The Senior Network Architect & Administrator is a critical technical leader responsible for designing, implementing, and maintaining a highly available, low‑latency, and secure enterprise network infrastructure. This role blends strategic architecture with hands‑on engineering, ensuring the network can support the demanding needs of trading systems, financial partner connectivity, cloud expansion, and regulatory compliance. The ideal candidate brings deep expertise in enterprise networking, hybrid cloud architectures, Zero Trust principles, and financial‑sector connectivity requirements.
This position is essential to building a resilient, scalable, and secure network foundation that enables the firm’s growth and protects mission‑critical operations.
Key Responsibilities
Enterprise Network Architecture & Modernization
Architect and maintain a multi‑tier, highly available enterprise network supporting trading, clearing, research, and client‑facing platforms.
Design and enforce advanced network segmentation for users, servers, trading systems, cloud workloads, and privileged administrative zones.
Lead the development of a Zero Trust Network Architecture (ZTNA), including micro‑segmentation, identity‑aware routing, and continuous verification.
Engineer secure, redundant partner connections (DTCC, BNYM, Bloomberg, MarketAxess, ArrowStreet) using dedicated circuits, VPNs, private connectivity, and strict ACLs.
Integrate cloud networking (AWS, Azure, GCP) with secure routing, private endpoints, and unified policy enforcement across hybrid environments.
Perimeter, Cloud, and Application Security Hardening
Architect and administer next‑generation firewalls (NGFW) with IPS, TLS inspection, sandboxing, and threat intelligence integrations.
Deploy and maintain Web Application Firewalls (WAF) and API gateways supporting trading platforms and client portals.
Strengthen cloud security posture using CSPM, CNAPP, and cloud‑native controls (Security Groups, NACLs, PrivateLink, IAM boundaries).
Implement secure remote access solutions using ZTNA, MFA, device posture checks, and continuous session monitoring.
Standardize encryption protocols (TLS 1.2/1.3, IPsec, MACsec) across internal, external, and partner connections.
Network Monitoring, Performance, and Threat Visibility
Build and maintain a unified network monitoring and logging architecture across firewalls, routers, switches, cloud networks, and partner circuits.
Collaborate with security teams to integrate network telemetry into SIEM platforms (Splunk, Sentinel, QRadar, Elastic).
Develop detection logic for anomalous trading activity, insider threats, credential abuse, and partner circuit deviations.
Participate in threat‑hunting activities and support automated response workflows through SOAR integrations.
Identity, Access, and Privileged Access Controls
Integrate network infrastructure with centralized IAM platforms (Azure AD/Entra, Okta, Ping) for SSO, MFA, and conditional access.
Implement and maintain Privileged Access Management (PAM) for network administrators and service accounts.
Define and enforce RBAC and least‑privilege models across network, cloud, and application layers.
Ensure IAM and network logs feed into SIEM for real‑time detection of credential misuse.
Governance, Compliance & Partner Connectivity Assurance
Develop and maintain network security standards and policies for segmentation, encryption, firewall rules, cloud access, and partner circuits.
Conduct risk assessments for all P2P and financial partner connections.
Define onboarding/offboarding processes for new business partners, including security validation and continuous monitoring.
Ensure compliance with FFIEC, SEC, FINRA, SOX, and internal audit requirements.
Create and maintain runbooks and playbooks for network incidents, partner link outages, and trading system disruptions.
Required
Qualifications
8+ years of experience in enterprise network engineering, architecture, or administration.
Expert‑level knowledge of routing, switching, firewalls, VPNs, SD‑WAN, and network segmentation.
Hands‑on experience with NGFW platforms (Palo Alto, Fortinet, Check Point, Cisco Firepower).
Strong understanding of cloud networking (AWS, Azure, GCP) and hybrid connectivity.
Experience supporting trading systems or financial‑sector connectivity.
Familiarity with regulatory frameworks (FFIEC, SEC, FINRA, SOX).
Preferred
Certifications such as CCNP/CCIE, PCNSE, NSE7+, JNCIP/JNCIE, or equivalent.
Experience with Zero Trust, SASE, CASB, and modern remote access technologies.
Proficiency in automation and scripting (Python, PowerShell, Ansible).
Experience designing network architectures for high‑availability, low‑latency environments.
Soft Skills
Strong leadership and architectural decision‑making abilities.
Excellent communication skills, including documentation and executive‑level reporting.
Ability to collaborate across IT, security, compliance, and business teams.
High attention to detail and a proactive mindset toward reliability and security.
Compensation & Benefits
Salary Range: $150,000 - $185,000
Loop Capital offers a comprehensive benefits plan which includes medical, dental, vision, disability and life insurances; Paid Holidays; Paid vacation, sick and personal days; and retirement plan.
Why This Role Matters
The Senior Network Architect & Administrator ensures the bank’s network is fast, resilient, secure, and audit‑ready—a foundational requirement for trading operations, client trust, and regulatory compliance. This role is instrumental in advancing the firm’s Zero Trust strategy, cloud modernization, and long‑term technology roadmap.
Show more Show less
Position Overview
The Senior Network Architect & Administrator is a critical technical leader responsible for designing, implementing, and maintaining a highly available, low‑latency, and secure enterprise network infrastructure. This role blends strategic architecture with hands‑on engineering, ensuring the network can support the demanding needs of trading systems, financial partner connectivity, cloud expansion, and regulatory compliance. The ideal candidate brings deep expertise in enterprise networking, hybrid cloud architectures, Zero Trust principles, and financial‑sector connectivity requirements.
This position is essential to building a resilient, scalable, and secure network foundation that enables the firm’s growth and protects mission‑critical operations.
Key Responsibilities
Enterprise Network Architecture & Modernization
Architect and maintain a multi‑tier, highly available enterprise network supporting trading, clearing, research, and client‑facing platforms.
Design and enforce advanced network segmentation for users, servers, trading systems, cloud workloads, and privileged administrative zones.
Lead the development of a Zero Trust Network Architecture (ZTNA), including micro‑segmentation, identity‑aware routing, and continuous verification.
Engineer secure, redundant partner connections (DTCC, BNYM, Bloomberg, MarketAxess, ArrowStreet) using dedicated circuits, VPNs, private connectivity, and strict ACLs.
Integrate cloud networking (AWS, Azure, GCP) with secure routing, private endpoints, and unified policy enforcement across hybrid environments.
Perimeter, Cloud, and Application Security Hardening
Architect and administer next‑generation firewalls (NGFW) with IPS, TLS inspection, sandboxing, and threat intelligence integrations.
Deploy and maintain Web Application Firewalls (WAF) and API gateways supporting trading platforms and client portals.
Strengthen cloud security posture using CSPM, CNAPP, and cloud‑native controls (Security Groups, NACLs, PrivateLink, IAM boundaries).
Implement secure remote access solutions using ZTNA, MFA, device posture checks, and continuous session monitoring.
Standardize encryption protocols (TLS 1.2/1.3, IPsec, MACsec) across internal, external, and partner connections.
Network Monitoring, Performance, and Threat Visibility
Build and maintain a unified network monitoring and logging architecture across firewalls, routers, switches, cloud networks, and partner circuits.
Collaborate with security teams to integrate network telemetry into SIEM platforms (Splunk, Sentinel, QRadar, Elastic).
Develop detection logic for anomalous trading activity, insider threats, credential abuse, and partner circuit deviations.
Participate in threat‑hunting activities and support automated response workflows through SOAR integrations.
Identity, Access, and Privileged Access Controls
Integrate network infrastructure with centralized IAM platforms (Azure AD/Entra, Okta, Ping) for SSO, MFA, and conditional access.
Implement and maintain Privileged Access Management (PAM) for network administrators and service accounts.
Define and enforce RBAC and least‑privilege models across network, cloud, and application layers.
Ensure IAM and network logs feed into SIEM for real‑time detection of credential misuse.
Governance, Compliance & Partner Connectivity Assurance
Develop and maintain network security standards and policies for segmentation, encryption, firewall rules, cloud access, and partner circuits.
Conduct risk assessments for all P2P and financial partner connections.
Define onboarding/offboarding processes for new business partners, including security validation and continuous monitoring.
Ensure compliance with FFIEC, SEC, FINRA, SOX, and internal audit requirements.
Create and maintain runbooks and playbooks for network incidents, partner link outages, and trading system disruptions.
Required
Qualifications
8+ years of experience in enterprise network engineering, architecture, or administration.
Expert‑level knowledge of routing, switching, firewalls, VPNs, SD‑WAN, and network segmentation.
Hands‑on experience with NGFW platforms (Palo Alto, Fortinet, Check Point, Cisco Firepower).
Strong understanding of cloud networking (AWS, Azure, GCP) and hybrid connectivity.
Experience supporting trading systems or financial‑sector connectivity.
Familiarity with regulatory frameworks (FFIEC, SEC, FINRA, SOX).
Preferred
Certifications such as CCNP/CCIE, PCNSE, NSE7+, JNCIP/JNCIE, or equivalent.
Experience with Zero Trust, SASE, CASB, and modern remote access technologies.
Proficiency in automation and scripting (Python, PowerShell, Ansible).
Experience designing network architectures for high‑availability, low‑latency environments.
Soft Skills
Strong leadership and architectural decision‑making abilities.
Excellent communication skills, including documentation and executive‑level reporting.
Ability to collaborate across IT, security, compliance, and business teams.
High attention to detail and a proactive mindset toward reliability and security.
Compensation & Benefits
Salary Range: $150,000 - $185,000
Loop Capital offers a comprehensive benefits plan which includes medical, dental, vision, disability and life insurances; Paid Holidays; Paid vacation, sick and personal days; and retirement plan.
Why This Role Matters
The Senior Network Architect & Administrator ensures the bank’s network is fast, resilient, secure, and audit‑ready—a foundational requirement for trading operations, client trust, and regulatory compliance. This role is instrumental in advancing the firm’s Zero Trust strategy, cloud modernization, and long‑term technology roadmap.
Show more Show less
Similar Jobs
M
HBM PE DFT
Micron · Boise, United States, North America
N
Test Engineer - Photonic
NVIDIA · Roskilde, Denmark, Europe
N
Lead Engineer, Healthcare Data Operations and Strategy
NVIDIA · Santa Clara, United States, North America
AM
Administrative Assistant – Categorie Protette L.68/99
Applied Materials · Treviso, Italy, Europe