Role Summary
Role is for a visionary and highly technical Network Architect to protect critical assets, and enforce zero-trust principles. This architect will specialize in Network Segmentation technologies to design, implement, and evolve our next-generation enterprise network security architecture. In this role, you will be the primary blueprint contributor to define how our global network separates networks, isolates endpoint threats, and segments workloads. You will lead the strategic shift from traditional flat networks to highly secure, micro-segmented environments across on-premises data centers, global offices, and multi-cloud infrastructure.
Key Responsibilities
- Architecture and Strategy
- Design Zero-Trust Frameworks: Define the overarching architectural strategy for macro- and micro-segmentation solutions across various areas of the Fidelity Multiservice Network: global WAN, regional centers, domestic and international satellite sites, data centers, colocation centers, investor centers, and public cloud environments (AWS, Azure).
- Technology Selection: Evaluate, pilot, and select enterprise-grade segmentation technologies, including Software-Defined Access (SD-Access), Software-Defined WAN (SD-WAN), Zero Trust Network Access (ZTNA), Next-Generation Firewalls, and workload micro-segmentation
- Standardization: Develop and maintain network and security standards, reference architectures, blueprint designs and Fact Sheets, and design templates.
- Engineering and Implementation
- Micro-Segmentation Deployment: Architect and oversee the deployment of host-based and fabric-based micro-segmentation solutions to protect critical workloads and applications.
- Identity and Access Integration: Integrate network segmentation policies with enterprise identity providers (IdP) and Network Access Control (NAC) systems to enforce dynamic, identity-aware access controls.
- Cloud and Hybrid Connectivity: Design secure, seamless, yet segmented connectivity between on-premise and cloud environments.
- Collaboration and Governance
- Cross-Functional Alignment: Partner closely with partners in Enterprise Cybersecurity and Network Engineering teams to translate architectural visions, strategies, and blueprints into deployment plans.
- Risk and Compliance Support: Ensure network architectures comply with all relevant policies, standards and guidelines.
- Mentorship: Provide technical leadership and mentorship to network engineering and operations teams, ensuring smooth operational handoffs.
Qualifications and Skills
- Required Experience: Network engineering and architecture. Focus on network security and segmentation initiatives. Core networking protocol knowledge: BGP, OSPF, EVPN-VXLAN, MPLS, VRF-Lite, and VLAN design.
- Segmentation Expertise: Hands-on experience and architectural design using technologies such as Cisco TrustSec/ISE, Cisco Tetration/Secure Workload, Akamai Guardicore, Illumio, and/or Palo Alto Networks NGFW/App-ID.
- Enterprise Security: Strong understanding of Zero-Trust Network Access (ZTNA), Secure Access Service Edge (SASE) architectures, and stateful firewalling.
- In-depth knowledge of L3/4 protocols such as TCP,UDP, ICMP, and L7 protocols such as DNS, DHCP, Kerberos/NTLM, LDAP, SSH, RDP, DTLS, SMB, IKE, ISAKMP, HTTP/s, SIP, SNMP, Syslog, etc.
- Strong understanding of encryption methods and technologies at all layers: network, link, file/block, table column/row/field, associated ciphers, and key management practices for both certificate private/public asymmetric keys as well as symmetric keys
Fidelity’s Onsite Working Model
Fidelity is transitioning to a full-time onsite working model through a phased rollout across regions and roles. Currently, some roles and locations require 100% onsite presence, while others require less. Onsite expectations are likely to evolve as the rollout continues. This transition does not apply to fully remote roles.
Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.
Skills Required
- Proven network engineering and architecture experience with a focus on network security and segmentation initiatives
- Core networking protocol expertise: BGP, OSPF, EVPN-VXLAN, MPLS, VRF-Lite, VLAN design
- Hands-on and architectural experience with segmentation technologies such as Cisco TrustSec/ISE, Cisco Tetration/Secure Workload, Akamai Guardicore, Illumio, Palo Alto NGFW/App-ID
- Experience designing and implementing Zero-Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures
- Experience deploying host-based and fabric-based micro-segmentation to protect workloads and applications
- Experience integrating network segmentation policies with enterprise identity providers (IdP) and Network Access Control (NAC) systems
- Designing secure hybrid and cloud connectivity between on-premises and cloud environments (AWS, Azure)
- In-depth knowledge of L3/L4 protocols (TCP, UDP, ICMP) and L7 protocols including DNS, DHCP, Kerberos/NTLM, LDAP, SSH, RDP, DTLS, SMB, IKE/ISAKMP, HTTP/s, SIP, SNMP, Syslog
- Strong understanding of encryption methods and key management practices across network, link, and data layers
- Ability to develop and maintain network/security standards, reference architectures, blueprints and to mentor/lead engineering teams
Fidelity Investments Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Fidelity Investments and has not been reviewed or approved by Fidelity Investments.
-
Strong & Reliable Incentives — Bonuses, commissions, and profit-sharing are presented as generous and meaningful components of total compensation, with certain roles achieving high total earnings through multiple pay streams. Variable pay is consistently framed as a positive contributor beyond base salary.
-
Retirement Support — A 401(k) match up to 7% alongside additional profit-sharing up to 10% materially enhances long-term compensation. These retirement features are highlighted as standout strengths of the overall package.
-
Parental & Family Support — Generous paid parental leave (16 weeks maternity, 12 weeks parental), backup dependent care, and adoption assistance provide robust family support. Hybrid work and caregiving resources further ease family responsibilities.
Fidelity Investments Insights
What We Do
At Fidelity, our goal is to make financial expertise broadly accessible and effective in helping people live the lives they want. We do this by focusing on a diverse set of customers: - from 23 million people investing their life savings, to 20,000 businesses managing their employee benefits to 10,000 advisors needing innovative technology to invest their clients’ money. We offer investment management, retirement planning, portfolio guidance, brokerage, and many other financial products. Privately held for nearly 70 years, we’ve always believed by providing investors with access to the information and expertise, we can help them achieve better results. That’s been our approach- innovative yet personal, compassionate yet responsible, grounded by a tireless work ethic—it is the heart of the Fidelity way.








