Cyber Security Architect - ZTNA

DTCCJersey City, NJ
Hybrid

About The Position

Are you ready to make an impact at DTCC? Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.

Requirements

  • Bachelors’ Degree and/or equivalent experience
  • 8+ years of experience in cybersecurity architecture, network security, or security engineering roles.
  • Demonstrated experience designing and implementing Zero Trust architectures in large enterprise environments.
  • Strong expertise in: Identity‑based access controls (SSO, MFA, conditional access), Secure network and application connectivity concepts, Hybrid and cloud‑based access architectures.
  • Experience integrating ZTNA/SSE platforms with: Identity providers (e.g., Entra ID, Okta, Ping), SIEM/SOAR solutions, Endpoint security and posture signals.
  • Ability to operate effectively across strategy, governance, and hands‑on execution.

Nice To Haves

  • Architecture and/or implementation experience with multiple of the following platforms: Zscaler, Cisco security and networking platforms, Akamai enterprise security and access solutions.
  • Familiarity with: Software‑defined perimeter and segmentation strategies, TLS inspection, certificate management, and privacy considerations, SaaS governance and shadow IT risk controls.
  • Professional certifications such as CISSP, CCSP, GIAC , or relevant vendor certifications preferred.

Responsibilities

  • Define and maintain enterprise ZTNA and SSE target‑state architectures , roadmaps, and transition strategies aligned with DTCC security principles.
  • Establish and document Zero Trust architecture standards , including identity‑centric access, least‑privilege enforcement, continuous verification, and segmentation.
  • Develop and maintain architecture artifacts, including: Reference architectures and solution patterns, High‑Level Designs (HLDs) and Low‑Level Designs (LLDs), Architecture Decision Records (ADRs).
  • Serve as the design authority for secure access and connectivity initiatives.
  • Translate enterprise security, regulatory, and risk requirements into enforceable architectural guardrails for ZTNA/SSE platforms.
  • Ensure access architectures support: Policy consistency and traceability, Exception management and approvals, Periodic access reviews and recertification, Audit and regulatory evidence requirements.
  • Participate in architecture review boards, security design reviews, and governance forums as the ZTNA/SSE subject‑matter expert.
  • Lead and actively participate in: Platform design and configuration, Proof‑of‑concepts and pilot implementations, Migration initiatives (including VPN modernization).
  • Architect and guide implementation of SSE capabilities, including: Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall‑as‑a‑Service (FWaaS), where applicable, Integration with Data Loss Prevention (DLP) services.
  • Design secure access models for: Workforce access to internal and cloud‑hosted applications, Third‑party and vendor access, Privileged and high‑risk access scenarios.
  • Design and maintain solutions across a multi‑vendor ZTNA/SSE ecosystem , including: Zscaler, Cisco security and secure access platforms, Akamai enterprise access and edge security services.
  • Perform comparative technical evaluations and develop vendor‑neutral architectural decision frameworks.
  • Lead vendor engagements, technical deep dives, and roadmap assessments.
  • Ensure operational integration with: SIEM/SOAR platforms, Logging, telemetry, and monitoring systems, Incident detection and response workflows.
  • Define and track access‑related KPIs and metrics, including: Reduction in legacy VPN reliance, Application onboarding progress to ZTNA, Policy exception volumes, Access anomaly detection and response effectiveness.
  • Drive continuous optimization of security posture, performance, and user experience.

Benefits

  • Competitive compensation, including base pay and annual incentive
  • Comprehensive health and life insurance and well-being benefits, based on location
  • Pension / Retirement benefits
  • Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service