Job Description:

Note: Fidelity is not providing immigration sponsorship for this position.

Job Title: Principal Network Engineer - Network Segmentation

Role Summary

We are seeking an experienced Network Engineer to support a data center network segmentation initiative focused on implementing micro segmentation and Zero Trust architecture. The role involves designing, deploying, and optimizing segmentation policies using Segmentation platforms. You will be part of the team that leads the strategic shift from traditional flat networks to highly secure, micro-segmented environments across on-premises data centers, global offices, and multi-cloud infrastructure.

You will work closely with security, infrastructure, and application teams to improve east-west traffic visibility, reduce attack surface, and enforce least-privilege communication.

Location

Westlake, Texas (Onsite)

Key Responsibilities

Design and Architecture

• Design and implement network segmentation and micro segmentation strategies across data center environments

• Develop Zero Trust network architectures aligned with enterprise security policies

• Define segmentation models (application-centric, environment-based, etc.)

Implementation

• Deploy and configure:

• Segmentation Platforms across On-Prem and Cloud Data Centers

• Create and enforce security policies for east-west traffic

• Integrate segmentation tooling with:

• Firewalls

• SIEM/SOAR platforms

• CMDB / asset inventory systems

Traffic Analysis and Policy Creation

• Analyze application dependencies and traffic flows

• Build and validate allow/deny rules and segmentation policies

• Support policy simulation, testing, and enforcement phases

Operations and Optimization

• Monitor segmentation effectiveness and tune policies

• Troubleshoot connectivity issues related to segmentation enforcement

• Ensure high availability and scalability of segmentation deployments

Collaboration

• Partner with:

• Application owners

• Security teams

• Infrastructure/Cloud teams

• Drive workshops and onboarding sessions for segmentation adoption

Qualifications and Skills

• 7 - 10 plus years of experience in:

• Network engineering

• Data center networking

• Prior experience in large-scale segmentation or migration projects

• Hands-on experience with Segmentation platforms (Illumio, Guardicore (Akamai), Cisco Secure Workload/Tetration)

• Strong understanding of:

• Networking: Cisco, HP, Arista, Palo Alto, Check Point, Juniper

• TCP/IP, routing, switching

• Firewalls and ACLs

• Network security principles

• Experience with:

• Application dependency mapping

• East-west traffic inspection

• Experience with Enterprise Security:

• Strong understanding of Zero-Trust Network Access (ZTNA), Secure Access Service Edge (SASE) architectures, and stateful firewalling.

• Experience with:

• Cloud platforms (AWS, Azure, GCP)

• Kubernetes / container networking

• Scripting/automation skills:

• Python, PowerShell, or APIs

• Experience CMDB Tools and Technologies (ServiceNow)

• Familiarity with Linux and Windows server environments

• Experience working in financial services or highly regulated environments

Certifications:

Category:

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.