Senior Network Architect & Administrator

Loop Capital is a full-service investment bank, brokerage, asset management and advisory firm that provides creative capital solutions for corporate, governmental, and institutional entities across the globe. Loop Capital and its affiliates serve clients in fixed income asset management, corporate and public finance, financial advisory services, tax exempt and global equity sales, trading and research, analytical services and financial consulting services.

Loop Capital values diversity and inclusion, professional growth opportunities, purpose driven work and a collaborative and innovative culture.

Position Overview

The Senior Network Architect & Administrator is a critical technical leader responsible for designing, implementing, and maintaining a highly available, low‑latency, and secure enterprise network infrastructure. This role blends strategic architecture with hands‑on engineering, ensuring the network can support the demanding needs of trading systems, financial partner connectivity, cloud expansion, and regulatory compliance. The ideal candidate brings deep expertise in enterprise networking, hybrid cloud architectures, Zero Trust principles, and financial‑sector connectivity requirements.

This position is essential to building a resilient, scalable, and secure network foundation that enables the firm's growth and protects mission‑critical operations.

Key Responsibilities

Enterprise Network Architecture & Modernization

* Architect and maintain a multi‑tier, highly available enterprise network supporting trading, clearing, research, and client‑facing platforms.

* Design and enforce advanced network segmentation for users, servers, trading systems, cloud workloads, and privileged administrative zones.

* Lead the development of a Zero Trust Network Architecture (ZTNA), including micro‑segmentation, identity‑aware routing, and continuous verification.

* Engineer secure, redundant partner connections (DTCC, BNYM, Bloomberg, Market Axess, Arrow Street) using dedicated circuits, VPNs, private connectivity, and strict ACLs.

* Integrate cloud networking (AWS, Azure, GCP) with secure routing, private endpoints, and unified policy enforcement across hybrid environments.

Perimeter, Cloud, and Application Security Hardening

* Architect and administer next‑generation firewalls (NGFW) with IPS, TLS inspection, sandboxing, and threat intelligence integrations.

* Deploy and maintain Web Application Firewalls (WAF) and API gateways supporting trading platforms and client portals.

* Strengthen cloud security posture using CSPM, CNAPP, and cloud‑native controls (Security Groups, NACLs, Private Link, IAM boundaries).

* Implement secure remote access solutions using ZTNA, MFA, device posture checks, and continuous session monitoring.

* Standardize encryption protocols (TLS 1.2/1.3, IPsec, MACsec) across internal, external, and partner connections.

Network Monitoring, Performance, and Threat Visibility

* Build and maintain a unified network monitoring and logging architecture across firewalls, routers, switches, cloud networks, and partner circuits.

* Collaborate with security teams to integrate network telemetry into SIEM platforms (Splunk, Sentinel, QRadar, Elastic).

* Develop detection logic for anomalous trading activity, insider threats, credential abuse, and partner circuit deviations.

* Participate in threat‑hunting activities and support automated response workflows through SOAR integrations.

Identity, Access, and Privileged Access Controls

* Integrate network infrastructure with centralized IAM platforms (Azure AD/Entra, Okta, Ping) for SSO, MFA, and conditional access.

* Implement and maintain Privileged Access Management (PAM) for network administrators and service accounts.

* Define and enforce RBAC and least‑privilege models across network, cloud, and application layers.

* Ensure IAM and network logs feed into SIEM for real‑time detection of credential misuse.

Governance, Compliance & Partner Connectivity Assurance

* Develop and maintain network security standards and policies for segmentation, encryption, firewall rules, cloud access, and partner circuits.

* Conduct risk assessments for all P2P and financial…