Network and Security Architect - SASE (Secure Access Service Edge)

• ZTNA & SASE Architecture Leadership:

• Lead the design, development, and evolution of Bosch's global ZTNA and SASE architecture, ensuring alignment with industry best practices, regulatory requirements, and Bosch's security policies.

• Define architectural patterns, standards, and blueprints for ZTNA and SASE components, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), Data Loss Prevention (DLP), and advanced threat protection.

• Evaluate and recommend new technologies, vendors, and solutions within the ZTNA/SASE ecosystem to enhance Bosch's security capabilities and optimize performance.

• Develop and maintain the architectural roadmap for ZTNA and SASE, forecasting future needs and anticipating technological shifts.

• Deployment and Integration:

• Oversee the end-to-end deployment of ZTNA and SASE solutions, including planning, design, implementation, testing, and go-live.

• Collaborate with network engineering, security operations, application development, and business units to ensure seamless integration of ZTNA/SASE with existing IT infrastructure and applications.

• Define integration strategies for identity providers (e.g., Azure AD), endpoint security solutions, and other security tools.

• Provide expert guidance and technical leadership to implementation teams and external vendors.

• Security Policy and Governance:

• Translate high-level security requirements into detailed ZTNA and SASE policies, rules, and configurations.

• Develop and enforce security standards and guidelines for secure access, data protection, and threat prevention within the SASE framework.

• Contribute to the continuous improvement of Bosch's overall security posture by identifying gaps and recommending proactive measures.

• Ensure compliance with relevant data privacy regulations (e.g., GDPR) and industry standards.

• Performance and Optimization:

• Monitor and analyze the performance of ZTNA and SASE solutions, identifying bottlenecks and proposing optimization strategies.

• Develop and implement strategies for traffic steering, policy enforcement, and user experience optimization.

• Conduct regular security audits and assessments of the ZTNA/SASE infrastructure.

• Collaboration and Communication:

• Act as a Subject Matter Expert (SME) for ZTNA and SASE within Bosch, providing technical leadership, guidance, and training to various teams.

• Communicate complex technical concepts to non-technical stakeholders, securing buy-in and fostering understanding.

• Collaborate effectively with global IT teams, business units, and external partners to achieve shared objectives.

• Participate in internal and external security forums and industry events to stay abreast of emerging threats and technologies.

• Proof-of-Concept & Vendor Management:

• Lead and participate in proof-of-concept (PoC) initiatives for new ZTNA/SASE technologies and solutions.

• Manage relationships with key security vendors, evaluating their offerings and ensuring alignment with Bosch's strategic direction.

• 10+ years of progressive experience in network and security architecture, with a strong focus on cloud security.

• 5+ years of hands-on experience designing, deploying, and managing large-scale ZTNA and SASE solutions in enterprise environments.

• Deep understanding and practical experience with leading SASE vendor platforms (e.g., Zscaler, Palo Alto Networks Prisma Access, Fortinet FortiSASE, Netskope, etc.).

• Proven expertise in Zero Trust principles and their practical implementation across various layers (identity, device, application, data).

• Strong knowledge of networking protocols (TCP/IP, BGP, OSPF, DNS, HTTP/S), VPN technologies (IPsec, SSL VPN), and network security concepts (firewalls, IDS/IPS, WAF).

• Experience with cloud platforms (Azure, AWS, GCP) and their security services.

• Proficiency in identity and access management (IAM) concepts and technologies (SAML, OAuth, OpenID Connect, MFA).

• Excellent analytical, problem-solving, and decision-making skills.

• Strong communication, presentation, and interpersonal skills with the ability to influence and persuade stakeholders at all levels.

• Ability to work independently and as part of a global, cross-functional team.

• Fluency in English (written and spoken).

• Experience with DevOps/SecDevOps practices and automation tools (e.g., Terraform, Ansible).

• Knowledge of microservices architecture and container security.

• Bonus: Experience in network automation and scripting (Python, Ansible, RESTful APIs, CI/CD, GIT).

• Comfortable working on both Linux and Windows systems.

• Soft Skills:

• Excellent problem-solving abilities.

• Strong communication and consulting skills.

• Customer-oriented mindset.

• Proactive, results-driven, and self-organized.

• Fluent in English (written and spoken).

• Willingness to participate in On-Call Duty support.

• Flexibility to occasionally work outside of standard office hours.

• Employment Contract
• Competitive salary + annual bonus
• Hybrid work with flexible working hours
• Referral Bonus Program
• Copyright costs for IT employees

• Complex environment of working, professional support and possibility to share knowledge and best practices
• Ongoing development opportunities in a multinational environment
• Broad access to professional trainings (incl. language courses), conferences and webinars

• Private medical care and life insurance
• Cafeteria System with multiple benefits (incl. MultiSport, shopping vouchers, cinema tickets, etc.)
• Prepaid Lunch Card
• Number of benefits for families (for instance summer camps for kids)
• Non-working day on the 31st of December

Bosch