Network Security Architect

Summary

We are seeking a senior L4 Security Architect to lead the design and implementation of advanced security architectures for large-scale enterprise environments. This role focuses on multi-vendor NGFW, DDoS mitigation, identity and access control, and full-stack observability integrated with automation and orchestration. The ideal candidate demonstrates deep, hands-on expertise across Cisco security platforms, threat analytics, and modern security frameworks, with proven experience driving complex deployments and mentoring engineering teams.

Key Responsibilities

• · Architect end-to-end security solutions: Design secure network architectures incorporating NGFW, segmentation, NAC, and Zero Trust principles across campus, data center, and cloud environments.
• · Lead firewall and threat defense strategy: Implement Cisco Firepower Threat Defense (FTD) and Firewall Management Center (FMC) policies, optimize multi-vendor NGFW (Cisco, Palo Alto, Fortinet) deployments, and ensure high availability.
• · DDoS protection and mitigation: Design and operationalize Radware DDoS and NTT GIN DDoS solutions for critical infrastructure resilience.
• · Identity and access control: Architect Cisco ISE for policy enforcement, NAC posture, and segmentation; integrate Cisco DUO for MFA and Zero Trust access.
• · Secure visibility and analytics: Deploy Cisco Secure Network Analytics (SNA), ThousandEyes, and Grafana dashboards for real-time threat detection and performance monitoring.
• · Cloud and SaaS security: Implement Cisco Umbrella for DNS-layer protection and CSSPM for cloud posture management.
• · Automation and orchestration: Develop SOAR workflows, optimize SIEM/XDR integrations, and drive security automation using Python, Ansible, and API-based frameworks.
• · Governance and compliance: Produce HLD/LLD, security standards, segmentation policies, and compliance artifacts; contribute to reusable templates and reference architectures.
• · Mentorship and leadership: Guide engineering teams through design reviews, security best practices, and operational enablement sessions.
• · Stakeholder engagement: Collaborate with network, cloud, and application teams to align security architecture with business objectives and measurable outcomes.

Required Qualifications (Must-Have)

• · 10 years in enterprise security architecture and engineering, including 3–5 years leading multi-vendor NGFW and advanced security solutions at scale.
• · Proven hands-on expertise with Cisco FTD/FMC, Radware DDoS, Cisco Umbrella, Cisco ISE, Cisco DUO, and Cisco Secure Network Analytics.
• · Strong experience with ThousandEyes, Grafana, and observability-driven security analytics.
• · Deep knowledge of SIEM, SOAR, XDR, and security automation frameworks.
• · Demonstrated success in segmentation design, NAC posture enforcement, and Zero Trust implementation.