Network Security Architect

Network Security Architect

W2 Contract (Must be a USC or have a Green Card)

No third-party candidates considered

St. Petersburg, FL

Prefer candidates in the EST time zone.

Our client is seeking a Sr. Network Security Architect. This position requires Arista (no exceptions) and certifications are preferred.

Job Summary

• Responsible for creating new network and network security architecture documents and designing complex network solutions that meet the organization's requirements for performance, automation, resiliency, scalability, security, and compliance. Work closely with the Lead Architect, Lead Engineers, and other IT teams, such as infrastructure, security, and applications, to ensure that the network is designed to meet the organization's needs.
• Design comprehensive secure network solutions by carefully selecting hardware and software components, ensuring optimal alignment with project requirements and objectives.
• Perform complex technology and system assessments, collect business and technical requirements, and employ advanced methodologies to assess the efficiency and effectiveness of existing systems.
• Create detailed network and network security documentation, including network diagrams and provide clear guidelines and seamless handover to network engineering team.
• Incorporate network and network security principles and practices into network architecture, ensuring the implementation of effective security controls, such as firewalls, intrusion detection systems, and encryption protocols, to safeguard the network against cyber threats.
• Assessing network capacity requirements based on current and projected usage patterns and planning for scalability to accommodate future growth and changing business needs.
• Use approved architecture templates to produce and maintain documentation with regards to design and architecture principals that will aid engineers in building, configuring, and testing of new systems or system changes.

Required:

• Experience with architecture and design principles.
• Experience in network and network security architecture, design, and documentation of medium-large scale enterprise networks (10,000 users)

Experience with Cisco and Arista enterprise technologies, such as:

• Layer 2 LAN technologies (STP, VLANs, VTP, LACP)
• High availability technologies (VPC, SVL, HSRP, VRRP, MLAG)
• Routing protocols concepts (BGP, EIGRP, OSPF, MPBGP, VXLAN)
• Experience in design and documentation of data center spine and leaf fabric (Arista/Cisco).
• Experience with SDWAN technologies (Cisco, Palo Alto ION)
• Experience with Secure Access Service Edge (SASE) technologies (Palo Alto Prisma Access)
• Experience with Cisco wireless technologies in a large enterprise environment (Cisco WLC, FlexConnect, CAPWAP)
• Experience with network security protocols, intrusion detection and prevention systems, secure socket layer (SSL) protocols, and virtual private networks (VPNs),
• Experience with Network performance optimization, capacity planning and load balancing.
• Ability to identify and understand issues, problems, and opportunities then compare data from different sources to draw conclusions.

Desirable:

• Experience with designing Palo Alto Centrally managed firewall platforms (NGFW Pan OS, Threat Prevention, UserID, Global Protect, and HA setup)
• Experience with designing F5 Clusters, Load balancing, SSL decryption policies, DNS Geolocation (LTM, GTM, APM, ASM/Cloud WAF).
• Experience with remote access VPN solutions (Global Protect, F5 BIG-IP Edge)
• Experience with designing Network Access Control (NAC) solutions (Forescout/Cisco ISE)
• Experience in designing secure and scalable network solutions for Cloud environments.

EDUCATION AND EXPERIENCE

• Bachelor's degree in computer science, information technology or a related field.
• 10 years of relevant experience in Network or Information Security, or an equivalent combination of education, training and experience.
• Financial services experience highly preferred.
• Cisco Certified Internetwork Expert (CCIE) is Preferred
• ITIL v3 Master Certification (Preferred)
• Security and control certifications (CISSP, CISM, CISA, CRISC) (Preferred)GIAC/SANS Certificates (Sec504/Sec560) (Preferred)