- Company Name
- Reed Professional Services
- Job Title
- Enterprise Networks & Security Architect
- Job Description
-
**Job Title**
Enterprise Networks & Security Architect
**Role Summary**
Design and plan the target architecture for enterprise internet egress to enable secure, resilient hybrid cloud connectivity. Produce architecture documentation, connectivity principles, bill of materials, delivery plan, security & compliance mapping, risk register, and migration strategy, then govern implementation phases.
**Expectations**
* Deliver a complete Target Architecture Document with diagrams, topology, and logical/physical details.
* Define Hybrid Connectivity Design Principles and Standards (DNS‑based policy, Zero Trust segmentation, firewalling).
* Provide a detailed Bill of Materials, including vendor/platform options, sizing, license models, and Class 4 cost estimate.
* Draft a comprehensive Delivery Project Plan with WBS, stage gates, dependencies, and critical path.
* Map Security & Compliance Controls to ISO 27001, NIST, and GDPR.
* Create a Risk Register and Mitigation Plan for migration security risks.
* Govern stakeholder engagement through tollgates and communications.
* Outline a Migration Strategy with phasing, cutover options, and rollback plans.
**Key Responsibilities**
* Produce Target Architecture Document for cloud edge and DMZ hosting.
* Design and agree on Connectivity Design Principles and Standards.
* Develop Bill of Materials, sizing, licensing, and cost estimates.
* Construct detailed Delivery Project Plan.
* Map and document security & compliance controls.
* Create Risk Register and mitigation strategies.
* Engage stakeholders and manage governance.
* Plan migration approach and rollback procedures.
**Required Skills**
* Extensive enterprise LAN/WAN/SD‑WAN architecture and design experience.
* Routing & switching (L2/L3) and enterprise Wi‑Fi controller deployments.
* Network performance engineering: capacity planning, QoS, traffic engineering.
* Security expertise: firewalls, VPNs, IDS/IPS, secure segmentation, Zero Trust.
* Threat detection and response, SIEM integration, incident response.
* Compliance knowledge: ISO 27001, NIST, GDPR.
* Cloud & hybrid networking: AWS, Azure, GCP (VPC/VNet, Transit Gateway, cloud firewalls).
* Familiarity with Cisco, Arista, Aruba, ClearPass, Infoblox, Mist, Fortinet, Check Point, Zscaler ZIA/ZPA/ZDX/ZIdentity, Cloud/Branch Connectors.
* Monitoring and automation tools: SNMP, NetFlow, Ansible, Terraform.
* Packet analysis: Wireshark.
**Required Education & Certifications**
* Bachelor’s degree in Computer Science, Information Technology, Network Engineering, or related field.
* Relevant certifications such as CCNP/CCNP Enterprise, CCNA, JNCIS, CompTIA Security+, Certified Information Systems Security Professional (CISSP), or equivalent.