Architect - Network and Security (Core42)

Architect - Network & Security (Core42) Job Overview

To design and implement network and security infrastructures in Data Centre, On Prem, Campus, and Public Cloud environments, with an emphasis on Azure cloud. The candidate will have experience in technical solution proposals, designing, implementing, integrating, and migrating Network Security solutions. As an Architect/Technical Lead, the candidate will be responsible for leading technical solution proposal workshops, effort estimation for projects, vendor engagements, BoQ preparation, client interactions, supervising network and security deployment configurations, and maintaining infrastructures.

Core Responsibilities

• Design and implement various data centre networking technologies including data centre fabric (Spine & Leaf topology with Cisco ACI, Juniper Apstra) and SDN (such as VMware NSX T).
• Design and implement core and perimeter firewalls for different technology providers, such as Cisco, Palo Alto, Fortinet and Juniper, in on prem and public cloud environments (mainly Azure).
• Design and implement the network and security environment on the public clouds, with main focus on Azure, including the Landing Zone and related network security components (native cloud and third party services) as per the design.
• Migrate on prem infrastructure to public/private cloud environments, and between on prem locations.
• Design and implement connectivity including Azure ExpressRoute, Virtual WAN, and VPN connections for Azure hybrid cloud environments.
• Conduct regular security assessments and vulnerability scans of Azure resources, and ensure alignment with Azure Well Architected framework.
• Design and implement Azure Security Center, Azure Sentinel, and other security monitoring tools.
• Develop and maintain disaster recovery and business continuity plans for Azure based systems.
• Stay up to date with the latest Azure networking and security features and best practices.
• Design and implement email security solution.
• Design and implement VPN solution.
• Design and implement identity and access management solution.
• Design and implement IPT and collaboration environment.
• Design and implement wireless networks.
• Develop and maintain high level design (HLD) and low level designs (LLD) documents, network security diagrams, network security installation configuration & guides, support procedures, test plans and runbooks.
• Prepare required rack diagrams, cabling, power and capacity requirements, working closely with the passive infrastructure teams to ensure cabling, power and capacity are met and as required for data centre hosting.
• Work closely with third party technology providers when required.
• Conduct user acceptance testing and fully support the implementation team to troubleshoot any issues during the implementation phase.
• Plan and execute the operation readiness process and hand over to end user.
• Conduct due diligence exercises and information gathering for client's network security infrastructure.
• Work closely with the pre sales team to review the RFPs and propose the required solutions.

Project Management

• Support the project scope, gather client requirements, and manage communications.
• Identify project tasks/activities and develop project schedules.
• Collaborate with team members and project stakeholders.
• Effectively communicate project objectives and goals.
• Complete project activities on time, within budget and within scope.
• Solve problems quickly, effectively communicate solutions and associated risks.
• Manage expectations and meet deadlines.

Project Deliverables

• Develop implementation plans.
• Prepare the technical solution proposal document.
• Prepare the high level design (HLD) document.
• Prepare the low level design (LLD) document.
• Prepare the network implementation plan (NIP) document.
• Prepare the network migration plan (NMP) document.
• Prepare the network ready for use (NRFU) document.

Minimum Qualifications

• Bachelor's degree or equivalent in Computer Science or related engineering field.
• Azure Security Engineer (AZ 500) certification (Preferred), with additional certifications such as AZ 700 (Designing and Implementing Microsoft Azure Networking Solutions) (Preferred).
• Designing Microsoft Azure Infrastructure Solutions (AZ 305) certification (Must).
• Cisco Certified Internetwork Routing and Switching/Security/Data Center (CCIE) (Preferred).
• Cisco Certified Network Professional in Collaboration (CCNP Collaboration) (Preferred).
• Palo Alto (PCNSE) or Fortinet NSE Certification (Must).
• VMware VCIX NV (Preferred).
• Azure solution architect certified (Preferred).
• F5 LTM/GTM certificate or equivalent vendor certificate (Preferred).
• ITIL foundation certification.

Minimum Experience

• At least 13+ years' experience in network security field, with minimum of 2+ years in architect role.
• Hands on experience designing and implementing Landing Zone component and the network security environment on Azure public cloud, including Azure native and third party services.
• Hands on experience on security hardening and best practices.
• Hands on experience with network virtualization technologies and SDN solutions, such as NSX & ACI.
• Hands on experience designing and implementing data centre solutions, legacy 3 tier & IP fabric (Spine & Leaf), with EVPN VxLAN knowledge.
• Strong skills in producing and maintaining technical documentation such as HLD, LLD and network diagrams.
• Experience with IP telephony solutions.
• Experience with Juniper/Cisco routing, switching and firewalling products.
• Expertise with wireless network implementation.
• Familiarity with PowerShell, Azure CLI, Terraform and ARM templates for automation and infrastructure as code.
• Strong experience with hybrid cloud architectures and connectivity solutions.
• Knowledge of compliance standards such as HIPAA, PCI DSS and ISO 27001.

Preferred Qualifications

• Familiarity with infrastructure automation tools including Terraform and Ansible.
• Familiarity with containerization technologies like Docker and Kubernetes.
• Knowledge of Python or other scripting languages for automation tasks.
• Knowledge of CI/CD pipelines and DevOps practices.
• CISSP, CCSP, or other relevant security certifications.

Referral Policy

Referrals increase your chances of interviewing at Core42 by 2x.