Hybrid Cloud & Network Security Architect
Share
Job Location:
Daily Salary:
Posted on:
Vacancies:
Job Summary
Role Overview
We are seeking an experienced Hybrid Cloud & Network Security Architect to lead the design and definition of a secure scalable hybrid cloud edge and DMZ hosting architecture. The role is architecture-led and outcome-focused responsible for defining target state designs security controls governance alignment and delivery planning to enable future migration phases.
This is a hands-on architecture and design role not an implementation-only position.
Key Objectives & Outcomes
Business Objectives (what outcomes are you looking to achieve through this service): Target Architecture Document for cloud edge and DMZ hosting (including diagrams logical and physical topology).
Hybrid Connectivity Design Principles and Standards (DNS-based policy Zero Trust segmentation firewalling).
Detailed Bill of Materials (vendor/platform options sizing licence models costs to Class 4 estimate).
Delivery Project Plan (work breakdown structure stage gates dependencies critical path).
Security & Compliance Controls mapping (ISO 27001 NIST GDPR alignment).
Risk Register and Mitigation Plan (including security risks during migration).
Stakeholder Engagement & Governance Plan (EICTH Futures tollgates comms plan).
Migration Strategy outline (phasing cutover options rollback) to inform later phases.
In-Scope Activities:
Establish full inventory of services impacting hybrid flows and analyse existing traffic patterns.
Target architecture design for cloud edge DMZ hosting model and hybrid connectivity (including DNS-based policy enablement).
Network & security BoM definition (hardware software licences) and delivery project plan with stage gates.
Liaison with internal teams (Digital Distribution Connectivity Architecture InfoSec Service Assurance Commercial) to define cross-connects circuits and governance alignment.
Assessment of hyperscaler scope (AWS in baseline; Azure/GCP to be evaluated) and interconnection locations (carrier-neutral DCs/IX presence).
Deliverables or KPIs (e.g. uptime % response times resolution targets etc) Target Architecture Document for cloud edge and DMZ hosting (including diagrams logical and physical topology).
Hybrid Connectivity Design Principles and Standards (DNS-based policy Zero Trust segmentation firewalling).
Detailed Bill of Materials (vendor/platform options sizing licence models costs to Class 4 estimate).
Delivery Project Plan (work breakdown structure stage gates dependencies critical path).
Security & Compliance Controls mapping (ISO 27001 NIST GDPR alignment).
Risk Register and Mitigation Plan (including security risks during migration).
Stakeholder Engagement & Governance Plan (EICTH Futures tollgates comms plan).
Migration Strategy outline (phasing cutover options rollback) to inform later phases.
Requirements
Technical Environment
Key Technologies Platforms or Vendors where experience is required:
Core Networking
Enterprise LAN/WAN/SD-WAN architecture and design.
Routing & switching (L2/L3) Wi-Fi controllers/enterprise deployments.
Network performance engineering (capacity planning QoS traffic engineering).
Security Expertise
Firewalls VPNs IDS/IPS secure segmentation Zero Trust architecture.
Threat detection/response SIEM integration incident response.
Compliance frameworks (ISO 27001 NIST GDPR).
Cloud & Hybrid Networking
AWS/Azure/GCP networking (VPC/VNet Transit Gateway cloud firewalls).
Hybrid integration secure tunnels SASE/SD-WAN.
Platforms & Tools
Cisco Arista Aruba ClearPass Infoblox Mist Fortinet Check Point.
Security Service Edge (Zscaler ZIA ZPA ZDX ZIdentity Cloud/Branch Connector).
Monitoring/automation (SNMP NetFlow Ansible Terraform); packet analysis (Wireshark).
Soft Skills
Stakeholder communication documentation/reporting leadership/mentoring.
Number of locations / Sites covered
Key 2 locations : Existing DMZ infrastructure all exists in London and Manchester so ideally either of those.
Operational Requirements
Reporting Requirements (Monthly Reporting / Dashboards / Reviews):
Regular stand up meetings and ad hoc project meetings
Programme governance: EICTH Futures; tollgates for key decisions/milestones.
Weekly status report: progress risks/issues decisions required.
Stakeholder reviews: Architecture (TDA) InfoSec Service Assurance Commercial.
Communication Channels (Teams / Slack / Ticketing / Emails):
MS Teams emails
Knowledge Transfer / Handover Expectations when Service Concludes: Fully documented knowledge articles/handover
Company Industry
IT Services and IT Consulting
Key Skills
- Load Balancing
- Routing Protocols
- Network Engineering
- BGP
- LAN
- Computer Networking
- IPsec
- OSPF
- Cisco ASA
- Juniper
- MPLS
- Network Architecture
