L4 Security Architect Advanced Network & Cloud Security

Los Angeles, CA - USA

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

We are seeking a senior L4 Security Architect to lead the design and implementation of advanced security architectures for large-scale enterprise environments. This role focuses on multi-vendor NGFW DDoS mitigation identity and access control and full-stack observability integrated with automation and orchestration. The ideal candidate demonstrates deep hands-on expertise across Cisco security platforms threat analytics and modern security frameworks with proven experience driving complex deployments and mentoring engineering teams.

Key Responsibilities

Architect end-to-end security solutions: Design secure network architectures incorporating NGFW segmentation NAC and Zero Trust principles across campus data center and cloud environments.

Lead firewall and threat defense strategy: Implement Cisco Firepower Threat Defense (FTD) and Firewall Management Center (FMC) policies optimize multi-vendor NGFW (Cisco Palo Alto Fortinet) deployments and ensure high availability.

DDoS protection and mitigation: Design and operationalize Radware DDoS and NTT GIN DDoS solutions for critical infrastructure resilience.

Identity and access control: Architect Cisco ISE for policy enforcement NAC posture and segmentation; integrate Cisco DUO for MFA and Zero Trust access.

Secure visibility and analytics: Deploy Cisco Secure Network Analytics (SNA) ThousandEyes and Grafana dashboards for real-time threat detection and performance monitoring.

Cloud and SaaS security: Implement Cisco Umbrella for DNS-layer protection and CSSPM for cloud posture management.

Automation and orchestration: Develop SOAR workflows optimize SIEM/XDR integrations and drive security automation using Python Ansible and API-based frameworks.

Governance and compliance: Produce HLD/LLD security standards segmentation policies and compliance artifacts; contribute to reusable templates and reference architectures.

Mentorship and leadership: Guide engineering teams through design reviews security best practices and operational enablement sessions.

Stakeholder engagement: Collaborate with network cloud and application teams to align security architecture with business objectives and measurable outcomes.

Required Qualifications (Must-Have)

10 years in enterprise security architecture and engineering including 35 years leading multi-vendor NGFW and advanced security solutions at scale.

Proven hands-on expertise with Cisco FTD/FMC Radware DDoS Cisco Umbrella Cisco ISE Cisco DUO and Cisco Secure Network Analytics.

Strong experience with ThousandEyes Grafana and observability-driven security analytics.

Deep knowledge of SIEM SOAR XDR and security automation frameworks.

Demonstrated success in segmentation design NAC posture enforcement and Zero Trust implementation.

Preferred Qualifications

Cisco Certified Specialist or CCIE Security; certifications in Palo Alto Fortinet or cloud security (AWS/Azure).

Experience with CSSPM ARP optimization and advanced threat intelligence platforms.

Familiarity with Catalyst Center for integrated automation and assurance.

Strong scripting and automation skills (Python Ansible Terraform).