Network Architect - DV Cleared Outside IR35
Role details
Job location
Tech stack
Job description
The Network Architect will be accountable for the end-to-end design, governance, and evolution of secure, resilient, and operationally sustainable network architectures across Microsoft Azure, Microsoft 365, hybrid cloud, and modern data-centre environments.
The role spans IaaS, PaaS, and SaaS connectivity, VXLAN BGP EVPN, and identity-centric security architectures, ensuring tight integration between networking, identity systems, endpoint security, NDR, XDR, behavioural analytics, and incident response workflows.
This is a design authority and strategy-defining role, supporting greenfield builds, Legacy network modernisation, and cyber-resilience uplift in line with modern threat landscapes and regulatory expectations.
CCIE-level network architect with extensive hands-on experience across Cisco (Catalyst, Nexus, Meraki, ACI), Juniper, Aruba/HP and Arista.
Proven delivery of large-scale end-to-end designs and implementations.
Deep expertise in routing and core networking (BGP, OSPF, MPLS, VRF, SD-WAN, QoS, IPv6, Multicast, VoIP/CUCM), datacentre fabrics (Spine-Leaf, VXLAN, Nexus/ACI, Juniper QFX), wireless (Cisco/Aruba), and cloud networking across AWS, Azure and GCP including hybrid and multi-cloud.
Strong security background spanning Firewalls and VPNs (Palo Alto, Fortinet, Checkpoint, Cisco, Juniper), ISE/802.1x, IPsec, micro-segmentation, ZTNA and SASE (Zscaler, Prisma), with CASB and DLP integration.
Experienced in monitoring and operations (SolarWinds, Wireshark, DNAC, SNMP), platforms (Windows, AD, VMware, Hyper-V, Linux), and modern network automation using Ansible, Terraform, Python and pyATS.
Key Responsibilities
- Network Architecture & Design Authority
Define and own enterprise network architecture standards across:o Microsoft Azure (IaaS and PaaS) o Microsoft 365 and other SaaS platforms o On-premises and colocation data centres
Produce and govern: o Reference architectures o High- and low-level designs o Network and security patterns Ensure all designs are: o Secure by design o Highly available and resilient o Operationally sustainable and supportable at scale Act as technical design authority across change, transformation, and assurance initiatives.
- Cloud Networking (IaaS, PaaS & SaaS)
Design secure and scalable network solutions for: o IaaS workloads (VMs, routing, private endpoints, hybrid integration) o PaaS services (private access, ingress/egress control, service endpoints) o SaaS platforms (Microsoft 365, identity-aware access, traffic optimisation)
Implement Azure networking patterns including: o Hub-and-spoke and Virtual WAN architectures o VNets, peering, routing, NSGs o Azure Firewall, Application Gateway, load balancing Reduce reliance on Legacy perimeter models by enabling identity-centric and Zero Trust-aligned network designs.
- Data Centre Fabric Architecture (VXLAN BGP EVPN)
Architect and govern networks using: o VXLAN BGP EVPN Deliver: o Greenfield VXLAN EVPN fabric builds o Migration strategies from traditional Layer 2/Layer 3 networks to EVPN fabrics Ensure fabric designs support: o Multi-tenancy o East-west traffic visibility o Hybrid cloud integration o Security and telemetry requirements Maintain alignment between on-prem fabric architecture and cloud networking models.
- Fabric Management & Control
Provide architectural and operational oversight using: o Cisco Nexus Dashboard Fabric Controller (formerly DCNM) Ensure: o Consistent fabric configuration o Policy-based network management o Operational visibility and life cycle control Promote automation and repeatability to reduce configuration drift and risk.
- Identity, Endpoint & Zero Trust Integration
Design identity-aware network architectures integrated with: o Microsoft Entra IDo Conditional Access o Endpoint trust signals Ensure networking decisions support: o Context-aware access o Least privilegeo Application-level trust Align network controls with endpoint and identity security strategies.
- Network Detection & Response (NDR)
Architect network visibility to enable NDR capabilities, including: o East-west traffic inspection within VXLAN EVPN fabrics o North-south monitoring at cloud and data centre boundaries Ensure network telemetry supports: o Lateral movement detection o Behavioural analytics o Threat hunting Balance visibility, performance, and availability.
- Extended Detection & Response (XDR)
Enable XDR across network, identity, endpoint, cloud, and SaaS layers. Ensure NDR telemetry enriches: o XDR detections o Kill-chain correlation Integrate network designs with: o SIEM platforms (eg Microsoft Sentinel) o SOAR automation o Incident response workflows Support automated containment and response actions.
- SIEM, SOAR & Incident Response Enablement
Design telemetry pipelines that feed: o SIEM correlationo SOAR playbooks o Security operations workflows Ensure network architectures support: o Rapid detectiono Containment o Recovery during cyber incidents, including ransomware Provide architectural leadership during major security incidents.
- Governance, Risk & Cyber Resilience
Define and maintain network standards aligned to: o ISO 27001:2022 o NCSC Cyber Assessment Framework o Microsoft security benchmarks Support: o Risk assessments o Security assurance activities o Regulatory and customer audits Embed cyber resilience principles including: o Segmentationo Immutable backup support o Secure recovery architectures
Requirements
Proven experience designing network solutions for IaaS, PaaS, and SaaS environments. Strong knowledge of: o Network architecture o Identity systems o Cloud and endpoint security o NDR, XDR, and behavioural analytics
Experience in: o Architectures using VXLAN BGP EVPN
Experience delivering: o Greenfield network builds o Migration of traditional networks to VXLAN BGP EVPN fabrics Hands-on experience with: o Cisco Nexus Dashboard Fabric Controller (DCNM)
Experience integrating: o SIEM and SOAR platforms o Telemetry pipelines o Incident response workflows Ability to design and clearly articulate secure, resilient, and operationally sustainable solutions to both technical and non-technical stakeholders.
Professional Qualifications AWS Certified Advanced Networking Specialist AWS Certified Solutions Architect Associate Cisco Certified Network Professional (CCNA & CCNP) Cisco Certified Design Professional (CCDA & CCDP) Cisco Certified Internetwork Professional (CCIP) VMware Certified Administrator - Data Centre Virtualisation (VCA-DCV) Microsoft Certified Professional (MCP)
