Network Architect

Our client is a large UK-based organisation operating a complex hybrid network estate spanning corporate offices, distributed frontline sites, data centres and cloud services. As part of a multi-year cyber security, controls and resilience programme, they are seeking an experienced Network Architect to lead a structured discovery into network segmentation - assessing the current landscape, defining viable segmentation approaches, and producing decision-ready, board-level recommendations to inform future mobilisation.

This is a discovery and options-analysis engagement only. No implementation, build, or technical change is in scope.

What you'll do

• Establish a clear, evidence-based view of the current network landscape, topology, dependencies and constraints.
• Assess feasible segmentation approaches that support cyber resilience, operational continuity and incident response - including reducing blast radius, protecting Tier 1 and Tier 2 services, and partial/full lockdown scenarios.
• Define differentiated treatment for higher-risk, distributed and third-party-connected environments requiring greater isolation.
• Identify the technology, vendor, security and operating-model dependencies required to enable segmentation.
• Develop and compare viable target-state options (incumbent-platform, vendor-specific, vendor-agnostic, incremental and transformational) with feasibility, indicative cost, risk and delivery complexity.
• Produce decision-oriented outputs and present findings through structured playback and governance forums.

Key deliverables

• Current-state assessment and segmentation readiness summary (with evidence quality and confidence ratings).
• Service criticality and dependency summary (Tier 1 / Tier 2 definition and prioritised view).
• Target-state options pack and board-ready options & recommendation paper.
• Indicative roadmap, dependency view and mobilisation entry criteria.
• Optional Network Access Control (NAC) readiness considerations where relevant.

• Senior network architecture experience across large, complex hybrid estates (multi-site, data centre and cloud).
• Demonstrable network segmentation strategy and design experience (macro/micro-segmentation, crisis-mode / lockdown models).
• Strong understanding of segmentation for cyber resilience - blast radius reduction, isolation of higher-risk environments, protection of critical services.
• Working knowledge of firewalls, SD-WAN, wireless, identity and NAC concepts as segmentation enablers.
• Ability to translate cyber and business outcomes into network requirements and structured option-evaluation criteria.
• Senior stakeholder engagement and the ability to produce decision-ready, board-level artefacts.
• Independent discovery / options-analysis approach with strong assumptions and confidence-rating discipline.

Desirable

• Experience in regulated, safety-critical or operationally sensitive environments.
• NAC readiness or strategy experience.
• Awareness of how endpoint and SD-WAN strategies interact with segmentation.
• Relevant certifications (e.g. TOGAF, CISSP, vendor network architecture credentials).

Out of scope (please self-select)

• Hands-on implementation, configuration, migration or deployment.
• Low-level design, build documentation or production runbooks.
• Product selection, procurement support or vendor negotiation.
• Ongoing design authority beyond the engagement term.

Working arrangements

Hybrid working (UK), with remote and on-site delivery as agreed. Essential equipment provided. Operates within a controlled enterprise environment with formal governance and change processes.