Principal Network Security Architect (Program Lead)

The DRR Cyber Vault redesign is defined by Charter as a principal-architect-level problem, not a staff-augmentation or PM-led exercise. Exhibit A requires tightly coupled decisions across zoning, backbone connectivity, air-gap preservation, data diode usage, and recovery validation. This role provides single-threaded architectural ownership across those domains. This role provides a single accountable architect responsible for delivering a HLD and LLD that satisfy all Exhibit A requirements and are approvable by Charter's designated signatories, reducing re-work and approval delays.

Primary Responsibilities

Own end-to-end design of the Cyber Vault architecture across all five zones (Landing, Validation, Immutable, Recovery/Clean Room, Management) and the external RVZ as a separate air-gapped domain.

Lead Phase 1 comparative evaluation (Option 1 vs Option 2) and present findings to Kyle Dreas, Emil Hulongbayan, Sean Freyholtz, and Brian Waff at Week 3 decision checkpoint.

Author and own the High-Level Design (HLD) and Low-Level Design (LLD) documents, including the architectural narrative and design rationale.

Lead all design-related stakeholder workshops with Charter SMEs (Justin Fortney, Feridoon Eskandar, Emil Hulongbayan, Sean Freyholtz) and coordinate with Ray Lord and Charter NEO/PE team for backbone integration.

Present interim and final designs to Brian Waff (GVP Connectivity Solutions) and John Hendrickson (SVP NEO) for approval per Mike Baldino's stipulated requirement.

Make architectural decisions during the engagement and document them in the Decision Log; the Decision Log is the authoritative reference for design choices.

On Option 1B: provide hands-on mentoring to Charter L3-L4 engineers, structured to elevate them toward L4-L5 capability over the engagement duration.

Serve as the primary technical escalation point for any design-related issue raised by the Charter team during the engagement.

Author the Implementation Readiness Assessment Phase 5 deliverable (LOE by role, sequencing, hardware procurement list).

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

15+ years in enterprise network architecture, with at least 8 years in security-focused network design.

Demonstrated experience designing air-gapped or isolated network environments, including hardware data diode integration (Owl Cyber Defense, EverFox, or equivalent vendors).

Deep working knowledge of NIST SP 800-53 Rev. 5 (specifically SC-7, SC-13, CP-6, CP-9, AC-2, AU-2 control families), SP 800-184 (isolated recovery environments), and SP 800-209 (storage segmentation).

Hands-on design experience with Palo Alto Networks PA-Series firewalls including Virtual Systems (VSYS) for both physical separation and software-defined segmentation models.

Hands-on design experience with Cisco Nexus switching architectures, including independent switching domains and consolidated MLAG platforms.

Working knowledge of enterprise backup platforms - specifically Cohesity DataProtect (Charter's consolidating standard); Veritas and Rubrik knowledge useful for current-state assessment.

Working knowledge of CyberArk (PAM), Active Directory, and RSA SecureID MFA for identity integration design.

Demonstrated ability to author technical documentation that withstands enterprise audit scrutiny.

Executive presence - able to present and defend architectural decisions to GVP/SVP-level stakeholders without preparation by a salesperson. Prior experience designing Cyber Recovery Vaults or equivalent isolated DRR environments at Fortune 100 enterprises.

Familiarity with Splunk Enterprise Security as a SIEM integration target.

Experience with ZTNA architecture design, particularly air-gapped or isolated deployment models.

Familiarity with telecommunications or MSO operating environments.

CISSP, CCIE Security, or equivalent certification (not required, but evidence of depth).

Prior experience as the named Principal Architect on a multi-year, GVP/SVP-approved enterprise design engagement.