Network Architect

Job Title: Network Architect (Security)

Position Type: 6-Month Contract-to-Hire

Location: Richmond, VA (Onsite)

Role Overview:

We are seeking a highly experienced, strategic, and hands-on Network Architect (Security) for a Contract-to-Hire opportunity in Richmond, VA. In this role, you will lead the architecture, design, and implementation of our enterprise and cloud networking environments. The ideal candidate will possess deep expertise in BGP routing, Cisco SD-WAN (Viptela), Palo Alto Networks firewalls, and cloud-hybrid architectures.

You will be instrumental in defining standards, executing network consolidation strategies across multiple business units, and serving as the ultimate technical authority for complex networking and security initiatives.

Key Responsibilities:

1. Architecture, Design & Strategy

• Lead the design, engineering, and implementation of robust enterprise and cloud networking architectures (Azure, AWS, hybrid).
• Develop and execute comprehensive network consolidation strategies across multiple business environments and business units.
• Architect secure, scalable connectivity patterns including site-to-site/client VPNs, SD-WAN deployments, cloud transit hubs, and hub-and-spoke models.
• Define global enterprise standards for routing, network segmentation, and high availability.

2. Cloud & Hybrid Networking

• Design and manage enterprise-grade networking in Microsoft Azure (primary), with familiarity in AWS and GCP.
• Implement and maintain virtual networks (VNets/VPCs), peering infrastructure, and private connectivity (ExpressRoute, Direct Connect).
• Design and enforce cloud network security controls, including Network Security Groups (NSGs), cloud firewalls, and user-defined routing tables.
• Ensure seamless, high-performance integration between on-premises and cloud environments.

3. Core Routing & Infrastructure

• Design, optimize, and troubleshoot highly complex routing environments utilizing BGP (deep expertise required), OSPF, and EIGRP.
• Craft and fine-tune routing policies for optimal performance, automated failover, and precise traffic engineering.
• Act as the final escalation point for complex, systemic issues including latency, packet loss, and asymmetric routing.

4. Network Security & Perimeter Control

• Manage and architect next-generation firewall solutions, with a heavy emphasis on Palo Alto Networks firewalls (PAN-OS, Panorama).
• Define, implement, and enforce granular security policies, NAT, and micro-segmentation strategies.
• Partner closely with information security teams to align network architecture with global threat mitigation and compliance requirements.

5. SD-WAN & Branch Office Networking

• Design, deploy, and optimize enterprise SD-WAN solutions utilizing Cisco Viptela (Cisco SD-WAN).
• Manage and optimize regional branch networking utilizing the Cisco Meraki full stack (MX, MS, MR).
• Ensure consistent policy enforcement, quality of service (QoS), and network visibility across all global sites.

6. Carrier & Operations Leadership

• Act as the primary technical liaison with telecom carriers and ISPs for circuit validation, design, and turn-ups (DIA, MPLS, broadband, LTE/5G).
• Serve as the Tier 3/4 escalation point for major network-related incidents.
• Mentor junior and mid-level engineers, provide technical governance, and maintain immaculate engineering documentation and runbooks.
• Participate in an architectural escalation/on-call rotation as needed.

 

Required Qualifications:

• Experience: 15+ years of progressive experience in network engineering and architecture roles.
• Routing Mastery: Deep, authoritative expertise in BGP routing protocols and large-scale network design.
• Firewall Expertise: Strong, hands-on engineering experience with Palo Alto Networks firewalls and Panorama.
• SD-WAN & Edge: Proven hands-on experience deploying and managing Cisco SD-WAN (Viptela) and the Cisco Meraki full stack (MX/MS/MR).
• Cloud Architecture: Demonstrated experience designing and implementing cloud networking infrastructure (specifically Azure and AWS).
• Carrier Management: Direct experience managing technical relationships, circuit turn-ups, and escalations with ISPs and telecom carriers

Preferred Qualifications:

• Consolidation Experience: Proven background managing multi-tenant or multi-environment network consolidations (e.g., during mergers, acquisitions, or corporate restructuring).
• Industry Certifications: Highly preferred certifications include:
• Cisco: CCNP / CCIE (Routing & Switching, Enterprise, or Security)
• Palo Alto: PCNSE (Palo Alto Networks Certified Network Security Engineer)
• Cloud: Azure Network Engineer Associate (AZ-700) or AWS Advanced Networking Specialty