Act as the end‑to‑end technical owner for the Network pillar, ensuring all designs embody Zero Trust principles and meet acceptance criteria,Delivery & Cyber frameworks, and architectural governance expectations. Provide leadership across discovery, design, integration, and transition to live, while reducing operational complexity and enabling secure, scalable connectivity for users, devices, applications, and workloads.
Key Responsibilities
* Own the HLD/MLD/LLD design packs for the Network pillar (campus, branch, data center, cloud, OT where applicable).
* Ensure Zero Trust alignment with NIST SP 800‑207, CISA ZTM, and CAF/eCAF mappings across all network patterns (user-to-app, device-to-app, east–west segmentation, hybrid connectivity).
* Lead all design reviews and governance submissions (TAG, DA, TSRB), addressing decisions, risks, and waivers with clear rationale.
* Define protect surfaces for the Network pillar; produce DAAS data‑flow artefacts and threat models for network control planes and data planes.
* Establish and maintain reference architectures & guardrails for:
* SSE/SASE & ZTNA (user-to-application access, policy enforcement, brokered access).
* Micro‑segmentation (data center and cloud), macro segmentation, and least‑privilege lateral movement controls.
* SD‑WAN/Cloud WAN, hybrid connectivity (MPLS/Internet), and cloud interconnects (e.g., ExpressRoute/Direct Connect).
* NAC/802.1X, posture, device identity, and guest/IoT/OT onboarding patterns.
* DDI (DNS/DHCP/IPAM), secure DNS, proxy/SWG, CASB, WAF, DDoS, VPN, and load balancing.
* Routing & resiliency (BGP, ECMP, HA), QoS, and performance engineering.
* Champion policy‑as‑code and infrastructure‑as‑code approaches for repeatable, testable, and governed network changes.
* Manage cross‑pillar dependencies (Device, Data, Application & Workload) and define integration patterns (identity, posture, tagging/labels, app identities, service meshes).
* Collaborate with Security, EUC, Cloud, SOC, and GRC to ensure designs fit the ecosystem and do not increase operational complexity.
* Risk, Assurance & Lifecycle
* Maintain pillar RAID (risks, assumptions, issues, dependencies) and mitigation plans across roadmap items.
* Define non‑functional requirements (availability, latency, throughput, capacity, observability) and acceptance criteria.
* Drive operational readiness (runbooks, KBs, monitoring/telemetry standards, KPIs/SLOs) and transition to support.
* Contribute to threat modeling, security testing strategies, and design control validation (e.g., segmentation efficacy, ZTNA policies, NAC outcomes).
* Network HLD/MLD/LLD design packs and reference architectures.
* Protect surface definitions, DAAS data‑flows, and threat models for network scenarios.
* Governance submissions (TAG/DA/TSRB) with decisions and evidence.
* Integration blueprints with Device/Data/Application & Workload pillars.
* Operational artefacts: runbooks, SOPs, monitoring dashboards, and capacity plans.
Skills & Experience (Must‑Have)
* Experience in network architecture across enterprise and/or OT environments.
* Demonstrated depth in Zero Trust for networking (ZTNA/SSE/SASE, macro/micro segmentation, identity‑aware access).
* Strong security design skills: NAC/802.1X, secure DNS/DDI, SWG/proxy, CASB, WAF, DDoS, VPN, firewalling, and network telemetry.
* Proven integration & orchestration across identity (IdP, device posture), endpoint, application, and cloud platforms.
* Hands‑on with SD‑WAN/Cloud WAN, BGP, routing design, hybrid and multi‑cloud connectivity (Azure/AWS), and HA/resiliency patterns.
* Experience producing HLD/LLD, conducting governance reviews, and aligning to customer frameworks and enterprise architecture standards.
* Ability to lead and mentor engineers, analysts, testers, and SMEs; excellent stakeholder communication and documentation.
* Exposure to micro‑segmentation platforms, network policy orchestration, and service mesh/east–west controls.
* Familiarity with IaC/PaC (e.g., Terraform/Ansible, YAML policy models, CI/CD for network).
* Knowledge of observability stacks (flow logs, NetFlow/IPFIX, SNMP/Streaming Telemetry, NPM/APM) and SLO/SLA engineering.
* Understanding of MITRE ATT&CK for network defense, CIS benchmarks for network devices, and ISO/IEC 27001/2 alignment.
* Certifications (Preferred)
You will receive a competitive salary, a generous benefits package, training, and development, as well as an exciting career within a fast paced and dynamic business. The benefits include;
* Contributory pension
* Life insurance policy
* Private medical insurance
Wipro is an advocate for positive change and conscious inclusion. As a global employer, we strive to create a diverse Wipro family by remaining committed to the development of our culture, diversity, equality, and inclusion in the workplace. All applicants are welcome.
#J-18808-Ljbffr