Contract: 3 months (initial)
Daily rate: £700
Location: Onsite – London (primary), with engagement across London & Manchester environments
Working Hours: 9:00–17:00, Monday to Friday
Engagement Type: Contract
Role Overview
We are seeking an experienced Hybrid Cloud & Network Security Architect to lead the design and definition of a secure, scalable hybrid cloud edge and DMZ hosting architecture. The role is architecture‑led and outcome‑focused, responsible for defining target state designs, security controls, governance alignment, and delivery planning to enable future migration phases.
This is a hands‑on architecture and design role, not an implementation‑only position.
Key Objectives & Outcomes
* Target Architecture Document for cloud edge and DMZ hosting (including diagrams, logical and physical topology).
* Hybrid Connectivity Design Principles and Standards (DNS‑based policy, Zero Trust segmentation, firewalling).
* Detailed Bill of Materials (vendor/platform options, sizing, licence models, costs to Class 4 estimate).
* Delivery Project Plan (work breakdown structure, stage gates, dependencies, critical path).
* Security & Compliance Controls mapping (ISO 27001, NIST, GDPR alignment).
* Risk Register and Mitigation Plan (including security risks during migration).
* Stakeholder Engagement & Governance Plan (EICTH Futures tollgates, comms plan).
* Migration Strategy outline (phasing, cutover options, rollback), to inform later phases.
In‑Scope Activities
* Establish full inventory of services impacting hybrid flows and analyse existing traffic patterns.
* Target architecture design for cloud edge, DMZ hosting model, and hybrid connectivity (including DNS‑based policy enablement).
* Network & security BoM definition (hardware, software, licences), and delivery project plan with stage gates.
* Liaison with internal teams (Digital Distribution, Connectivity, Architecture, InfoSec, Service Assurance, Commercial) to define cross‑connects, circuits, and governance alignment.
* Assessment of hyperscaler scope (AWS in baseline; Azure/GCP to be evaluated) and interconnection locations (carrier‑neutral DCs/IX presence).
Deliverables or KPI’s
* Target Architecture Document for cloud edge and DMZ hosting (including diagrams, logical and physical topology).
* Hybrid Connectivity Design Principles and Standards (DNS‑based policy, Zero Trust segmentation, firewalling).
* Detailed Bill of Materials (vendor/platform options, sizing, licence models, costs to Class 4 estimate).
* Delivery Project Plan (work breakdown structure, stage gates, dependencies, critical path).
* Security & Compliance Controls mapping (ISO 27001, NIST, GDPR alignment).
* Risk Register and Mitigation Plan (including security risks during migration).
* Stakeholder Engagement & Governance Plan (EICTH Futures tollgates, comms plan).
* Migration Strategy outline (phasing, cutover options, rollback), to inform later phases.
Technical Environment
* Core Networking
* Enterprise LAN/WAN/SD‑WAN architecture and design.
* Routing & switching (L2/L3), Wi‑Fi controllers/enterprise deployments.
* Network performance engineering (capacity planning, QoS, traffic engineering).
* Security Expertise
* Firewalls, VPNs, IDS/IPS, secure segmentation, Zero Trust architecture.
* Threat detection/response, SIEM integration, incident response.
* Compliance frameworks (ISO 27001, NIST, GDPR).
* Cloud & Hybrid Networking
* AWS/Azure/GCP networking (VPC/VNet, Transit Gateway, cloud firewalls).
* Hybrid integration, secure tunnels, SASE/SD‑WAN.
* Platforms & Tools
* Cisco, Arista, Aruba, ClearPass, Infoblox, Mist, Fortinet, Check Point.
* Security Service Edge (Zscaler ZIA, ZPA, ZDX, ZIdentity, Cloud/Branch Connector).
* Monitoring/automation (SNMP, NetFlow, Ansible, Terraform); packet analysis (Wireshark).
* Soft Skills
* Stakeholder communication, documentation/reporting, leadership/mentoring.
Operational Requirements
Reporting Requirements: Monthly Reporting / Dashboards / Reviews.
* Regular stand‑up meetings and ad‑hoc project meetings.
* Programme governance: EICTH Futures; tollgates for key decisions/milestones.
* Weekly status report: progress, risks/issues, decisions required.
* Stakeholder reviews: Architecture (TDA), InfoSec, Service Assurance, Commercial.
Communication Channels: MS Teams, email.
Knowledge Transfer / Handover Expectations when Service Concludes: Fully documented knowledge articles/handover.
#J-18808-Ljbffr