Enable job alerts via email!
Hybrid Cloud & Network Security Architect
Vanquish Tech
Greater London
Hybrid
GBP 80,000 - 100,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A leading technology firm in the UK is seeking a skilled Hybrid Cloud & Network Security Architect. This hands-on role will focus on defining and designing secure, scalable architectures for hybrid cloud services. You will create detailed project plans, security controls, and governance alignment while engaging with various stakeholders. The ideal candidate will have extensive experience in networking, security, and cloud environments along with strong leadership skills. The position involves work with advanced tools and frameworks within a collaborative setting.
Qualifications
- Experience in Enterprise LAN/WAN/SD-WAN architecture and design.
- Proven security expertise with firewalls, VPNs, and IDS/IPS.
- Familiarity with compliance frameworks like ISO 27001 and GDPR.
- Knowledge of AWS/Azure/GCP networking concepts and hybrid integration.
- Strong communication and leadership skills.
Responsibilities
- Lead the design of secure hybrid cloud architecture.
- Define security controls and governance alignment.
- Engage stakeholders and develop a migration strategy.
- Create detailed project plans and risk mitigation strategies.
Skills
Tools
We are seeking an experienced Hybrid Cloud & Network Security Architect to lead the design and definition of a secure, scalable hybrid cloud edge and DMZ hosting architecture. The role is architecture‑led and outcome‑focused, responsible for defining target‑state designs, security controls, governance alignment, and delivery planning to enable future migration phases.
This is a hands‑on architecture and design role, not an implementation‑only position.
- Target Architecture Document for cloud edge and DMZ hosting (including diagrams, logical and physical topology).
- Hybrid Connectivity Design Principles and Standards (DNS‑based policy, Zero Trust segmentation, firewalling).
- Detailed Bill of Materials (vendor / platform options, sizing, licence models, costs to Class 4 estimate).
- Delivery Project Plan (work breakdown structure, stage gates, dependencies, critical path).
- Security & Compliance Controls mapping (ISO 27001, NIST, GDPR alignment).
- Risk Register and Mitigation Plan (including security risks during migration).
- Stakeholder Engagement & Governance Plan (EICTH Futures tollgates, comms plan).
- Migration Strategy outline (phasing, cutover options, rollback) to inform later phases.
- Establish full inventory of services impacting hybrid flows and analyse existing traffic patterns.
- Target architecture design for cloud edge, DMZ hosting model, and hybrid connectivity (including DNS‑based policy enablement).
- Network & security BoM definition (hardware, software, licences), and delivery project plan with stage gates.
- Liaise with internal teams (Digital Distribution, Connectivity, Architecture, InfoSec, Service Assurance, Commercial) to define cross‑connects, circuits, and governance alignment.
- Assessment of hyperscaler scope (AWS baseline; Azure / GCP evaluated) and interconnection locations (carrier‑neutral DCs / IX presence).
- Target Architecture Document for cloud edge and DMZ hosting (including diagrams, logical and physical topology).
- Hybrid Connectivity Design Principles and Standards (DNS‑based policy, Zero Trust segmentation, firewalling).
- Detailed Bill of Materials (vendor / platform options, sizing, licence models, costs to Class 4 estimate).
- Delivery Project Plan (work breakdown structure, stage gates, dependencies, critical path).
- Security & Compliance Controls mapping (ISO 27001, NIST, GDPR alignment).
- Risk Register and Mitigation Plan (including security risks during migration).
- Stakeholder Engagement & Governance Plan (EICTH Futures tollgates, comms plan).
- Migration Strategy outline (phasing, cutover options, rollback) to inform later phases.
- Core Networking: Enterprise LAN / WAN / SD‑WAN architecture and design, routing & switching (L2 / L3), Wi‑Fi controllers / enterprise deployments, network performance engineering (capacity planning, QoS, traffic engineering).
- Security Expertise: Firewalls, VPNs, IDS / IPS, secure segmentation, Zero Trust architecture, threat detection / response, SIEM integration, incident response.
- Compliance frameworks: ISO 27001, NIST, GDPR.
- Cloud & Hybrid Networking: AWS / Azure / GCP networking (VPC / VNet, Transit Gateway, cloud firewalls), hybrid integration, secure tunnels, SASE / SD‑WAN.
- Platforms & Tools: Cisco, Arista, Aruba, ClearPass, Infoblox, Mist, Fortinet, Check Point, Security Service Edge (Zscaler ZIA, ZPA, ZDX, ZIdentity, Cloud / Branch Connector), monitoring / automation (SNMP, NetFlow, Ansible, Terraform), packet analysis (Wireshark).
- Soft Skills: Stakeholder communication, documentation / reporting, leadership / mentoring.
Key 2 locations: Existing DMZ infrastructure all exists in London and Manchester, so ideally either of those.
- Regular stand‑up meetings and ad‑hoc project meetings.
- Programme governance: EICTH Futures; tollgates for key decisions / milestones.
- Weekly status report: progress, risks / issues, decisions required.
- Stakeholder reviews: Architecture (TDA), InfoSec, Service Assurance, Commercial.
MS Teams, emails.
Fully documented knowledge articles / handover when Service Concludes.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
