Senior Security Architect (Network&Perimeter Security)

<div><p>The Senior<b>Security</b><b>Architect</b>–<b>Network</b>&Perimeter Security is responsible for the architecture and integration of security controls that protect the organization’s networks, internet-facing services, and critical applications. The role covers firewalls, VPN, WAF, and security monitoring at the network/perimeter layer, ensuring alignment with corporate security policies and international standards. The architect acts as the security design authority for network-related initiatives.</p><h3>Key Responsibilities</h3><ul><li>Define the security architecture for perimeter and internal network zones, including segmentation, zero-trust-style zoning where applicable, and secure connectivity patterns.</li><li>Architect and design multi-vendor firewall solutions, IPS/IDS, VPN, and secure remote access, ensuring consistent policy and configuration baselines.</li><li>Design and govern the deployment of F5 or similar application delivery and security platforms (LTM, ASM/WAF, APM, DNS/GTM).</li><li>Establish security standards, reference architectures, and hardening guidelines for network security devices and perimeter services.</li><li>Review and approve security HLDs/LLDs and MOPs for network and application onboarding to perimeter security platforms.</li><li>Work closely with the Network Architect and DC Architect to ensure security is embedded in all connectivity and DC designs.</li><li>Integrate security platforms with SIEM/log management solutions, ensuring proper log coverage, correlation, and alerting.</li><li>Participate in risk assessments, design reviews, and threat modeling for new projects and change requests.</li><li>Support incident response activities as a design authority, providing guidance on containment, eradication, and long-term remediation from an architecture perspective.</li><li>Ensure architectures support compliance with relevant standards and frameworks (e.g., ISO 27001, NIST-aligned controls, internal policies).</li><li>Lead security design workshops, knowledge-sharing sessions, and promote secure-by-design practices across IT teams.</li></ul><h3>Required Qualifications&Experience</h3><ul><li><b>Education</b></li><li>Bachelor’s degree in Information Security, Computer Science, IT, Engineering, or related field (or equivalent experience).</li><li><b>Experience</b></li><li>10–15 years of experience in cybersecurity/network security roles.</li><li>At least 4–5 years in senior security architect, lead engineer, or solution architect roles with focus on perimeter and network security.</li><li><b>Technical Skills</b></li><li>Strong expertise in next-generation firewall platforms (e.g., Palo Alto, Fortinet, Cisco ASA/Firepower) including design of policies, NAT, VPN, and HA.</li><li>Advanced experience with application security and delivery platforms such as F5 BIG-IP (LTM, ASM/WAF, APM, DNS/GTM).</li><li>Deep understanding of network protocols (TCP/IP, HTTP/S, DNS, SMTP, etc.) and common attack vectors affecting these layers.</li><li>Experience integrating security devices with SIEM solutions (e.g., Splunk, QRadar) and defining security use cases.</li><li>Practical knowledge of security standards and controls (ISO 27001 Annex A, NIST security principles, etc.).</li><li>Ability to write clear security architecture documents, patterns, and design blueprints.</li><li>Strong risk-based thinking and ability to balance security rigor with operational and business needs.</li><li>Excellent written and verbal communication skills, able to articulate security decisions and trade-offs.</li><li>Influential, collaborative, and comfortable challenging designs that do not meet security requirements.</li><li>Calm, structured approach in high-pressure and incident situations.</li><li><b>Certifications (Required / Strongly Preferred)</b></li><li>CCIE certified (Security , or equivalent).</li><li>Advanced security certification such as CISSP strongly preferred.</li><li>At least one major platform certification (e.g., PCNSE, Fortinet NSE, F5 Certified, or equivalent).</li></ul></div>#J-18808-Ljbffr