Job
Description
π Project Summary Weβre hiring a senior Network & Security Architect (contractor, not employee) to design a resilient, regulator-compliant banking enterprise network that spans dual data-centres, disaster-recovery sites, regional branches/ATMs, and hybrid-cloud workloads. Your HLD/LLD and playbooks will serve as the blueprint for our deployment team. π‘ Network Topology Requirements Data-Centre & DR Dual active-active DCs with spine-leaf fabric, MACsec on inter-DC links, isolated OOB network Campus / HQ Redundant core & distribution, Wi-Fi 6/6E access, NAC-enforced segmentation Branches & ATMs SD-WAN overlays (MPLS + LTE/5G) with local Internet break-out, zero-touch provisioning Cloud Edge Direct Connect / ExpressRoute / IPsec VPN-GW, micro-segmented VNET/VPCs Internet DMZ Reverse proxies, WAF, DDoS scrubber, SWIFT-CSP-isolated zone π Services to Be Supported Core Banking & Treasury (ISO 8583, MQ, micro-services APIs) Digital & Mobile Banking (Open-Banking APIs, web/mobile channels) Payments β RTGS/NEFT/IMPS/UPI, SWIFT, card-switch, POS Unified Comms β VoIP/SBC, contact-centre SIP, VC Enterprise IT β AD/Azure AD, M365, SaaS & SOC/SIEM feeds π Security-First Architecture Zero-Trust segmentation (macro + micro, user/device-aware) Next-Gen Firewalls & virtual NGFWs at every trust boundary Inline IPS / sandboxing for east-west and north-south traffic Layer-7 WAF & API GW in DMZ; TLS 1.3 everywhere Compliance: PCI-DSS 4.0, RBI/IRDA cyber controls, SWIFT CSP, ISO 27001 HA everywhere β clustered firewalls, ECMP, BGP GR, IPsec FVRF π§ Technical Requirements Routing/Switching: OSPF v2/v3, IS-IS, eBGP/iBGP, MP-BGP EVPN/VXLAN, MPLS L2/L3 VPN, Segment Routing (SR-MPLS/SRv6) Overlay & SD-WAN: DMVPN, SD-WAN (Viptela/Versa/Fortinet or similar) Automation: GitOps source-of-truth, Ansible/Terraform-ready design hooks Observability: gRPC telemetry, NetFlow/IPFIX, Syslog/SIEM pipelines Future-proof: IPv6-first; QoS placeholders (no policy config in scope) π¦ Deliverables HLD β logical & topological views, security zones, resiliency model LLD β device roles, interface matrices, VRF maps, protocol timers IPv4/IPv6 Address Plan β summarised, dual-stack, hierarchically allocated Security Architecture Guide β segmentation tables, object-based FW rules, crypto standards Routing & Service Flow Docs β Core Banking, SWIFT, Digital channels, UC, Branch/ATM paths Procedure Playbooks β onboarding branches/cloud VPCs, DR fail-over, patch-window checklist β CLI configurations and QoS policies are out-of-scope (architecture only). π§ͺ Mandatory Qualification Round Submit all required artefacts via this form: π https://forms.office.com/r/4cCw88zP4c πΌοΈ Digital Topology Diagram β DC, campus, branch, cloud edges & security zones π One paragraph per major service β rationale, resiliency & security approach π Routing, Overlay & Security Controls List β protocols, segmentation, crypto, automation hooks β
Service Checklist β confirm every item in the RFP is covered β οΈ Only complete form submissions are reviewed. β Important Eligibility Notice β Read Before Applying This contract demands proven senior-level expertise in banking/financial-sector network & security architecture . If you do not meet all Ideal Candidate criteriaβhands-on banking designs and the certifications listed belowβ please do not apply . Junior or incomplete submissions will be disqualified without review. β
Ideal Candidate 10 + years designing regulated financial networks & security Certifications: CCIE (Enterprise or Security) / JNCIE-SP and CISSP or CISM ; PCNSE or NSE 7 is a plus Demonstrable PCI-DSS 4.0 and SWIFT CSP project history Comfortable with NetDevOps tooling and hybrid-cloud fabrics π° Remuneration π΅π΅ USD $$$$ + β premium project rate, fully commensurate with senior-level experience β³ Timeline 4 weeks (possible 1-week extension if agreed at kick-off) Note: This is a short-term, deliverable-based engagement. It is not a full-time role or permanent position. π Work Mode Remote; overlap with IST business hours preferred π¬ How to Apply Complete the qualification form β https://forms.office.com/r/4cCw88zP4c . Short-listed candidates will be contacted for a technical interview and SOW alignment. Show more Show less
