Job Description

Hybrid Cloud & Network Security Architect

Contract: 3 months (initial)

Daily rate: 700

Location: Onsite - London (primary), with engagement across London & Manchester environments

Working Hours: 9:00-17:00, Monday to Friday

Engagement Type: Contract

Role Overview

We are seeking an experienced Hybrid Cloud & Network Security Architect to lead the design and definition of a secure, scalable hybrid cloud edge and DMZ hosting architecture. The role is architecture-led and outcome-focused, responsible for defining target state designs, security controls, governance alignment, and delivery planning to enable future migration phases.

This is a hands-on architecture and design role, not an implementation-only position.

Key Objectives & Outcomes

Business Objectives (what outcomes are you looking to achieve through this service):

Target Architecture Document for cloud edge and DMZ hosting (including diagrams, logical and physical topology).

Hybrid Connectivity Design Principles and Standards (DNS-based policy, Zero Trust segmentation, firewalling).

Detailed Bill of Materials (vendor/platform options, sizing, licence models, costs to Class 4 estimate).

Delivery Project Plan (work breakdown structure, stage gates, dependencies, critical path).

Security & Compliance Controls mapping (ISO 27001, NIST, GDPR alignment).

Risk Register and Mitigation Plan (including security risks during migration).

Stakeholder Engagement & Governance Plan (EICTH Futures tollgates, comms plan).

Migration Strategy outline (phasing, cutover options, rollback), to inform later phases.

In-Scope Activities:

Establish full inventory of services impacting hybrid flows and analyse existing traffic patterns.

Target architecture design for cloud edge, DMZ hosting model, and hybrid connectivity (including DNS-based policy enablement).

Network & security BoM definition (hardware, software, licences), and delivery project plan with stage gates.

Liaison with internal teams (Digital Distribution, Connectivity, Architecture, InfoSec, Service Assurance, Commercial) to define cross-connects, circuits, and governance alignment.

Assessment of hyperscaler scope (AWS in baseline; Azure/GCP to be evaluated) and interconnection locations (carrier-neutral DCs/IX presence).

Deliverables or KPI's (e.g. uptime %, response times, resolution targets, etc)

Target Architecture Document for cloud edge and DMZ hosting (including diagrams, logical and physical topology).

Hybrid Connectivity Design Principles and Standards (DNS-based policy, Zero Trust segmentation, firewalling).

Detailed Bill of Materials (vendor/platform options, sizing, licence models, costs to Class 4 estimate).

Delivery Project Plan (work breakdown structure, stage gates, dependencies, critical path).

Security & Compliance Controls mapping (ISO 27001, NIST, GDPR alignment).

Risk Register and Mitigation Plan (including security risks during migration).

Stakeholder Engagement & Governance Plan (EICTH Futures tollgates, comms plan).

Migration Strategy outline (phasing, cutover options, rollback), to inform later phases.

Technical Environment

Key Technologies, Platforms or Vendors where experience is required:

Core Networking

Enterprise LAN/WAN/SD-WAN architecture and design.

Routing & switching (L2/L3), Wi-Fi controllers/enterprise deployments.

Network performance engineering (capacity planning, QoS, traffic engineering).

Security Expertise

Firewalls, VPNs, IDS/IPS, secure segmentation, Zero Trust architecture.

Threat detection/response, SIEM integration, incident response.

Compliance frameworks (ISO 27001, NIST, GDPR).

Cloud & Hybrid Networking

AWS/Azure/GCP networking (VPC/VNet, Transit Gateway, cloud firewalls).

Hybrid integration, secure tunnels, SASE/SD-WAN.

Platforms & Tools

Cisco, Arista, Aruba, ClearPass, Infoblox, Mist, Fortinet, Check Point.

Security Service Edge (Zscaler ZIA, ZPA, ZDX, ZIdentity, Cloud/Branch Connector).

Monitoring/automation (SNMP, NetFlow, Ansible, Terraform); packet analysis (Wireshark).

Soft Skills

Stakeholder communication, documentation/reporting, leadership/mentoring.

Number of locations / Sites covered

Key 2 locations : Existing DMZ infrastructure all exists in London and Manchester, so ideally either of those.

Operational Requirements

Reporting Requirements (Monthly Reporting / Dashboards / Reviews):

Regular stand up meetings and ad hoc project meetings

Programme governance: EICTH Futures; tollgates for key decisions/milestones.

Weekly status report: progress, risks/issues, decisions required.

Stakeholder reviews: Architecture (TDA), InfoSec, Service Assurance, Commercial.

Communication Channels (Teams / Slack / Ticketing / Emails):

MS Teams, emails

Knowledge Transfer / Handover Expectations when Service Concludes:

Fully documented knowledge articles/handover

Job Types: Full-time, Fixed term contract
Contract length: 3 months

Pay: 650.00-700.00 per day

Application question(s):

Do you have 5+ years of experience working as a Hybrid Cloud & Network Security Architect?
Work authorisation:

United Kingdom (required)
Work Location: In person