Network Architect - DV Cleared Outside IR35

Costello & Reyes Group Ltd has been engaged by its client, an international consulting firm, to identify two DV Cleared Network Architects for a 6 month initial period based in Milton Keynes. There is significant scope for extension

Network Architect

YOU MUST HOLD VALID DV CLEARANCE!

Role Purpose

The Network Architect will be accountable for the end-to-end design, governance, and evolution of secure, resilient, and operationally sustainable network architectures across Microsoft Azure, Microsoft 365, hybrid cloud, and modern data-centre environments.

The role spans IaaS, PaaS, and SaaS connectivity, VXLAN BGP EVPN, and identity-centric security architectures, ensuring tight integration between networking, identity systems, endpoint security, NDR, XDR, behavioural analytics, and incident response workflows.

This is a design authority and strategy-defining role, supporting greenfield builds, Legacy network modernisation, and cyber-resilience uplift in line with modern threat landscapes and regulatory expectations.

CCIE-level network architect with extensive hands-on experience across Cisco (Catalyst, Nexus, Meraki, ACI), Juniper, Aruba/HP and Arista.

Proven delivery of large-scale end-to-end designs and implementations.

Deep expertise in routing and core networking (BGP, OSPF, MPLS, VRF, SD-WAN, QoS, IPv6, Multicast, VoIP/CUCM), datacentre fabrics (Spine-Leaf, VXLAN, Nexus/ACI, Juniper QFX), wireless (Cisco/Aruba), and cloud networking across AWS, Azure and GCP including hybrid and multi-cloud.

Strong security background spanning Firewalls and VPNs (Palo Alto, Fortinet, Checkpoint, Cisco, Juniper), ISE/802.1x, IPsec, micro-segmentation, ZTNA and SASE (Zscaler, Prisma), with CASB and DLP integration.

Experienced in monitoring and operations (SolarWinds, Wireshark, DNAC, SNMP), platforms (Windows, AD, VMware, Hyper-V, Linux), and modern network automation using Ansible, Terraform, Python and pyATS.

Key Responsibilities

1. Network Architecture & Design Authority

Define and own enterprise network architecture standards across:o Microsoft Azure (IaaS and PaaS)
o Microsoft 365 and other SaaS platforms
o On-premises and colocation data centres

Produce and govern:
o Reference architectures
o High- and low-level designs
o Network and security patterns
Ensure all designs are:
o Secure by design
o Highly available and resilient
o Operationally sustainable and supportable at scale
Act as technical design authority across change, transformation, and assurance initiatives.

2. Cloud Networking (IaaS, PaaS & SaaS)

Design secure and scalable network solutions for:
o IaaS workloads (VMs, routing, private endpoints, hybrid integration)
o PaaS services (private access, ingress/egress control, service endpoints)
o SaaS platforms (Microsoft 365, identity-aware access, traffic optimisation)

Implement Azure networking patterns including:
o Hub-and-spoke and Virtual WAN architectures
o VNets, peering, routing, NSGs
o Azure Firewall, Application Gateway, load balancing
Reduce reliance on Legacy perimeter models by enabling identity-centric and Zero Trust-aligned network designs.

3. Data Centre Fabric Architecture (VXLAN BGP EVPN)

Architect and govern networks using:
o VXLAN BGP EVPN Deliver:
o Greenfield VXLAN EVPN fabric builds
o Migration strategies from traditional Layer 2/Layer 3 networks to EVPN fabrics
Ensure fabric designs support:
o Multi-tenancy
o East-west traffic visibility
o Hybrid cloud integration
o Security and telemetry requirements
Maintain alignment between on-prem fabric architecture and cloud networking models.

4. Fabric Management & Control

Provide architectural and operational oversight using:
o Cisco Nexus Dashboard Fabric Controller (formerly DCNM) Ensure:
o Consistent fabric configuration
o Policy-based network management
o Operational visibility and life cycle control
Promote automation and repeatability to reduce configuration drift and risk.

5. Identity, Endpoint & Zero Trust Integration

Design identity-aware network architectures integrated with:
o Microsoft Entra IDo Conditional Access
o Endpoint trust signals
Ensure networking decisions support:
o Context-aware access
o Least privilegeo Application-level trust
Align network controls with endpoint and identity security strategies.

6. Network Detection & Response (NDR)

Architect network visibility to enable NDR capabilities, including:
o East-west traffic inspection within VXLAN EVPN fabrics
o North-south monitoring at cloud and data centre boundaries
Ensure network telemetry supports:
o Lateral movement detection
o Behavioural analytics
o Threat hunting Balance visibility, performance, and availability.

7. Extended Detection & Response (XDR)

Enable XDR across network, identity, endpoint, cloud, and SaaS layers. Ensure NDR telemetry enriches:
o XDR detections
o Kill-chain correlation Integrate network designs with:
o SIEM platforms (eg Microsoft Sentinel)
o SOAR automation
o Incident response workflows Support automated containment and response actions.

8. SIEM, SOAR & Incident Response Enablement

Design telemetry pipelines that feed:
o SIEM correlationo SOAR playbooks
o Security operations workflows
Ensure network architectures support:
o Rapid detectiono Containment
o Recovery during cyber incidents, including ransomware
Provide architectural leadership during major security incidents.

9. Governance, Risk & Cyber Resilience

Define and maintain network standards aligned to:
o ISO 27001:2022
o NCSC Cyber Assessment Framework
o Microsoft security benchmarks
Support:
o Risk assessments
o Security assurance activities
o Regulatory and customer audits Embed cyber resilience principles including:
o Segmentationo Immutable backup support
o Secure recovery architectures

Skills & Experience

Proven experience designing network solutions for IaaS, PaaS, and SaaS environments. Strong knowledge of:
o Network architecture
o Identity systems
o Cloud and endpoint security
o NDR, XDR, and behavioural analytics

Experience in:
o Architectures using VXLAN BGP EVPN

Experience delivering:
o Greenfield network builds
o Migration of traditional networks to VXLAN BGP EVPN fabrics
Hands-on experience with:
o Cisco Nexus Dashboard Fabric Controller (DCNM)

Experience integrating:
o SIEM and SOAR platforms
o Telemetry pipelines
o Incident response workflows
Ability to design and clearly articulate secure, resilient, and operationally sustainable solutions to both technical and non-technical stakeholders.

Professional Qualifications
AWS Certified Advanced Networking Specialist AWS Certified Solutions Architect Associate Cisco Certified Network Professional (CCNA & CCNP) Cisco Certified Design Professional (CCDA & CCDP) Cisco Certified Internetwork Professional (CCIP) VMware Certified Administrator - Data Centre Virtualisation (VCA-DCV) Microsoft Certified Professional (MCP)

YOU MUST HOLD DV CLEARANCE

This is an immediate need so should you be interested, please submit your profile & we can send your further information.

Costello & Reyes Group Ltd operate as a recruitment partner for its clients