Lead Network and Cybersecurity Architect

Job Title: Lead Network and Cybersecurity Architect

Duration: 5 year long contract

Rate: $55-65/hr on Amtex W2
- Try to be competitive or $65-75/hr on 1099 or own Inc

Location: Albany, NY – Onsite 5 days a week (50 Wolf Road Albany, NY 12232)

Seeking an experienced Network Architect to support the design, evolution, security, and optimization of the network infrastructure that underpins business IT and operational technology (OT) environments. The Network and Cybersecurity Architect will develop, document, and implement current and future state network and cybersecurity architectures, recommend technologies and standards, improve performance and resilience, and help ensure designs align with cybersecurity and operational requirements.

This role requires strong knowledge of enterprise and industrial networking, routing and segmentation, security architecture, and the operational realities of critical infrastructure environments.

• Network Design and Planning
  • Develop and document network architectures that support the current and future needs of Regional TMCs, the STICC, and associated ITS, OT, and business environments.
  • Evaluate, recommend, and configure network technologies and solutions, including WAN routing protocols such as OSPF and BGP, segmentation strategies, and resilient communications designs.
  • Plan and support execution of consolidation and modernization initiatives to improve performance, maintainability, and operational efficiency.
  • Define current state and future state network and cybersecurity architectures, standards, and roadmaps.
  • Create and maintain architecture diagrams, data flow diagrams, and supporting technical documentation.
• Security Architecture and Cybersecurity Engineering
  • Work closely with the NYSDOT CISO to develop and implement comprehensive network and cybersecurity strategies.
  • Recommend and deploy security designs that protect critical ITS and OT assets from cyber threats while preserving operational availability and safety.
  • Lead or support vulnerability assessments of external IP addresses, internal network segments, and security architecture exposures, and develop remediation plans.
  • Integrate threat intelligence feeds from MS-ISAC, NYSOC, and other approved sources into architectural and operational security processes.
  • Design and configure recommendations for firewalls, VPNs, network segmentation, zero trust approaches, and secure remote access to sensitive environments.
  • Support engineering and design decisions related to endpoint detection and response (EDR) platforms, ensuring endpoint telemetry and response capabilities are appropriately integrated with network and security operations.
  • Support SIEM integration and design by helping ensure logs from network devices, firewalls, VPN concentrators, NAC systems, and security appliances are properly captured, normalized, and usable for monitoring and response.
  • Contribute to the design and improvement of identity and access management (IAM) controls for administrative access, remote access, privileged access, and service authentication.
  • Provide design guidance and configuration for network access control (NAC) solutions to improve device visibility, policy enforcement, and segmentation.
  • Support secure design and placement of IDS/IPS, DNS security controls, secure management plane access, and monitoring infrastructure.
• Technology Evaluation and Implementation
  • Research and evaluate emerging networking and cybersecurity technologies and assess their applicability to the ITS and OT environment.
  • Develop proof-of-concept initiatives and pilot programs to validate new technologies and approaches before broader deployment.
  • Provide technical leadership and architectural guidance to network engineers and other technical staff.
  • Evaluate vendor solutions for security, operational fit, lifecycle support, and interoperability with existing infrastructure.
• Network Optimization and Performance Management
  • Analyze network performance, utilization, and operational data to identify opportunities for optimization.
  • Develop strategies to improve network reliability, scalability, resilience, and security.
  • Support capacity planning, lifecycle planning, redundancy design, and performance tuning.
  • Recommend improvements to routing, switching, segmentation, path diversity, and failover design.
  • Help ensure that monitoring, alerting, and observability capabilities are aligned with operational and security needs.
• Strategic Collaboration
  • Work with the NYSDOT CISO, ETO leadership, network engineering staff, operations teams, and other stakeholders to ensure architecture decisions align with organizational goals and security requirements.
  • Contribute to the development of network and cybersecurity standards, engineering patterns, and best practices for ITS and OT environments.
  • Support collaboration between cybersecurity, networking, infrastructure, and operational teams.
  • Help ensure that architecture recommendations are practical, supportable, and aligned with…