L4 Network Architect

Please Note: As of July 22 2021 our team will require that all candidate submissions include a Linked In profile. Please do not submit any candidates that do not have a Linked In.

Kforce has a client that is seeking an L4 Network Architect in Plano, TX.

Our client is hiring for an L4 Network Architect / Engineer to lead design and delivery of multi‑site Cisco Software‑Defined Access (SD‑Access). This role will contribute to and implement architecture direction, drive complex deployments across distributed campuses, mentor engineers, and partner closely with security and operations.

• Own end‑to‑end SD‑Access architecture for large multi‑site enterprises: fabric design (control, edge, border), transit options, segmentation (SGTs/Trust Sec), identity policy, and integration with WAN and data center.
• Lead Catalyst Center‑driven automation: design templates, SDA workflows, network assurance, SWIM, and closed‑loop operations aligned to reliability/SLOs.
• Design identity‑centric security with ISE: policy sets, authorization profiles, posture, PxGrid integrations, wired/wireless 802.1X/MAB, guest/BYOD, and scalable group policies.
• Engineer secure edge and campus perimeters:
  Cisco FTD/Firepower policy design, NAT, VPN, IDS/IPS, SSL decryption strategy, and high availability.
• Architect SD‑WAN underlay/overlay: transport independence, application‑aware routing, DIA/Cloud on‑ramp, security integration, and multi‑region scale.
• Expert routing at scale: BGP (policy, route reflectors, communities), OSPF, EIGRP, ECMP redistribution, strategies, route filtering, summarization, and IPv6 planning.
• Drive modernization roadmaps: brownfield to SDA migration, hierarchical campus design, QoS, multicast, wireless controller (Catalyst 9800) alignment, and resiliency patterns.

• Active CCIE (any track; Enterprise Infrastructure and/or Security strongly preferred)
• 10 years enterprise networking experience including 3‑5 years leading SD‑Access architecture and deployment across multiple sites
• Telco/Carrier experience; MPLS (L2
  
  VPN/L3
  
  VPN/MPLS Lite/Tagging), DWDM, IP WAN and Routing (BGP/iBGP/eBGP/AS Networks), Cloud networking (AWS or Azure) expertise is a strong plus
• Proven exceptional hands‑on skills with Cisco routing/switching and Catalyst Center (formerly Cisco DNA Center) for SDA automation and assurance
• Deep expertise with Cisco ISE (policy, 802.1X, SGT/Trust Sec) and Cisco FTD (Firepower) firewalls (threat access control, NAT, VPN, high availability)
• Strong experience with Cisco SD‑WAN (design, policy/template, security integration, operationalization)
• Expert level knowledge of BGP, EIGRP, OSPF, redistribution, and route policy design for large enterprises
• Demonstrated success leading complex multi‑phase migrations and mentoring senior engineers

• CCDE or dual CCIE;
  Cisco Certified Specialist certifications in SDA ISE or SD‑WAN
• Automation fluency (Ansible, Python, Terraform), Git‑based workflows and API integration with Catalyst Center/ISE/FTD/SD‑WAN
• Wireless (Catalyst 9800/Prime/Catalyst Center Assurance), QoS strategy, multicast, NAC posture, and Zero‑Trust segmentation
• Cloud networking (Azure/AWS) hybrid connectivity and DNS/DHCP/IPAM integration
• Familiarity with data center and campus interconnect (e.g. ACI concepts beneficial but not required)

Employment Type: Full Time

Vacancy: 1

Rank: B2