Network Architect

Job DescriptionNetwork Architect – 6 months - Hybrid - Northwest 

The opportunity

Our client is a large UK-based organisation operating a complex hybrid network estate spanning corporate offices, distributed frontline sites, data centres and cloud services. As part of a multi-year cyber security, controls and resilience programme, they are seeking an experienced Network Architect to lead a structured discovery into network segmentation – assessing the current landscape, defining viable segmentation approaches, and producing decision-ready, board-level recommendations to inform future mobilisation.

This is a discovery and options-analysis engagement only. No implementation, build, or technical change is in scope.

What you'll do

\n
• Establish a clear, evidence-based view of the current network landscape, topology, dependencies and constraints.

\n

• Assess feasible segmentation approaches that support cyber resilience, operational continuity and incident response – including reducing blast radius, protecting Tier 1 and Tier 2 services, and partial/full lockdown scenarios.

\n

• Define differentiated treatment for higher-risk, distributed and third-party-connected environments requiring greater isolation.

\n

• Identify the technology, vendor, security and operating-model dependencies required to enable segmentation.

\n

• Develop and compare viable target-state options (incumbent-platform, vendor-specific, vendor-agnostic, incremental and transformational) with feasibility, indicative cost, risk and delivery complexity.

\n

• Produce decision-oriented outputs and present findings through structured playback and governance forums.

\n

Key deliverables

\n
• Current-state assessment and segmentation readiness summary (with evidence quality and confidence ratings).

\n

• Service criticality and dependency summary (Tier 1 / Tier 2 definition and prioritised view).

\n

• Target-state options pack and board-ready options & recommendation paper.

\n

• Indicative roadmap, dependency view and mobilisation entry criteria.

\n

• Optional Network Access Control (NAC) readiness considerations where relevant.

\n

Essential experience

\n
• Senior network architecture experience across large, complex hybrid estates (multi-site, data centre and cloud).

\n

• Demonstrable network segmentation strategy and design experience (macro/micro-segmentation, crisis-mode / lockdown models).

\n

• Strong understanding of segmentation for cyber resilience – blast radius reduction, isolation of higher-risk environments, protection of critical services.

\n

• Working knowledge of firewalls, SD-WAN, wireless, and NAC concepts as segmentation enablers.

\n

• Ability to translate cyber and business outcomes into network requirements and structured option-evaluation criteria.

\n

• Senior stakeholder engagement and the ability to produce decision-ready, board-level artefacts.

\n

• Independent discovery / options-analysis approach with strong assumptions and confidence-rating discipline.

\n

Desirable

\n
• Experience in regulated, safety-critical or operationally sensitive environments.

\n

• NAC readiness or strategy experience.

\n

• Awareness of how endpoint and SD-WAN strategies interact with segmentation.

\n

• Relevant certifications (e.g. TOGAF, CISSP, vendor network architecture credentials).

\n

Out of scope (please self-select)

\n
• Hands-on implementation, configuration, migration or deployment.

\n

• Low-level design, build documentation or production runbooks.

\n

• Product selection, procurement support or vendor negotiation.

\n

• Ongoing design authority beyond the engagement term.

\n

Working arrangements

Hybrid working (UK), with remote and on-site delivery as agreed. Essential equipment provided. Operates within a controlled enterprise environment with formal governance and change processes.