Duration: 6 Months, Hrs/Wk:40.00
Work Location: Los Angeles, CA (C2H, Hybrid, Local Preferred)
Description:
Work location: Los Angeles, CA (Westwood/Downtown areas) (Frequent travel to the different offices in Westwood and to sporting venues around LA will be required) (We are primarily looking for local candidates)
Note: 6-month contract to hire. Please submit candidates who are authorized to work for any employer without requiring sponsorship now or anytime in future.
Summary
We are seeking a senior L4 Security Architect to lead the design and implementation of advanced security architectures for large-scale enterprise environments. This role focuses on multi-vendor NGFW, DDoS mitigation, identity and access control, and full-stack observability integrated with automation and orchestration. The ideal candidate demonstrates deep, hands-on expertise across Cisco security platforms, threat analytics, and modern security frameworks, with proven experience driving complex deployments and mentoring engineering teams.
Key Responsibilities
Architect end-to-end security solutions: Design secure network architectures incorporating NGFW, segmentation, NAC, and Zero Trust principles across campus, data center, and cloud environments.
Lead firewall and threat defense strategy: Implement Cisco Firepower Threat Defense (FTD) and Firewall Management Center (FMC) policies, optimize multi-vendor NGFW (Cisco, Palo Alto, Fortinet) deployments, and ensure high availability.
DDoS protection and mitigation: Design and operationalize Radware DDoS and NTT GIN DDoS solutions for critical infrastructure resilience.
Identity and access control: Architect Cisco ISE for policy enforcement, NAC posture, and segmentation; integrate Cisco DUO for MFA and Zero Trust access.
Secure visibility and analytics: Deploy Cisco Secure Network Analytics (SNA), ThousandEyes, and Grafana dashboards for real-time threat detection and performance monitoring.
Cloud and SaaS security: Implement Cisco Umbrella for DNS-layer protection and CSSPM for cloud posture management.
Automation and orchestration: Develop SOAR workflows, optimize SIEM/XDR integrations, and drive security automation using Python, Ansible, and API-based frameworks.
Governance and compliance: Produce HLD/LLD, security standards, segmentation policies, and compliance artifacts; contribute to reusable templates and reference architectures.
Mentorship and leadership: Guide engineering teams through design reviews, security best practices, and operational enablement sessions.
Stakeholder engagement: Collaborate with network, cloud, and application teams to align security architecture with business objectives and measurable outcomes.
Required Qualifications (Must-Have)
10+ years in enterprise security architecture and engineering, including 3–5+ years leading multi-vendor NGFW and advanced security solutions at scale.
Proven hands-on expertise with Cisco FTD/FMC, Radware DDoS, Cisco Umbrella, Cisco ISE, Cisco DUO, and Cisco Secure Network Analytics.
Strong experience with ThousandEyes, Grafana, and observability-driven security analytics.
Deep knowledge of SIEM, SOAR, XDR, and security automation frameworks.
Demonstrated success in segmentation design, NAC posture enforcement, and Zero Trust implementation.
Preferred Qualifications
Cisco Certified Specialist or CCIE Security; certifications in Palo Alto, Fortinet, or cloud security (AWS/Azure).
Experience with CSSPM, ARP optimization, and advanced threat intelligence platforms.
Familiarity with Catalyst Center for integrated automation and assurance.
Strong scripting and automation skills (Python, Ansible, Terraform).
Work Style & Travel
Must be able to work onsite at client locations as required.
Off-hours change windows may be needed for critical security migrations and incident response.
