Network Architect C2c requirement -Los Angeles,CA(Hybrid)-Relocation Accepted-Must Have CCIE Certification

Desired Start Date: 10/6
Duration: 12 Months, Hrs/Wk:40.00
Client: NTTD
Work Location: Los Angeles, CA (Westwood area, Hybrid/Onsite)

Description:
Work location: Los Angeles, CA (Venue/Location based on‑site) (Non-local candidates who are willing to relocate to LA on their own expense would be considered.)

Notes :
1. Highest preference to the candidates residing in the immediate Los Angeles metro area and be able to work onsite at client site in Downtown LA. However, we would accept strong non-local candidates as well who are willing to relocate.

2. Off‑hours / change windows as needed for critical migrations.
3. Contract to hire (6-12 months) so please look for visa independent candidates.

Candidates should be strong in the below mentioned areas:
• Telco/Carrier experience
• MPLS (L2VPN / L3VPN / MPLS Lite / Tagging)
• DWDM
• IP WAN and Routing (BGP / iBGP / eBGP / AS Networks)
• Cloud (AWS or Azure) networking expertise is a strong plus

We are hiring for an L4 Network Architect/Engineer to lead design and delivery of multi‑site Cisco Software‑Defined Access (SD‑Access) solutions at scale. Contribute to and implement architecture direction, drive complex deployments across distributed campuses, and mentor engineers while partnering closely with security and operations. The ideal candidate holds an active CCIE and demonstrates deep, hands‑on expertise across Cisco routing/switching, Cisco Catalyst Center (formerly Cisco DNA Center), Cisco ISE, Cisco FTD firewalls, and Cisco SD‑WAN, with expert‑level command of BGP, EIGRP, OSPF, and related enterprise routing protocols.

What you’ll do (Key Responsibilities)
Own end‑to‑end SD‑Access architecture for large, multi‑site enterprises: fabric design (control/edge/border), transit options, segmentation (SGTs/TrustSec), identity policy, and integration with WAN and data center.
Lead Catalyst Center–driven automation: design templates, SDA workflows, network assurance, SWIM, and closed‑loop operations aligned to reliability/SLOs.
Design identity‑centric security with ISE: policy sets, authorization profiles, posture, PxGrid integrations, wired/wireless 802.1X/MAB, guest/BYOD, and scalable group policies.
Engineer secure edge and campus perimeters: Cisco FTD/Firepower policy design, NAT, VPN, IDS/IPS, SSL decryption strategy, and high availability.
Architect SD‑WAN underlay/overlay: transport independence, application‑aware routing, DIA/Cloud on‑ramp, security integration, and multi‑region scale.
Expert routing at scale: BGP (policy, route reflectors, communities), OSPF, EIGRP, ECMP, redistribution strategies, route filtering, summarization, and IPv6 planning.
Drive modernization roadmaps: brownfield to SDA migration, hierarchical campus design, QoS, multicast, wireless controller (Catalyst 9800) alignment, and resiliency patterns.
Deliver hands‑on build and escalation leadership: lab validation, pilot, phased rollout, cutover plans, MOPs, change windows, and root‑cause analysis for P1/P2 incidents.
Mentor and uplift engineering teams: design reviews, standards, runbooks, and enablement sessions for operations and field engineers.
Stakeholder leadership: collaborate with security, EUC, cloud, and application teams; translate business outcomes into technical architectures and measurable milestones.
Documentation & governance: HLD/LLD, as‑builts, standards, security exceptions, and compliance artifacts; contribute to reference architectures and reusable templates.

Required Qualifications (Must‑Have)
Active CCIE (any track; Enterprise Infrastructure and/or Security strongly preferred).
10+ years enterprise networking experience, including 3–5+ years leading SD‑Access architecture and deployment across multiple sites.
Proven, exceptional hands‑on skills with Cisco routing/switching and Catalyst Center (formerly Cisco DNA Center) for SDA automation and assurance.
Deep expertise with Cisco ISE (policy, 802.1X, SGT/TrustSec) and Cisco FTD (Firepower) firewalls (threat, access control, NAT/VPN, high availability).
Strong experience with Cisco SD‑WAN (design, policy/templating, security integration, operationalization).
Expert‑level knowledge of BGP, EIGRP, OSPF, redistribution, and route‑policy design for large enterprises.
Demonstrated success leading complex, multi‑phase migrations and mentoring senior engineers.

Preferred Qualifications
CCDE or dual CCIE; Cisco Certified Specialist certifications in SDA, ISE, or SD‑WAN.
Automation fluency (Ansible, Python, Terraform), Git‑based workflows, and API integration with Catalyst Center/ISE/FTD/SD‑WAN.
Wireless (Catalyst 9800/Prime/Catalyst Center Assurance), QoS strategy, multicast, NAC posture, and Zero Trust segmentation.
Cloud networking (Azure/AWS), hybrid connectivity, and DNS/DHCP/IPAM integration.
Familiarity with data center and campus interconnect (e.g., ACI concepts beneficial but not required).