Network Lead Architect na Northern Technologies Group
Northern Technologies Group · Colorado Springs, Estados Unidos Da América · Onsite
- Senior
- Escritório em Colorado Springs
Position Summary:
The Network Lead Architect is the senior technical authority for enterprise network architecture, modernization, and security across DoD mission environments (IL4/5/6). This role sets standards and roadmaps; leads end to end design for data center, campus/branch, WAN/SD WAN, and cloud connectivity; and drives Zero Trust–aligned segmentation and automation to deliver resilient, scalable, and compliant networks.
Essential Duties and Responsibilities
Strategy & Architecture Governance
- Own the Enterprise Network Reference Architecture, standards, and design patterns aligned to agency objectives and DoD guidance.
- Lead/participate in Architecture Review Boards (ARB) and Change/Configuration Control Boards, maintaining traceability with HLD/LLD, ADRs, ICDs, and security overlays.
- Evaluate emerging capabilities (e.g., EVPN VXLAN fabrics, SD WAN/SASE, advanced telemetry) with adoption criteria, risk posture, and migration approaches• Develop and maintain network architecture roadmaps, standards, and best practices aligned with DoD and Agency requirements
Core Network Architecture & Design
- Design underlay/overlay topologies for data centers and campuses (spine leaf, EVPN VXLAN, MPLS L2/L3VPN) and for WAN/backbone (BGP/OSPF/IS IS, traffic engineering, route policy, communities).
- Engineer HA and fast convergence (ECMP, FHRP, FRR, ISSU/GSU) and plan for capacity, growth, and performance (QoS, queuing, shaping, policing).
- Define IPv4/IPv6 addressing strategy, NAT policies, multicast/RP design where required, and DNS/DHCP/IPAM governance.
Security Architecture & Zero Trust
- Architect segmentation and micro segmentation (identity /policy based), secure access (802.1X, certificate based auth), and crypto/crypto boundary designs (IPsec, MACsec) using FIPS validated algorithms.
- Align to DoD RMF, NIST SP 800 53/37, and DISA STIGs; map control inheritance and produce artifacts needed for ATO/cATO.
- Integrate network security controls (firewall policy frameworks, IDS/IPS, SWG, DLP) and validate with tabletop/blue team exercises.
- Cloud, Edge & Cross Domain Connectivity
- Design hybrid and multi cloud connectivity (IL cloud constructs, private connectivity, transit/segmentation, inspection service insertion, east west control).
- Engineer remote access/telework, edge footprints, and mission partner/coalition interconnects with explicit security demarcation and monitoring.
Campus & Branch
- Define campus access, distribution, and core designs with 802.1X, posture assessment, guest/IoT segmentation.
- Establish branch patterns (SD WAN, DIA/MPLS mix, local breakout controls) with consistent policy and centralized governance.
Automation, Reliability & Observability
- Drive intent based and policy driven operations: configuration standards, golden baselines, compliance drift detection, and repeatable change.
- Establish observability requirements (model driven/streaming telemetry, logs/metrics/flows) and SLOs; ensure runbooks and test plans cover failure scenarios.
Delivery Leadership
- Lead discovery, HLD/LLD, PoCs, pilots, migrations/cutovers, and operational handoffs with minimal mission impact.
- Mentor engineers; conduct design reviews and knowledge transfers; brief senior leadership on tradeoffs and risk mitigations
Documentation & Deliverables
- Produce and maintain: Enterprise Network Standards, High/Low Level Designs (HLD/LLD), Architecture Decision Records (ADRs), Interface Control Documents (ICDs), test/validation plans, cutover plans, security overlays, addressing/IP plans, and runbooks.
Minimum Qualifications (Knowledge, Skills, and Abilities)
- Active DoD Secret Clearance required
- 10+ years designing and leading large-scale enterprise or DoD networks across data center, WAN/backbone, campus/branch domains.
- IAT III or IAM II baseline (examples: CISSP, CASP+ CE, CISM).
- Expert level knowledge of routing and switching (BGP, OSPF, IS IS), EVPN VXLAN and/or MPLS, QoS, IPv6, multicast, and network resiliency patterns.
- Demonstrated success implementing Zero Trust segmentation, 802.1X/NAC, identity aware firewall policy, and FIPS validated cryptography.
- Familiarity with hybrid/multi cloud networking patterns and IL4/5/6 operational constraints; strong grasp of RMF/STIG compliance.
- Excellent communication skills with the ability to brief senior leaders and translate technical concepts into mission impact.
PREFERRED QUALIFICATIONS
- Top Secret/ SCI Clearance
- Bachelor’s degree in computer science, Information Technology, or equivalent combination of education and experience (4 additional years of relevant experience may substitute for a degree).
- ITIL, TOGAF, or other architecture frameworks.
- CCIE (Enterprise Infrastructure, Security, or Data Center), CCNP (Enterprise, Service Provider, or Security) or equivalent expert credentials (JNCIE, NSE 7/8, PCNSE).
- ITIL® 4 Foundation (service alignment) and an architecture framework credential (TOGAF/DoDAF familiarity).
- Cloud networking foundations (e.g., AWS/Azure associate level) helpful for hybrid designs.
- Prior experience supporting the Missile Defense Agency (MDA) or other DoD organizations.
- Experience with software-defined networking (SDN), automation, and cross-domain solutions.
Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.
While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.
Northern Technologies Group is an equal opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law.
Travel
10%
Shift
Normal office hours that align with the core hours of the customer
Note
The salary range listed represents a good faith estimate and is provided in compliance with applicable pay transparency laws. The final compensation offered will be determined based on a variety of factors, including your skills, experience, qualifications, internal equity, and market conditions.
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. This document does not create an employment contract, implied or otherwise, other than an “at will” relationship.
 
			 
			 
			 
			