Security Architect

Key Responsibilities

• Architect end-to-end security solutions: Design secure network architectures incorporating NGFW, segmentation, NAC, and Zero Trust principles across campus, data center, and cloud environments.

• Lead firewall and threat defense strategy: Implement Cisco Firepower Threat Defense (FTD) and Firewall Management Center (FMC) policies, optimize multi-vendor NGFW (Cisco, Palo Alto, Fortinet) deployments, and ensure high availability.

• DDoS protection and mitigation: Design and operationalize Radware DDoS and NTT GIN DDoS solutions for critical infrastructure resilience.

• Identity and access control: Architect Cisco ISE for policy enforcement, NAC posture, and segmentation; integrate Cisco DUO for MFA and Zero Trust access.

• Secure visibility and analytics: Deploy Cisco Secure Network Analytics (SNA), ThousandEyes, and Grafana dashboards for real-time threat detection and performance monitoring.

• Cloud and SaaS security: Implement Cisco Umbrella for DNS-layer protection and CSSPM for cloud posture management.

• Automation and orchestration: Develop SOAR workflows, optimize SIEM/XDR integrations, and drive security automation using Python, Ansible, and API-based frameworks.

• Governance and compliance: Produce HLD/LLD, security standards, segmentation policies, and compliance artifacts; contribute to reusable templates and reference architectures.

• Mentorship and leadership: Guide engineering teams through design reviews, security best practices, and operational enablement sessions.

• Stakeholder engagement: Collaborate with network, cloud, and application teams to align security architecture with business objectives and measurable outcomes.

Required Qualifications (Must-Have)

• 10+ years in enterprise security architecture and engineering, including 3–5+ years leading multi-vendor NGFW and advanced security solutions at scale.

• Proven hands-on expertise with Cisco FTD/FMC, Radware DDoS, Cisco Umbrella, Cisco ISE, Cisco DUO, and Cisco Secure Network Analytics.

• Strong experience with ThousandEyes, Grafana, and observability-driven security analytics.

• Deep knowledge of SIEM, SOAR, XDR, and security automation frameworks.

• Demonstrated success in segmentation design, NAC posture enforcement, and Zero Trust implementation.

Preferred Qualifications

• Cisco Certified Specialist or CCIE Security; certifications in Palo Alto, Fortinet, or cloud security (AWS/Azure).

• Experience with CSSPM, ARP optimization, and advanced threat intelligence platforms.

• Familiarity with Catalyst Center for integrated automation and assurance.

• Strong scripting and automation skills (Python, Ansible, Terraform).

Work Style & Travel

• Must be able to work onsite at client locations as required.

• Off-hours change windows may be needed for critical security migrations and incident response.

Applicants must be legally authorized to work in the United States at the time of application and must not require sponsorship for employment visa status now or in the future.

Where required by law, NTT DATA provides a reasonable range of compensation for specific roles. The starting salary range for this onsite role is $160K-$190K plus bonus. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on several factors, including the candidate's actual work location, relevant experience, technical skills, and other qualifications.

This position is eligible for company benefits that will depend on the nature of the role offered. Company benefits may include medical, dental, and vision insurance, flexible spending or health savings account, life, and AD&D insurance, short-and long-term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally required benefits.