Infrastructure Security Architect

Who We AreNTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.What You’ll Be DoingCreate security architecture designs for network/infrastructure projects under supervision.Develop network diagrams, security zone models, and data flow diagrams following standards.Document design decisions and contribute to reference architectures and reusable patterns.Design firewall architectures, segmentation strategies, DMZ configurations, and VPN solutions.Create detailed rulesets, access control lists, and security policy designs.Support implementation of network security controls and document configurations.Design solutions for SIEM, endpoint protection, and monitoring platforms.Create technical specifications and integration approaches for security tools.Support proof-of-concept activities and vendor/product evaluations.Develop hardening standards and secure baseline configurations aligned with CIS Benchmarks.Create security configuration policies, validation procedures, and automation approaches.Document requirements and support configuration assessments and remediation planning.Produce architecture documents, diagrams, and design specifications under supervision.Maintain design repositories, configuration management, and technical guidelines.Contribute to governance processes and write operational runbooks.Support architecture reviews, gap analyses, and compliance assessments.Validate security controls against design requirements and identify weaknesses.Document findings, risks, and remediation recommendations.What You'll Bring AlongBachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related fieldMinimum 5–10 years of experience in cybersecurity or IT security rolesSolid understanding of security architecture principles and design patternsKnowledge of network security architectures including defense in depth and zero trustUnderstanding of security zone models, network segmentation, and DMZ designsFamiliarity with security frameworks (NIST CSF, ISO 27001, CIS Controls)Awareness of secure design principles for cloud and hybrid environmentsNetwork security: Firewalls, IPS/IDS, VPNs, proxies, NAC, load balancersNetwork protocols: Deep TCP/IP knowledge, routing protocols (BGP, OSPF), MPLSSwitching and routing: VLANs, VXLANs, spanning tree, port securitySecurity platforms: Palo Alto, Cisco ASA/Firepower, Fortinet, Check PointVirtualization: VMware NSX, network virtualization, micro-segmentationSIEM platforms: Splunk, QRadar, Azure Sentinel, ELK StackEndpoint protection: CrowdStrike, Carbon Black, Microsoft DefenderNetwork monitoring: NetFlow, IPFIX, packet capture, network behavior analysisIdentity and access: Active Directory, Azure AD, LDAP, RADIUS, TACACS+Cloud security: AWS VPC, Azure Virtual Networks, GCP VPC securityDiagramming: Microsoft Visio, Lucidchart, draw.io, enterprise architecture toolsInfrastructure as Code: Terraform, CloudFormation, Ansible basicsVersion control: Git, document management systemsCollaboration: Confluence, SharePoint, technical wikisProject management: Jira, ServiceNow, project documentation toolsClear technical communication with engineering teams and stakeholdersAbility to translate security requirements into technical designsCollaborative approach to working with network, infrastructure, and security teamsProblem-solving skills for complex security design challengesAttention to detail in technical specifications and documentationTime management and ability to prioritize multiple design activitiesCCNA Security or SSCP (Systems Security Certified Practitioner) - MandatoryNetwork security certification: Fortinet NSE4, Palo Alto PCNSA/PCNSE, or Cisco CyberOps - RequiredSecurity+ or equivalent foundation certification - RequiredWorking toward: CISSP Associate, CCNP Security, or security architecture certifications Excellent command of both spoken and written English.